From 839a7af4775d2db733e8184bc0dcfb2f534bb178 Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Mon, 18 Sep 2023 13:59:33 -0700 Subject: [PATCH 1/3] Adds base for updating Microsoft.SecurityInsights from version preview/2023-08-01-preview to version 2023-09-01-preview --- .../2023-09-01-preview/AlertRules.json | 2543 ++++++++++++++ .../2023-09-01-preview/AutomationRules.json | 1495 ++++++++ .../2023-09-01-preview/BillingStatistics.json | 226 ++ .../preview/2023-09-01-preview/Bookmarks.json | 751 ++++ .../2023-09-01-preview/ContentPackages.json | 310 ++ .../ContentProductPackages.json | 231 ++ .../ContentProductTemplates.json | 217 ++ .../2023-09-01-preview/ContentTemplates.json | 330 ++ .../2023-09-01-preview/Enrichment.json | 381 ++ .../preview/2023-09-01-preview/Entities.json | 1556 ++++++++ .../2023-09-01-preview/EntityQueries.json | 507 +++ .../EntityQueryTemplates.json | 304 ++ .../2023-09-01-preview/FileImports.json | 564 +++ .../preview/2023-09-01-preview/Hunts.json | 994 ++++++ .../preview/2023-09-01-preview/Incidents.json | 1658 +++++++++ .../preview/2023-09-01-preview/Metadata.json | 774 ++++ .../2023-09-01-preview/OfficeConsents.json | 234 ++ .../2023-09-01-preview/OnboardingStates.json | 284 ++ .../2023-09-01-preview/Recommendations.json | 564 +++ .../SecurityMLAnalyticsSettings.json | 444 +++ .../preview/2023-09-01-preview/Settings.json | 423 +++ .../2023-09-01-preview/SourceControls.json | 971 +++++ .../ThreatIntelligence.json | 1097 ++++++ .../TriggeredAnalyticsRuleRuns.json | 353 ++ .../2023-09-01-preview/Watchlists.json | 721 ++++ .../WorkspaceManagerAssignments.json | 737 ++++ .../WorkspaceManagerConfigurations.json | 323 ++ .../WorkspaceManagerGroups.json | 318 ++ .../WorkspaceManagerMembers.json | 310 ++ .../2023-09-01-preview/common/AlertTypes.json | 81 + .../common/ContentCommonTypes.json | 637 ++++ .../common/EntityTypes.json | 2550 ++++++++++++++ .../common/IncidentTypes.json | 246 ++ .../common/RelationTypes.json | 95 + .../common/ThreatIntelligenceTypes.json | 48 + .../dataConnectorDefinitions.json | 737 ++++ .../2023-09-01-preview/dataConnectors.json | 3118 +++++++++++++++++ .../actions/CreateActionOfAlertRule.json | 43 + .../actions/DeleteActionOfAlertRule.json | 14 + .../actions/GetActionOfAlertRuleById.json | 24 + .../actions/GetAllActionsByAlertRule.json | 27 + .../GetAlertRuleTemplateById.json | 53 + .../GetAlertRuleTemplates.json | 238 ++ .../alertRules/CreateFusionAlertRule.json | 845 +++++ ...nAlertRuleWithFusionScenarioExclusion.json | 851 +++++ ...softSecurityIncidentCreationAlertRule.json | 58 + .../alertRules/CreateNrtAlertRule.json | 136 + .../alertRules/CreateScheduledAlertRule.json | 270 ++ .../examples/alertRules/DeleteAlertRule.json | 13 + .../examples/alertRules/GetAllAlertRules.json | 412 +++ .../alertRules/GetFusionAlertRule.json | 310 ++ ...softSecurityIncidentCreationAlertRule.json | 30 + .../examples/alertRules/GetNrtAlertRule.json | 55 + .../alertRules/GetScheduledAlertRule.json | 95 + .../AutomationRules_CreateOrUpdate.json | 171 + .../AutomationRules_Delete.json | 17 + .../automationRules/AutomationRules_Get.json | 65 + .../automationRules/AutomationRules_List.json | 68 + .../GetAllBillingStatistics.json | 26 + .../GetBillingStatistic.json | 23 + .../examples/bookmarks/CreateBookmark.json | 143 + .../examples/bookmarks/DeleteBookmark.json | 13 + .../examples/bookmarks/GetBookmarkById.json | 64 + .../examples/bookmarks/GetBookmarks.json | 67 + .../bookmarks/expand/PostExpandBookmark.json | 43 + .../relations/CreateBookmarkRelation.json | 43 + .../relations/DeleteBookmarkRelation.json | 14 + .../relations/GetAllBookmarkRelations.json | 28 + .../relations/GetBookmarkRelationByName.json | 25 + .../contentPackages/GetPackageById.json | 34 + .../examples/contentPackages/GetPackages.json | 39 + .../GetProductPackageById.json | 76 + .../contentPackages/GetProductPackages.json | 78 + .../contentPackages/InstallPackage.json | 151 + .../contentPackages/UninstallPackage.json | 13 + .../contentTemplates/DeleteTemplate.json | 13 + .../GetProductTemplateById.json | 43 + .../contentTemplates/GetProductTemplates.json | 45 + .../contentTemplates/GetTemplateById.json | 41 + .../contentTemplates/GetTemplates.json | 43 + .../contentTemplates/InstallTemplate.json | 228 ++ ...teCustomizableDataConnectorDefinition.json | 264 ++ .../DeleteDataConnectorDefinitionById.json | 13 + ...stomizableDataConnectoeDefinitionById.json | 101 + .../GetDataConnectorDefinitions.json | 100 + ...CheckRequirementsAzureActiveDirectory.json | 22 + ...tsAzureActiveDirectoryNoAuthorization.json | 22 + ...irementsAzureActiveDirectoryNoLicense.json | 22 + .../CheckRequirementsAzureSecurityCenter.json | 22 + .../CheckRequirementsDynamics365.json | 22 + .../dataConnectors/CheckRequirementsIoT.json | 22 + .../CheckRequirementsMdatp.json | 22 + ...RequirementsMicrosoftCloudAppSecurity.json | 22 + ...MicrosoftPurviewInformationProtection.json | 22 + ...quirementsMicrosoftThreatIntelligence.json | 22 + ...RequirementsMicrosoftThreatProtection.json | 22 + .../CheckRequirementsOffice365Project.json | 22 + .../CheckRequirementsOfficeATP.json | 22 + .../CheckRequirementsOfficeIRM.json | 22 + .../CheckRequirementsOfficePowerBI.json | 22 + .../CheckRequirementsThreatIntelligence.json | 22 + ...ckRequirementsThreatIntelligenceTaxii.json | 22 + .../dataConnectors/ConnectAPIPolling.json | 24 + .../ConnectAPIPollingV2Logs.json | 27 + .../dataConnectors/CreateAPIPolling.json | 368 ++ .../CreateDynamics365DataConnetor.json | 57 + .../dataConnectors/CreateGenericUI.json | 437 +++ .../CreateGoogleCloudPlatform.json | 92 + ...viewInformationProtectionDataConnetor.json | 57 + ...rosoftThreatIntelligenceDataConnector.json | 59 + ...MicrosoftThreatProtectionDataConnetor.json | 81 + .../CreateOffice365ProjectDataConnetor.json | 57 + .../CreateOfficeDataConnetor.json | 75 + .../CreateOfficePowerBIDataConnector.json | 57 + ...CreateThreatIntelligenceDataConnector.json | 59 + ...eThreatIntelligenceTaxiiDataConnector.json | 81 + .../dataConnectors/DeleteAPIPolling.json | 13 + .../dataConnectors/DeleteGenericUI.json | 13 + .../DeleteGoogleCloudPlatform.json | 13 + ...viewInformationProtectionDataConnetor.json | 13 + ...rosoftThreatIntelligenceDataConnector.json | 13 + .../DeleteOffice365ProjectDataConnetor.json | 13 + .../DeleteOfficeDataConnetor.json | 13 + .../DeleteOfficePowerBIDataConnetor.json | 13 + .../dataConnectors/DisconnectAPIPolling.json | 13 + .../dataConnectors/GetAPIPolling.json | 133 + .../GetAmazonWebServicesCloudTrailById.json | 28 + .../GetAmazonWebServicesS3ById.json | 32 + .../GetAzureActiveDirectoryById.json | 28 + .../GetAzureAdvancedThreatProtectionById.json | 28 + .../GetAzureSecurityCenterById.json | 28 + .../dataConnectors/GetDataConnectors.json | 508 +++ .../GetDynamics365DataConnectorById.json | 28 + .../examples/dataConnectors/GetGenericUI.json | 156 + .../GetGoogleCloudPlatformById.json | 35 + .../examples/dataConnectors/GetIoTById.json | 28 + .../GetMicrosoftCloudAppSecurityById.json | 31 + ...tDefenderAdvancedThreatProtectionById.json | 28 + ...GetMicrosoftInsiderRiskManagementById.json | 28 + ...InformationProtectionDataConnetorById.json | 28 + .../GetMicrosoftThreatIntelligenceById.json | 29 + .../GetMicrosoftThreatProtectionById.json | 36 + ...Office365AdvancedThreatProtectionById.json | 28 + .../GetOffice365ProjectDataConnetorById.json | 28 + .../GetOfficeDataConnetorById.json | 34 + .../GetOfficePowerBIDataConnetorById.json | 28 + .../GetThreatIntelligenceById.json | 29 + .../GetThreatIntelligenceTaxiiById.json | 36 + .../examples/enrichment/GetGeodataByIp.json | 31 + .../enrichment/GetWhoisByDomainName.json | 87 + .../entities/GetAccountEntityById.json | 32 + .../entities/GetAzureResourceEntityById.json | 24 + .../GetCloudApplicationEntityById.json | 25 + .../examples/entities/GetDnsEntityById.json | 26 + .../examples/entities/GetEntities.json | 63 + .../examples/entities/GetFileEntityById.json | 24 + .../entities/GetFileHashEntityById.json | 24 + .../examples/entities/GetHostEntityById.json | 31 + .../entities/GetIoTDeviceEntityById.json | 45 + .../examples/entities/GetIpEntityById.json | 23 + .../entities/GetMailClusterEntityById.json | 44 + .../entities/GetMailMessageEntityById.json | 48 + .../entities/GetMailboxEntityById.json | 26 + .../entities/GetMalwareEntityById.json | 24 + .../entities/GetProcessEntityById.json | 25 + .../examples/entities/GetQueries.json | 456 +++ .../entities/GetRegistryKeyEntityById.json | 24 + .../entities/GetRegistryValueEntityById.json | 26 + .../entities/GetSecurityAlertEntityById.json | 51 + .../entities/GetSecurityGroupEntityById.json | 25 + .../entities/GetSubmissionMailEntityById.json | 29 + .../examples/entities/GetUrlEntityById.json | 23 + .../entities/expand/PostExpandEntity.json | 52 + .../entities/insights/PostGetInsights.json | 100 + .../relations/GetAllEntityRelations.json | 28 + .../relations/GetEntityRelationByName.json | 25 + .../entities/timeline/PostTimelineEntity.json | 92 + .../CreateEntityQueryActivity.json | 133 + .../entityQueries/DeleteEntityQuery.json | 13 + .../GetActivityEntityQueryById.json | 54 + .../entityQueries/GetEntityQueries.json | 59 + .../GetExpansionEntityQueryById.json | 34 + .../GetActivityEntityQueryTemplateById.json | 57 + .../GetEntityQueryTemplates.json | 105 + .../fileImports/CreateFileImport.json | 49 + .../fileImports/DeleteFileImport.json | 41 + .../fileImports/GetFileImportById.json | 37 + .../examples/fileImports/GetFileImports.json | 42 + .../examples/hunts/CreateHunt.json | 100 + .../examples/hunts/CreateHuntComment.json | 56 + .../examples/hunts/CreateHuntRelation.json | 53 + .../examples/hunts/DeleteHunt.json | 14 + .../examples/hunts/DeleteHuntComment.json | 15 + .../examples/hunts/DeleteHuntRelation.json | 15 + .../examples/hunts/GetHuntById.json | 43 + .../examples/hunts/GetHuntCommentById.json | 32 + .../examples/hunts/GetHuntComments.json | 27 + .../examples/hunts/GetHuntRelationById.json | 29 + .../examples/hunts/GetHuntRelations.json | 32 + .../examples/hunts/GetHunts.json | 46 + .../IncidentAlerts/Incidents_ListAlerts.json | 50 + .../Incidents_ListBookmarks.json | 47 + .../IncidentComments_CreateOrUpdate.json | 55 + .../IncidentComments_Delete.json | 14 + .../IncidentComments_Get.json | 31 + .../IncidentComments_List.json | 34 + .../Incidents_ListEntities.json | 34 + .../IncidentTasks_CreateOrUpdate.json | 73 + .../IncidentTasks/IncidentTasks_Delete.json | 14 + .../IncidentTasks/IncidentTasks_Get.json | 39 + .../IncidentTasks/IncidentTasks_List.json | 42 + .../IncidentTeam/Incidents_CreateTeam.json | 26 + .../incidents/Incidents_CreateOrUpdate.json | 136 + .../examples/incidents/Incidents_Delete.json | 13 + .../examples/incidents/Incidents_Get.json | 63 + .../examples/incidents/Incidents_List.json | 68 + .../relations/CreateIncidentRelation.json | 43 + .../relations/DeleteIncidentRelation.json | 14 + .../relations/GetAllIncidentRelations.json | 40 + .../relations/GetIncidentRelationByName.json | 25 + .../manualTrigger/Entities_RunPlaybook.json | 17 + .../manualTrigger/Incidents_RunPlaybook.json | 18 + .../examples/metadata/DeleteMetadata.json | 13 + .../examples/metadata/GetAllMetadata.json | 64 + .../metadata/GetAllMetadataOData.json | 52 + .../examples/metadata/GetMetadata.json | 104 + .../examples/metadata/PatchMetadata.json | 35 + .../examples/metadata/PutMetadata.json | 286 ++ .../examples/metadata/PutMetadataMinimal.json | 40 + .../officeConsents/DeleteOfficeConsents.json | 13 + .../officeConsents/GetOfficeConsents.json | 25 + .../officeConsents/GetOfficeConsentsById.json | 22 + .../CreateSentinelOnboardingState.json | 36 + .../DeleteSentinelOnboardingState.json | 13 + .../GetAllSentinelOnboardingStates.json | 24 + .../GetSentinelOnboardingState.json | 21 + .../examples/operations/ListOperations.json | 563 +++ .../recommendations/GetRecommendation.json | 48 + .../recommendations/GetRecommendations.json | 51 + .../recommendations/PatchRecommendation.json | 56 + .../repositories/GetRepositories.json | 25 + ...eateAnomalySecurityMLAnalyticsSetting.json | 245 ++ .../DeleteSecurityMLAnalyticsSetting.json | 13 + .../GetAllSecurityMLAnalyticsSettings.json | 94 + .../GetAnomalySecurityMLAnalyticsSetting.json | 91 + .../settings/DeleteEyesOnSetting.json | 13 + .../examples/settings/GetAllSettings.json | 25 + .../examples/settings/GetEyesOnSetting.json | 22 + .../settings/UpdateEyesOnSetting.json | 28 + .../sourcecontrols/CreateSourceControl.json | 162 + .../sourcecontrols/DeleteSourceControl.json | 27 + .../sourcecontrols/GetSourceControlById.json | 75 + .../sourcecontrols/GetSourceControls.json | 78 + .../AppendTagsThreatIntelligence.json | 18 + .../CollectThreatIntelligenceMetrics.json | 43 + .../CreateThreatIntelligence.json | 100 + .../DeleteThreatIntelligence.json | 13 + .../GetThreatIntelligence.json | 76 + .../GetThreatIntelligenceById.json | 43 + .../QueryThreatIntelligence.json | 107 + .../ReplaceTagsThreatIntelligence.json | 52 + .../UpdateThreatIntelligence.json | 101 + .../triggerRuleRun_Post.json | 23 + .../triggeredAnalyticsRuleRun_Get.json | 29 + .../triggeredAnalyticsRuleRuns_Get.json | 48 + .../examples/watchlists/CreateWatchlist.json | 88 + .../CreateWatchlistAndWatchlistItems.json | 92 + .../watchlists/CreateWatchlistItem.json | 92 + .../examples/watchlists/DeleteWatchlist.json | 18 + .../watchlists/DeleteWatchlistItem.json | 15 + .../watchlists/GetWatchlistByAlias.json | 50 + .../watchlists/GetWatchlistItemById.json | 47 + .../watchlists/GetWatchlistItems.json | 50 + .../examples/watchlists/GetWatchlists.json | 53 + .../CreateJob.json | 24 + ...ateOrUpdateWorkspaceManagerAssignment.json | 62 + .../DeleteJob.json | 14 + .../DeleteWorkspaceManagerAssignment.json | 13 + .../GetAllJobs.json | 46 + .../GetAllWorkspaceManagerAssignments.json | 35 + .../workspaceManagerAssignments/GetJob.json | 43 + .../GetWorkspaceManagerAssignment.json | 32 + ...OrUpdateWorkspaceManagerConfiguration.json | 38 + .../DeleteWorkspaceManagerConfiguration.json | 13 + .../GetAllWorkspaceManagerConfigurations.json | 25 + .../GetWorkspaceManagerConfiguration.json | 22 + .../CreateOrUpdateWorkspaceManagerGroup.json | 53 + .../DeleteWorkspaceManagerGroup.json | 13 + .../GetAllWorkspaceManagerGroups.json | 30 + .../GetWorkspaceManagerGroup.json | 27 + .../CreateOrUpdateWorkspaceManagerMember.json | 41 + .../DeleteWorkspaceManagerMember.json | 13 + .../GetAllWorkspaceManagerMembers.json | 26 + .../GetWorkspaceManagerMember.json | 23 + .../2023-09-01-preview/operations.json | 138 + 295 files changed, 43883 insertions(+) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AlertRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AutomationRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/BillingStatistics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Bookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Enrichment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Entities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueryTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/FileImports.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Hunts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Incidents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Metadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OnboardingStates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Recommendations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SecurityMLAnalyticsSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Settings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SourceControls.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/TriggeredAnalyticsRuleRuns.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Watchlists.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerAssignments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerConfigurations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerGroups.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerMembers.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/AlertTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ContentCommonTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/EntityTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/IncidentTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/RelationTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ThreatIntelligenceTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectorDefinitions.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectors.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/CreateActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/DeleteActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetActionOfAlertRuleById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetAllActionsByAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateNrtAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/DeleteAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetAllAlertRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetNrtAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetAllBillingStatistics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetBillingStatistic.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/CreateBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/DeleteBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarkById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/InstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/UninstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/DeleteTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/InstallTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsIoT.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDataConnectors.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetIoTById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetGeodataByIp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetWhoisByDomainName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAccountEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAzureResourceEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetCloudApplicationEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetDnsEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileHashEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetHostEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIoTDeviceEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIpEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailClusterEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailMessageEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailboxEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMalwareEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetProcessEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryKeyEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryValueEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityAlertEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityGroupEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSubmissionMailEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetUrlEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/expand/PostExpandEntity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/insights/PostGetInsights.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetAllEntityRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetEntityRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/timeline/PostTimelineEntity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/DeleteEntityQuery.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetEntityQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/CreateFileImport.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/DeleteFileImport.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImportById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImports.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntCommentById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntComments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelationById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHunts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Entities_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/DeleteMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadataOData.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PatchMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadataMinimal.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/operations/ListOperations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/PatchRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/repositories/GetRepositories.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/DeleteEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetAllSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/UpdateEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/CreateSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControlById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControls.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistByAlias.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItemById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlists.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/operations.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AlertRules.json new file mode 100644 index 000000000000..02c8027cd949 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AlertRules.json @@ -0,0 +1,2543 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "x-ms-examples": { + "Get all alert rules.": { + "$ref": "./examples/alertRules/GetAllAlertRules.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "operationId": "AlertRules_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get a Scheduled alert rule.": { + "$ref": "./examples/alertRules/GetScheduledAlertRule.json" + }, + "Get an Nrt alert rule.": { + "$ref": "./examples/alertRules/GetNrtAlertRule.json" + }, + "Get a Fusion alert rule.": { + "$ref": "./examples/alertRules/GetFusionAlertRule.json" + }, + "Get a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets the alert rule.", + "operationId": "AlertRules_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a Scheduled alert rule.": { + "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" + }, + "Creates or updates a Nrt alert rule.": { + "$ref": "./examples/alertRules/CreateNrtAlertRule.json" + }, + "Creates or updates a Fusion alert rule.": { + "$ref": "./examples/alertRules/CreateFusionAlertRule.json" + }, + "Creates or updates a Fusion alert rule with scenario exclusion pattern.": { + "$ref": "./examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json" + }, + "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "operationId": "AlertRules_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AlertRule" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an alert rule.": { + "$ref": "./examples/alertRules/DeleteAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "operationId": "AlertRules_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { + "get": { + "x-ms-examples": { + "Get all actions of alert rule.": { + "$ref": "./examples/actions/GetAllActionsByAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets all actions of alert rule.", + "operationId": "Actions_ListByAlertRule", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { + "get": { + "x-ms-examples": { + "Get an action of alert rule.": { + "$ref": "./examples/actions/GetActionOfAlertRuleById.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets the action of alert rule.", + "operationId": "Actions_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an action of alert rule.": { + "$ref": "./examples/actions/CreateActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Creates or updates the action of alert rule.", + "operationId": "Actions_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + }, + { + "$ref": "#/parameters/Action" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an action of alert rule.": { + "$ref": "./examples/actions/DeleteActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Delete the action of alert rule.", + "operationId": "Actions_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { + "get": { + "x-ms-examples": { + "Get all alert rule templates.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets all alert rule templates.", + "operationId": "AlertRuleTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRuleTemplatesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { + "get": { + "x-ms-examples": { + "Get alert rule template by Id.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets the alert rule template.", + "operationId": "AlertRuleTemplates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AlertRuleTemplateId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "Action": { + "description": "The action", + "in": "body", + "name": "action", + "required": true, + "schema": { + "$ref": "#/definitions/ActionRequest" + }, + "x-ms-parameter-location": "method" + }, + "ActionId": { + "description": "Action ID", + "in": "path", + "name": "actionId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AlertRule": { + "description": "The alert rule", + "in": "body", + "name": "alertRule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" + }, + "AlertRuleTemplateId": { + "description": "Alert rule template ID", + "in": "path", + "name": "alertRuleTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "AlertRule": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Alert rule.", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKindEnum", + "description": "The kind of the alert rule" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "AlertRuleKindEnum": { + "description": "The kind of the alert rule", + "enum": [ + "Scheduled", + "MicrosoftSecurityIncidentCreation", + "Fusion", + "MLBehaviorAnalytics", + "ThreatIntelligence", + "NRT" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertRuleKind", + "values": [ + { + "value": "Scheduled" + }, + { + "value": "MicrosoftSecurityIncidentCreation" + }, + { + "value": "Fusion" + }, + { + "value": "MLBehaviorAnalytics" + }, + { + "value": "ThreatIntelligence" + }, + { + "value": "NRT" + } + ] + } + }, + "AlertRuleTemplate": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Alert rule template.", + "discriminator": "kind", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKindEnum", + "description": "The kind of the alert rule" + } + }, + "required": [ + "kind" + ] + }, + "AlertRuleTemplateDataSource": { + "description": "alert rule template data sources", + "properties": { + "connectorId": { + "description": "The connector id that provides the following data types", + "type": "string" + }, + "dataTypes": { + "description": "The data types used by the alert rule template", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AlertRuleTemplatePropertiesBase": { + "description": "Base alert rule template property bag.", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "type": "integer", + "format": "int32" + }, + "lastUpdatedDateUTC": { + "description": "The last time that this alert rule template has been updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data sources for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ], + "type": "array" + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status." + } + }, + "type": "object" + }, + "AlertRuleTemplateStatus": { + "description": "The alert rule template status.", + "enum": [ + "Installed", + "Available", + "NotAvailable" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "TemplateStatus", + "values": [ + { + "description": "Alert rule template installed. and can not use more then once", + "value": "Installed" + }, + { + "description": "Alert rule template is available.", + "value": "Available" + }, + { + "description": "Alert rule template is not available", + "value": "NotAvailable" + } + ] + } + }, + "AlertRuleTemplateWithMitreProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "Alert rule template with MITRE property bag.", + "properties": { + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "QueryBasedAlertRuleTemplateProperties": { + "description": "Query based alert rule template base property bag.", + "properties": { + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "version": { + "description": "The version of this template - in format , where all are numbers. For example <1.0.2>.", + "type": "string" + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "type": "object" + }, + "AlertRuleTemplatesList": { + "description": "List all the alert rule templates.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rule templates.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rule templates.", + "items": { + "$ref": "#/definitions/AlertRuleTemplate" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AlertRuleTriggerOperator": { + "description": "The operation against the threshold that triggers alert rule.", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "TriggerOperator" + } + }, + "AlertRulesList": { + "description": "List all the alert rules.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rules.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rules.", + "items": { + "$ref": "#/definitions/AlertRule" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "MLBehaviorAnalyticsAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MLBehaviorAnalytics alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MLBehaviorAnalyticsAlertRuleProperties", + "description": "MLBehaviorAnalytics alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "MLBehaviorAnalyticsAlertRuleProperties": { + "description": "MLBehaviorAnalytics alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "MLBehaviorAnalyticsAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MLBehaviorAnalytics alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + } + ], + "description": "MLBehaviorAnalytics alert rule template properties.", + "properties": { + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + } + }, + "type": "object", + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "FusionAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Fusion alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleProperties", + "description": "Fusion alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleProperties": { + "description": "Fusion alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "sourceSettings": { + "description": "Configuration for all supported source signals in fusion detection.", + "items": { + "$ref": "#/definitions/FusionSourceSettings" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "scenarioExclusionPatterns": { + "description": "Configuration to exclude scenarios in fusion detection.", + "items": { + "$ref": "#/definitions/FusionScenarioExclusionPattern" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "FusionSourceSettings": { + "description": "Represents a supported source signal configuration in Fusion detection.", + "properties": { + "enabled": { + "description": "Determines whether this source signal is enabled or disabled in Fusion detection.", + "type": "boolean" + }, + "sourceName": { + "description": "Name of the Fusion source signal. Refer to Fusion alert rule template for supported values.", + "type": "string" + }, + "sourceSubTypes": { + "description": "Configuration for all source subtypes under this source signal consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionSourceSubTypeSetting" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "enabled", + "sourceName" + ], + "type": "object" + }, + "FusionSourceSubTypeSetting": { + "description": "Represents a supported source subtype configuration under a source signal in Fusion detection.", + "properties": { + "enabled": { + "description": "Determines whether this source subtype under source signal is enabled or disabled in Fusion detection.", + "type": "boolean" + }, + "sourceSubTypeName": { + "description": "The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values.", + "type": "string" + }, + "sourceSubTypeDisplayName": { + "description": "The display name of source subtype under a source signal consumed in Fusion detection.", + "type": "string", + "readOnly": true + }, + "severityFilters": { + "description": "Severity configuration for a source subtype consumed in fusion detection.", + "$ref": "#/definitions/FusionSubTypeSeverityFilter", + "type": "object" + } + }, + "required": [ + "enabled", + "sourceSubTypeName", + "severityFilters" + ], + "type": "object" + }, + "FusionSubTypeSeverityFilter": { + "description": "Represents severity configuration for a source subtype consumed in Fusion detection.", + "properties": { + "isSupported": { + "description": "Determines whether this source subtype supports severity configuration or not.", + "type": "boolean", + "readOnly": true + }, + "filters": { + "description": "Individual Severity configuration settings for a given source subtype consumed in Fusion detection.", + "items": { + "$ref": "#/definitions/FusionSubTypeSeverityFiltersItem" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object" + }, + "FusionSubTypeSeverityFiltersItem": { + "description": "Represents a Severity filter setting for a given source subtype consumed in Fusion detection.", + "properties": { + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The Severity for a given source subtype consumed in Fusion detection." + }, + "enabled": { + "description": "Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection.", + "type": "boolean" + } + }, + "required": [ + "severity", + "enabled" + ], + "type": "object" + }, + "FusionScenarioExclusionPattern": { + "description": "Represents a Fusion scenario exclusion patterns in Fusion detection.", + "properties": { + "exclusionPattern": { + "description": "Scenario exclusion pattern.", + "type": "string" + }, + "dateAddedInUTC": { + "description": "DateTime when scenario exclusion pattern is added in UTC.", + "type": "string" + } + }, + "required": [ + "exclusionPattern", + "dateAddedInUTC" + ], + "type": "object" + }, + "FusionAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Fusion alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleTemplateProperties", + "description": "Fusion alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleTemplateProperties": { + "description": "Fusion alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastUpdatedDateUTC": { + "description": "The time that this alert rule template was last updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "sourceSettings": { + "description": "All supported source signal configurations consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionTemplateSourceSetting" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object", + "x-ms-client-flatten": true + }, + "FusionTemplateSourceSetting": { + "description": "Represents a source signal consumed in Fusion detection.", + "properties": { + "sourceName": { + "description": "The name of a source signal consumed in Fusion detection.", + "type": "string" + }, + "sourceSubTypes": { + "description": "All supported source subtypes under this source signal consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionTemplateSourceSubType" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "sourceName" + ], + "type": "object" + }, + "FusionTemplateSourceSubType": { + "description": "Represents a source subtype under a source signal consumed in Fusion detection.", + "properties": { + "sourceSubTypeName": { + "description": "The name of source subtype under a source signal consumed in Fusion detection.", + "type": "string" + }, + "sourceSubTypeDisplayName": { + "description": "The display name of source subtype under a source signal consumed in Fusion detection.", + "type": "string", + "readOnly": true + }, + "severityFilter": { + "description": "Severity configuration available for a source subtype consumed in fusion detection.", + "$ref": "#/definitions/FusionTemplateSubTypeSeverityFilter", + "type": "object" + } + }, + "required": [ + "sourceSubTypeName", + "severityFilter" + ], + "type": "object" + }, + "FusionTemplateSubTypeSeverityFilter": { + "description": "Represents severity configurations available for a source subtype consumed in Fusion detection.", + "properties": { + "isSupported": { + "description": "Determines whether severity configuration is supported for this source subtype consumed in Fusion detection.", + "type": "boolean" + }, + "severityFilters": { + "description": "List of all supported severities for this source subtype consumed in Fusion detection.", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "isSupported" + ], + "type": "object" + }, + "ThreatIntelligenceAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Threat Intelligence alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceAlertRuleProperties", + "description": "Threat Intelligence alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "ThreatIntelligenceAlertRuleProperties": { + "description": "Threat Intelligence alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "ThreatIntelligenceAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Threat Intelligence alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + } + ], + "description": "Threat Intelligence alert rule template properties", + "properties": { + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + } + }, + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "MicrosoftSecurityIncidentCreationAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", + "description": "MicrosoftSecurityIncidentCreation rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { + "description": "MicrosoftSecurityIncidentCreation rule common property bag.", + "properties": { + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" + }, + "type": "array" + } + }, + "required": [ + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityProductName": { + "description": "The alerts' productName on which the cases will be generated", + "enum": [ + "Microsoft Cloud App Security", + "Azure Security Center", + "Azure Advanced Threat Protection", + "Azure Active Directory Identity Protection", + "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", + "Microsoft Defender Advanced Threat Protection" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MicrosoftSecurityProductName" + } + }, + "MicrosoftSecurityIncidentCreationAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "displayName", + "enabled", + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "required": [ + "displayName", + "description", + "createdDateUTC", + "status", + "alertRulesCreatedByTemplateCount", + "productFilter" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "properties": { + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" + }, + "type": "array" + } + }, + "type": "object", + "x-ms-client-flatten": true + }, + "ScheduledAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ], + "description": "Scheduled alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "templateVersion": { + "description": "The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2>", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "suppressionDuration": { + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", + "format": "duration", + "type": "string" + }, + "suppressionEnabled": { + "description": "Determines whether the suppression for this alert rule is enabled or disabled.", + "type": "boolean" + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + } + }, + "required": [ + "displayName", + "enabled", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "suppressionEnabled", + "suppressionDuration" + ], + "type": "object", + "x-ms-client-flatten": true + }, + "NrtAlertRuleProperties": { + "description": "Nrt alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "templateVersion": { + "description": "The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2>", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "suppressionDuration": { + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", + "format": "duration", + "type": "string" + }, + "suppressionEnabled": { + "description": "Determines whether the suppression for this alert rule is enabled or disabled.", + "type": "boolean" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "required": [ + "displayName", + "enabled", + "severity", + "query", + "suppressionEnabled", + "suppressionDuration" + ], + "type": "object", + "x-ms-client-flatten": true + }, + "ScheduledAlertRuleTemplateProperties": { + "description": "Scheduled alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastUpdatedDateUTC": { + "description": "The time that this alert rule template was last updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "format": "int32", + "type": "integer" + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "version": { + "description": "The version of this template - in format , where all are numbers. For example <1.0.2>.", + "type": "string" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "type": "object" + }, + "ScheduledAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents scheduled alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleTemplateProperties", + "description": "Scheduled alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "alertRulesCreatedByTemplateCount", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "version" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "NrtAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents NRT alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + }, + { + "$ref": "#/definitions/QueryBasedAlertRuleTemplateProperties" + } + ], + "description": "NRT alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "alertRulesCreatedByTemplateCount", + "severity", + "query", + "version" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "NRT" + }, + "EventGroupingSettings": { + "description": "Event grouping settings property bag.", + "properties": { + "aggregationKind": { + "$ref": "#/definitions/EventGroupingAggregationKind" + } + }, + "type": "object" + }, + "EventGroupingAggregationKind": { + "description": "The event grouping aggregation kinds", + "enum": [ + "SingleAlert", + "AlertPerResult" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EventGroupingAggregationKind" + } + }, + "ScheduledAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents scheduled alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleProperties", + "description": "Scheduled alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "NrtAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents NRT alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/NrtAlertRuleProperties", + "description": "NRT alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "NRT" + }, + "ScheduledAlertRuleCommonProperties": { + "description": "Scheduled alert rule template property bag.", + "properties": { + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "type": "integer", + "format": "int32" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "type": "object" + }, + "EntityMappings": { + "description": "List of entity mappings of the alert rule", + "type": "array", + "items": { + "$ref": "#/definitions/EntityMapping" + }, + "x-ms-identifiers": [] + }, + "EntityMapping": { + "description": "Single entity mapping for the alert rule", + "properties": { + "entityType": { + "$ref": "#/definitions/EntityMappingType" + }, + "fieldMappings": { + "description": "array of field mappings for the given entity mapping", + "type": "array", + "items": { + "$ref": "#/definitions/FieldMapping" + }, + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "FieldMapping": { + "description": "A single field mapping of the mapped entity", + "properties": { + "identifier": { + "description": "the V3 identifier of the entity", + "type": "string" + }, + "columnName": { + "description": "the column name to be mapped to the identifier", + "type": "string" + } + }, + "type": "object" + }, + "SentinelEntitiesMappings": { + "description": "List of sentinel entity mappings of the alert rule", + "type": "array", + "items": { + "$ref": "#/definitions/SentinelEntityMapping" + }, + "x-ms-identifiers": [] + }, + "SentinelEntityMapping": { + "description": "A single sentinel entity mapping", + "properties": { + "columnName": { + "description": "the column name to be mapped to the SentinelEntities", + "type": "string" + } + }, + "type": "object" + }, + "AlertDetailsOverride": { + "description": "Settings for how to dynamically override alert static details", + "properties": { + "alertDisplayNameFormat": { + "description": "the format containing columns name(s) to override the alert name", + "type": "string" + }, + "alertDescriptionFormat": { + "description": "the format containing columns name(s) to override the alert description", + "type": "string" + }, + "alertTacticsColumnName": { + "description": "the column name to take the alert tactics from", + "type": "string" + }, + "alertSeverityColumnName": { + "description": "the column name to take the alert severity from", + "type": "string" + }, + "alertDynamicProperties": { + "description": "List of additional dynamic properties to override", + "type": "array", + "items": { + "$ref": "#/definitions/AlertPropertyMapping" + }, + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "AlertPropertyMapping": { + "description": "A single alert property mapping to override", + "properties": { + "alertProperty": { + "$ref": "#/definitions/AlertProperty" + }, + "value": { + "description": "the column name to use to override this property", + "type": "string" + } + }, + "type": "object" + }, + "IncidentConfiguration": { + "description": "Incident Configuration property bag.", + "properties": { + "createIncident": { + "description": "Create incidents from alerts triggered by this analytics rule", + "type": "boolean" + }, + "groupingConfiguration": { + "$ref": "#/definitions/GroupingConfiguration", + "description": "Set how the alerts that are triggered by this analytics rule, are grouped into incidents" + } + }, + "type": "object", + "required": [ + "createIncident" + ] + }, + "GroupingConfiguration": { + "description": "Grouping configuration property bag.", + "properties": { + "enabled": { + "description": "Grouping enabled", + "type": "boolean" + }, + "reopenClosedIncident": { + "description": "Re-open closed matching incidents", + "type": "boolean" + }, + "lookbackDuration": { + "description": "Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "matchingMethod": { + "description": "Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.", + "enum": [ + "AllEntities", + "AnyAlert", + "Selected" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MatchingMethod", + "values": [ + { + "description": "Grouping alerts into a single incident if all the entities match", + "value": "AllEntities" + }, + { + "description": "Grouping any alerts triggered by this rule into a single incident", + "value": "AnyAlert" + }, + { + "description": "Grouping alerts into a single incident if the selected entities, custom details and alert details match", + "value": "Selected" + } + ] + } + }, + "groupByEntities": { + "description": "A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.", + "items": { + "$ref": "#/definitions/EntityMappingType" + }, + "type": "array" + }, + "groupByAlertDetails": { + "description": "A list of alert details to group by (when matchingMethod is Selected)", + "items": { + "description": "Alert detail", + "enum": [ + "DisplayName", + "Severity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertDetail", + "values": [ + { + "description": "Alert display name", + "value": "DisplayName" + }, + { + "description": "Alert severity", + "value": "Severity" + } + ] + } + }, + "type": "array" + }, + "groupByCustomDetails": { + "description": "A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "enabled", + "reopenClosedIncident", + "lookbackDuration", + "matchingMethod" + ] + }, + "ActionRequest": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionRequestProperties", + "description": "Action properties for put request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionPropertiesBase": { + "description": "Action property bag base.", + "properties": { + "logicAppResourceId": { + "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.", + "type": "string" + } + }, + "required": [ + "logicAppResourceId" + ], + "type": "object" + }, + "ActionRequestProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "triggerUri": { + "description": "Logic App Callback URL for this specific workflow.", + "type": "string", + "x-ms-secret": true + } + }, + "required": [ + "triggerUri" + ], + "type": "object" + }, + "ActionResponse": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionResponseProperties", + "description": "Action properties for get request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionResponseProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "workflowId": { + "description": "The name of the logic app's workflow.", + "type": "string" + } + }, + "type": "object" + }, + "ActionsList": { + "description": "List all the actions.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of actions.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of actions.", + "items": { + "$ref": "#/definitions/ActionResponse" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "EntityMappingType": { + "description": "The V3 type of the mapped entity", + "enum": [ + "Account", + "Host", + "IP", + "Malware", + "File", + "Process", + "CloudApplication", + "DNS", + "AzureResource", + "FileHash", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityMappingType", + "values": [ + { + "description": "User account entity type", + "value": "Account" + }, + { + "description": "Host entity type", + "value": "Host" + }, + { + "description": "IP address entity type", + "value": "IP" + }, + { + "description": "Malware entity type", + "value": "Malware" + }, + { + "description": "System file entity type", + "value": "File" + }, + { + "description": "Process entity type", + "value": "Process" + }, + { + "description": "Cloud app entity type", + "value": "CloudApplication" + }, + { + "description": "DNS entity type", + "value": "DNS" + }, + { + "description": "Azure resource entity type", + "value": "AzureResource" + }, + { + "description": "File-hash entity type", + "value": "FileHash" + }, + { + "description": "Registry key entity type", + "value": "RegistryKey" + }, + { + "description": "Registry value entity type", + "value": "RegistryValue" + }, + { + "description": "Security group entity type", + "value": "SecurityGroup" + }, + { + "description": "URL entity type", + "value": "URL" + }, + { + "description": "Mailbox entity type", + "value": "Mailbox" + }, + { + "description": "Mail cluster entity type", + "value": "MailCluster" + }, + { + "description": "Mail message entity type", + "value": "MailMessage" + }, + { + "description": "Submission mail entity type", + "value": "SubmissionMail" + } + ] + } + }, + "AlertProperty": { + "description": "The V3 alert property", + "enum": [ + "AlertLink", + "ConfidenceLevel", + "ConfidenceScore", + "ExtendedLinks", + "ProductName", + "ProviderName", + "ProductComponentName", + "RemediationSteps", + "Techniques" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertProperty", + "values": [ + { + "description": "Alert's link", + "value": "AlertLink" + }, + { + "description": "Confidence level property", + "value": "ConfidenceLevel" + }, + { + "description": "Confidence score", + "value": "ConfidenceScore" + }, + { + "description": "Extended links to the alert", + "value": "ExtendedLinks" + }, + { + "description": "Product name alert property", + "value": "ProductName" + }, + { + "description": "Provider name alert property", + "value": "ProviderName" + }, + { + "description": "Product component name alert property", + "value": "ProductComponentName" + }, + { + "description": "Remediation steps alert property", + "value": "RemediationSteps" + }, + { + "description": "Techniques alert property", + "value": "Techniques" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AutomationRules.json new file mode 100644 index 000000000000..83979c6e249d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AutomationRules.json @@ -0,0 +1,1495 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { + "get": { + "tags": [ + "automationRules" + ], + "description": "Gets the automation rule.", + "operationId": "AutomationRules_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Get": { + "$ref": "./examples/automationRules/AutomationRules_Get.json" + } + } + }, + "put": { + "tags": [ + "automationRules" + ], + "description": "Creates or updates the automation rule.", + "operationId": "AutomationRules_CreateOrUpdate", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + }, + { + "in": "body", + "name": "automationRuleToUpsert", + "description": "The automation rule", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_CreateOrUpdate": { + "$ref": "./examples/automationRules/AutomationRules_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "automationRules" + ], + "description": "Delete the automation rule.", + "operationId": "AutomationRules_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "type": "object" + } + }, + "204": { + "description": "No Content", + "schema": { + "type": "object" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Delete": { + "$ref": "./examples/automationRules/AutomationRules_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules": { + "get": { + "tags": [ + "automationRules" + ], + "description": "Gets all automation rules.", + "operationId": "AutomationRules_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "$ref": "#/definitions/AutomationRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "AutomationRules_List": { + "$ref": "./examples/automationRules/AutomationRules_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook": { + "post": { + "tags": [ + "manualTrigger" + ], + "description": "Triggers playbook on a specific entity.", + "operationId": "Entities_RunPlaybook", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "in": "path", + "name": "entityIdentifier", + "description": "Entity identifier.", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "requestBody", + "description": "Describes the request body for triggering a playbook on an entity.", + "schema": { + "$ref": "#/definitions/EntityManualTriggerRequestBody" + } + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Entities_RunPlaybook": { + "$ref": "./examples/manualTrigger/Entities_RunPlaybook.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook": { + "post": { + "tags": [ + "manualTrigger" + ], + "description": "Triggers playbook on a specific incident", + "operationId": "Incidents_RunPlaybook", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "in": "path", + "name": "incidentIdentifier", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "requestBody", + "schema": { + "$ref": "#/definitions/ManualTriggerRequestBody" + } + } + ], + "responses": { + "204": { + "description": "Success", + "schema": { + "type": "object" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_RunPlaybook": { + "$ref": "./examples/manualTrigger/Incidents_RunPlaybook.json" + } + } + } + } + }, + "definitions": { + "ActionType": { + "description": "The type of the automation rule action.", + "enum": [ + "ModifyProperties", + "RunPlaybook", + "AddIncidentTask" + ], + "type": "string", + "example": "ModifyProperties", + "x-ms-enum": { + "name": "ActionType", + "modelAsString": true, + "values": [ + { + "value": "ModifyProperties", + "description": "Modify an object's properties" + }, + { + "value": "RunPlaybook", + "description": "Run a playbook on an object" + }, + { + "value": "AddIncidentTask", + "description": "Add a task to an incident object" + } + ] + } + }, + "AddIncidentTaskActionProperties": { + "required": [ + "title" + ], + "type": "object", + "properties": { + "title": { + "description": "The title of the task.", + "type": "string" + }, + "description": { + "description": "The description of the task.", + "type": "string" + } + } + }, + "AutomationRule": { + "required": [ + "properties" + ], + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/AutomationRuleProperties", + "x-ms-client-flatten": true + } + } + }, + "AutomationRuleAction": { + "description": "Describes an automation rule action.", + "required": [ + "actionType", + "order" + ], + "type": "object", + "properties": { + "order": { + "format": "int32", + "type": "integer" + }, + "actionType": { + "$ref": "#/definitions/ActionType" + } + }, + "discriminator": "actionType" + }, + "AutomationRuleAddIncidentTaskAction": { + "description": "Describes an automation rule action to add a task to an incident", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "type": "object", + "$ref": "#/definitions/AddIncidentTaskActionProperties" + } + }, + "x-ms-discriminator-value": "AddIncidentTask", + "x-ms-client-flatten": true + }, + "AutomationRuleBooleanCondition": { + "type": "object", + "properties": { + "operator": { + "$ref": "#/definitions/AutomationRuleBooleanConditionSupportedOperator" + }, + "innerConditions": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [], + "minItems": 2, + "maxItems": 10 + } + } + }, + "AutomationRuleBooleanConditionSupportedOperator": { + "enum": [ + "And", + "Or" + ], + "type": "string", + "example": "And", + "x-ms-enum": { + "name": "AutomationRuleBooleanConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "value": "And", + "description": "Evaluates as true if all the item conditions are evaluated as true" + }, + { + "value": "Or", + "description": "Evaluates as true if at least one of the item conditions are evaluated as true" + } + ] + } + }, + "AutomationRuleCondition": { + "description": "Describes an automation rule condition.", + "required": [ + "conditionType" + ], + "type": "object", + "properties": { + "conditionType": { + "$ref": "#/definitions/ConditionType" + } + }, + "discriminator": "conditionType" + }, + "AutomationRuleModifyPropertiesAction": { + "description": "Describes an automation rule action to modify an object's properties", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "type": "object", + "$ref": "#/definitions/IncidentPropertiesAction" + } + }, + "x-ms-discriminator-value": "ModifyProperties", + "x-ms-client-flatten": true + }, + "AutomationRuleProperties": { + "description": "Automation rule properties", + "required": [ + "actions", + "displayName", + "order", + "triggeringLogic" + ], + "type": "object", + "properties": { + "displayName": { + "description": "The display name of the automation rule.", + "type": "string", + "maxLength": 500 + }, + "order": { + "format": "int32", + "description": "The order of execution of the automation rule.", + "type": "integer", + "minimum": 1, + "maximum": 1000 + }, + "triggeringLogic": { + "$ref": "#/definitions/AutomationRuleTriggeringLogic" + }, + "actions": { + "description": "The actions to execute when the automation rule is triggered.", + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRuleAction" + }, + "x-ms-identifiers": [], + "maxItems": 20 + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The last time the automation rule was updated.", + "type": "string", + "readOnly": true + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the automation rule was created.", + "type": "string", + "readOnly": true + }, + "lastModifiedBy": { + "readOnly": true, + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + }, + "createdBy": { + "readOnly": true, + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + } + } + }, + "AutomationRulePropertyArrayChangedConditionSupportedArrayType": { + "enum": [ + "Alerts", + "Labels", + "Tactics", + "Comments" + ], + "type": "string", + "example": "Alerts", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "value": "Alerts", + "description": "Evaluate the condition on the alerts" + }, + { + "value": "Labels", + "description": "Evaluate the condition on the labels" + }, + { + "value": "Tactics", + "description": "Evaluate the condition on the tactics" + }, + { + "value": "Comments", + "description": "Evaluate the condition on the comments" + } + ] + } + }, + "AutomationRulePropertyArrayChangedConditionSupportedChangeType": { + "enum": [ + "Added" + ], + "type": "string", + "example": "Added", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedChangeType", + "modelAsString": true, + "values": [ + { + "value": "Added", + "description": "Evaluate the condition on items added to the array" + } + ] + } + }, + "AutomationRulePropertyArrayChangedValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedArrayType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedChangeType" + } + } + }, + "AutomationRulePropertyArrayConditionSupportedArrayConditionType": { + "enum": [ + "AnyItem" + ], + "type": "string", + "example": "AnyItem", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayConditionSupportedArrayConditionType", + "modelAsString": true, + "values": [ + { + "value": "AnyItem", + "description": "Evaluate the condition as true if any item fulfills it" + } + ] + } + }, + "AutomationRulePropertyArrayConditionSupportedArrayType": { + "enum": [ + "CustomDetails", + "CustomDetailValues" + ], + "type": "string", + "example": "CustomDetails", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "value": "CustomDetails", + "description": "Evaluate the condition on the custom detail keys" + }, + { + "value": "CustomDetailValues", + "description": "Evaluate the condition on a custom detail's values" + } + ] + } + }, + "AutomationRulePropertyArrayValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayType" + }, + "arrayConditionType": { + "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayConditionType" + }, + "itemConditions": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [], + "maxItems": 10 + } + } + }, + "AutomationRulePropertyChangedConditionSupportedChangedType": { + "enum": [ + "ChangedFrom", + "ChangedTo" + ], + "type": "string", + "example": "ChangedFrom", + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedChangedType", + "modelAsString": true, + "values": [ + { + "value": "ChangedFrom", + "description": "Evaluate the condition on the previous value of the property" + }, + { + "value": "ChangedTo", + "description": "Evaluate the condition on the updated value of the property" + } + ] + } + }, + "AutomationRulePropertyChangedConditionSupportedPropertyType": { + "enum": [ + "IncidentSeverity", + "IncidentStatus", + "IncidentOwner" + ], + "type": "string", + "example": "IncidentSeverity", + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedPropertyType", + "modelAsString": true, + "values": [ + { + "value": "IncidentSeverity", + "description": "Evaluate the condition on the incident severity" + }, + { + "value": "IncidentStatus", + "description": "Evaluate the condition on the incident status" + }, + { + "value": "IncidentOwner", + "description": "Evaluate the condition on the incident owner" + } + ] + } + }, + "AutomationRulePropertyConditionSupportedOperator": { + "enum": [ + "Equals", + "NotEquals", + "Contains", + "NotContains", + "StartsWith", + "NotStartsWith", + "EndsWith", + "NotEndsWith" + ], + "type": "string", + "example": "Equals", + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "value": "Equals", + "description": "Evaluates if the property equals at least one of the condition values" + }, + { + "value": "NotEquals", + "description": "Evaluates if the property does not equal any of the condition values" + }, + { + "value": "Contains", + "description": "Evaluates if the property contains at least one of the condition values" + }, + { + "value": "NotContains", + "description": "Evaluates if the property does not contain any of the condition values" + }, + { + "value": "StartsWith", + "description": "Evaluates if the property starts with any of the condition values" + }, + { + "value": "NotStartsWith", + "description": "Evaluates if the property does not start with any of the condition values" + }, + { + "value": "EndsWith", + "description": "Evaluates if the property ends with any of the condition values" + }, + { + "value": "NotEndsWith", + "description": "Evaluates if the property does not end with any of the condition values" + } + ] + } + }, + "AutomationRulePropertyConditionSupportedProperty": { + "description": "The property to evaluate in an automation rule property condition.", + "enum": [ + "IncidentTitle", + "IncidentDescription", + "IncidentSeverity", + "IncidentStatus", + "IncidentRelatedAnalyticRuleIds", + "IncidentTactics", + "IncidentLabel", + "IncidentProviderName", + "IncidentUpdatedBySource", + "IncidentCustomDetailsKey", + "IncidentCustomDetailsValue", + "AccountAadTenantId", + "AccountAadUserId", + "AccountName", + "AccountNTDomain", + "AccountPUID", + "AccountSid", + "AccountObjectGuid", + "AccountUPNSuffix", + "AlertProductNames", + "AlertAnalyticRuleIds", + "AzureResourceResourceId", + "AzureResourceSubscriptionId", + "CloudApplicationAppId", + "CloudApplicationAppName", + "DNSDomainName", + "FileDirectory", + "FileName", + "FileHashValue", + "HostAzureID", + "HostName", + "HostNetBiosName", + "HostNTDomain", + "HostOSVersion", + "IoTDeviceId", + "IoTDeviceName", + "IoTDeviceType", + "IoTDeviceVendor", + "IoTDeviceModel", + "IoTDeviceOperatingSystem", + "IPAddress", + "MailboxDisplayName", + "MailboxPrimaryAddress", + "MailboxUPN", + "MailMessageDeliveryAction", + "MailMessageDeliveryLocation", + "MailMessageRecipient", + "MailMessageSenderIP", + "MailMessageSubject", + "MailMessageP1Sender", + "MailMessageP2Sender", + "MalwareCategory", + "MalwareName", + "ProcessCommandLine", + "ProcessId", + "RegistryKey", + "RegistryValueData", + "Url" + ], + "type": "string", + "example": "IncidentTitle", + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedProperty", + "modelAsString": true, + "values": [ + { + "value": "IncidentTitle", + "description": "The title of the incident" + }, + { + "value": "IncidentDescription", + "description": "The description of the incident" + }, + { + "value": "IncidentSeverity", + "description": "The severity of the incident" + }, + { + "value": "IncidentStatus", + "description": "The status of the incident" + }, + { + "value": "IncidentRelatedAnalyticRuleIds", + "description": "The related Analytic rule ids of the incident" + }, + { + "value": "IncidentTactics", + "description": "The tactics of the incident" + }, + { + "value": "IncidentLabel", + "description": "The labels of the incident" + }, + { + "value": "IncidentProviderName", + "description": "The provider name of the incident" + }, + { + "value": "IncidentUpdatedBySource", + "description": "The update source of the incident" + }, + { + "value": "IncidentCustomDetailsKey", + "description": "The incident custom detail key" + }, + { + "value": "IncidentCustomDetailsValue", + "description": "The incident custom detail value" + }, + { + "value": "AccountAadTenantId", + "description": "The account Azure Active Directory tenant id" + }, + { + "value": "AccountAadUserId", + "description": "The account Azure Active Directory user id" + }, + { + "value": "AccountName", + "description": "The account name" + }, + { + "value": "AccountNTDomain", + "description": "The account NetBIOS domain name" + }, + { + "value": "AccountPUID", + "description": "The account Azure Active Directory Passport User ID" + }, + { + "value": "AccountSid", + "description": "The account security identifier" + }, + { + "value": "AccountObjectGuid", + "description": "The account unique identifier" + }, + { + "value": "AccountUPNSuffix", + "description": "The account user principal name suffix" + }, + { + "value": "AlertProductNames", + "description": "The name of the product of the alert" + }, + { + "value": "AlertAnalyticRuleIds", + "description": "The analytic rule ids of the alert" + }, + { + "value": "AzureResourceResourceId", + "description": "The Azure resource id" + }, + { + "value": "AzureResourceSubscriptionId", + "description": "The Azure resource subscription id" + }, + { + "value": "CloudApplicationAppId", + "description": "The cloud application identifier" + }, + { + "value": "CloudApplicationAppName", + "description": "The cloud application name" + }, + { + "value": "DNSDomainName", + "description": "The dns record domain name" + }, + { + "value": "FileDirectory", + "description": "The file directory full path" + }, + { + "value": "FileName", + "description": "The file name without path" + }, + { + "value": "FileHashValue", + "description": "The file hash value" + }, + { + "value": "HostAzureID", + "description": "The host Azure resource id" + }, + { + "value": "HostName", + "description": "The host name without domain" + }, + { + "value": "HostNetBiosName", + "description": "The host NetBIOS name" + }, + { + "value": "HostNTDomain", + "description": "The host NT domain" + }, + { + "value": "HostOSVersion", + "description": "The host operating system" + }, + { + "value": "IoTDeviceId", + "description": "\"The IoT device id" + }, + { + "value": "IoTDeviceName", + "description": "The IoT device name" + }, + { + "value": "IoTDeviceType", + "description": "The IoT device type" + }, + { + "value": "IoTDeviceVendor", + "description": "The IoT device vendor" + }, + { + "value": "IoTDeviceModel", + "description": "The IoT device model" + }, + { + "value": "IoTDeviceOperatingSystem", + "description": "The IoT device operating system" + }, + { + "value": "IPAddress", + "description": "The IP address" + }, + { + "value": "MailboxDisplayName", + "description": "The mailbox display name" + }, + { + "value": "MailboxPrimaryAddress", + "description": "The mailbox primary address" + }, + { + "value": "MailboxUPN", + "description": "The mailbox user principal name" + }, + { + "value": "MailMessageDeliveryAction", + "description": "The mail message delivery action" + }, + { + "value": "MailMessageDeliveryLocation", + "description": "The mail message delivery location" + }, + { + "value": "MailMessageRecipient", + "description": "The mail message recipient" + }, + { + "value": "MailMessageSenderIP", + "description": "The mail message sender IP address" + }, + { + "value": "MailMessageSubject", + "description": "The mail message subject" + }, + { + "value": "MailMessageP1Sender", + "description": "The mail message P1 sender" + }, + { + "value": "MailMessageP2Sender", + "description": "The mail message P2 sender" + }, + { + "value": "MalwareCategory", + "description": "The malware category" + }, + { + "value": "MalwareName", + "description": "The malware name" + }, + { + "value": "ProcessCommandLine", + "description": "The process execution command line" + }, + { + "value": "ProcessId", + "description": "The process id" + }, + { + "value": "RegistryKey", + "description": "The registry key path" + }, + { + "value": "RegistryValueData", + "description": "The registry key value in string formatted representation" + }, + { + "value": "Url", + "description": "The url" + } + ] + } + }, + "AutomationRulePropertyValuesChangedCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedPropertyType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedChangedType" + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRulePropertyValuesCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedProperty" + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRuleRunPlaybookAction": { + "description": "Describes an automation rule action to run a playbook", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "type": "object", + "$ref": "#/definitions/PlaybookActionProperties" + } + }, + "x-ms-discriminator-value": "RunPlaybook", + "x-ms-client-flatten": true + }, + "AutomationRulesList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRule" + } + }, + "nextLink": { + "type": "string" + } + } + }, + "AutomationRuleTriggeringLogic": { + "description": "Describes automation rule triggering logic.", + "required": [ + "isEnabled", + "triggersOn", + "triggersWhen" + ], + "type": "object", + "properties": { + "isEnabled": { + "description": "Determines whether the automation rule is enabled or disabled.", + "type": "boolean" + }, + "expirationTimeUtc": { + "format": "date-time", + "description": "Determines when the automation rule should automatically expire and be disabled.", + "type": "string" + }, + "triggersOn": { + "$ref": "#/definitions/triggersOn" + }, + "triggersWhen": { + "$ref": "#/definitions/triggersWhen" + }, + "conditions": { + "description": "The conditions to evaluate to determine if the automation rule should be triggered on a given object.", + "type": "array", + "maxItems": 50, + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [ + "conditionType" + ] + } + } + }, + "BooleanConditionProperties": { + "description": "Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRuleBooleanCondition" + } + }, + "x-ms-discriminator-value": "Boolean", + "x-ms-client-flatten": true + }, + "ConditionType": { + "enum": [ + "Property", + "PropertyArray", + "PropertyChanged", + "PropertyArrayChanged", + "Boolean" + ], + "type": "string", + "example": "Property", + "x-ms-enum": { + "name": "ConditionType", + "modelAsString": true, + "values": [ + { + "value": "Property", + "description": "Evaluate an object property value" + }, + { + "value": "PropertyArray", + "description": "Evaluate an object array property value" + }, + { + "value": "PropertyChanged", + "description": "Evaluate an object property changed value" + }, + { + "value": "PropertyArrayChanged", + "description": "Evaluate an object array property changed value" + }, + { + "value": "Boolean", + "description": "Apply a boolean operator (e.g AND, OR) to conditions" + } + ] + } + }, + "EntityManualTriggerRequestBody": { + "type": "object", + "description": "Describes the request body for triggering a playbook on an entity.", + "required": [ + "logicAppsResourceId" + ], + "properties": { + "incidentArmId": { + "type": "string", + "description": "Incident ARM id." + }, + "tenantId": { + "format": "uuid", + "type": "string", + "description": "The tenant id of the playbook resource." + }, + "logicAppsResourceId": { + "type": "string", + "description": "The resource id of the playbook resource." + } + } + }, + "IncidentPropertiesAction": { + "type": "object", + "properties": { + "severity": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" + }, + "status": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum" + }, + "classification": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum" + }, + "classificationReason": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" + }, + "classificationComment": { + "description": "Describes the reason the incident was closed.", + "type": "string" + }, + "owner": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo" + }, + "labels": { + "description": "List of labels to add to the incident.", + "type": "array", + "x-ms-identifiers": [ + "labelName" + ], + "items": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" + } + } + } + }, + "ManualTriggerRequestBody": { + "type": "object", + "required": [ + "logicAppsResourceId" + ], + "properties": { + "tenantId": { + "format": "uuid", + "type": "string" + }, + "logicAppsResourceId": { + "type": "string" + } + } + }, + "PlaybookActionProperties": { + "type": "object", + "required": [ + "logicAppResourceId" + ], + "properties": { + "logicAppResourceId": { + "description": "The resource id of the playbook resource.", + "type": "string" + }, + "tenantId": { + "format": "uuid", + "description": "The tenant id of the playbook resource.", + "type": "string" + } + } + }, + "PropertyArrayChangedConditionProperties": { + "description": "Describes an automation rule condition that evaluates an array property's value change", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyArrayChangedValuesCondition" + } + }, + "x-ms-discriminator-value": "PropertyArrayChanged", + "x-ms-client-flatten": true + }, + "PropertyArrayConditionProperties": { + "description": "Describes an automation rule condition that evaluates an array property's value", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyArrayValuesCondition" + } + }, + "x-ms-discriminator-value": "PropertyArray", + "x-ms-client-flatten": true + }, + "PropertyChangedConditionProperties": { + "description": "Describes an automation rule condition that evaluates a property's value change", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyValuesChangedCondition" + } + }, + "x-ms-discriminator-value": "PropertyChanged", + "x-ms-client-flatten": true + }, + "PropertyConditionProperties": { + "description": "Describes an automation rule condition that evaluates a property's value", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyValuesCondition" + } + }, + "x-ms-discriminator-value": "Property", + "x-ms-client-flatten": true + }, + "triggersOn": { + "enum": [ + "Incidents", + "Alerts" + ], + "type": "string", + "example": "Incidents", + "x-ms-enum": { + "name": "triggersOn", + "modelAsString": true, + "values": [ + { + "value": "Incidents", + "description": "Trigger on Incidents" + }, + { + "value": "Alerts", + "description": "Trigger on Alerts" + } + ] + } + }, + "triggersWhen": { + "enum": [ + "Created", + "Updated" + ], + "type": "string", + "example": "Created", + "x-ms-enum": { + "name": "triggersWhen", + "modelAsString": true, + "values": [ + { + "value": "Created", + "description": "Trigger on created objects" + }, + { + "value": "Updated", + "description": "Trigger on updated objects" + } + ] + } + } + }, + "parameters": { + "AutomationRule": { + "name": "automationRule", + "description": "The automation rule", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "AutomationRuleId": { + "in": "path", + "name": "automationRuleId", + "description": "Automation rule ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/BillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/BillingStatistics.json new file mode 100644 index 000000000000..5a8b33780072 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/BillingStatistics.json @@ -0,0 +1,226 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics": { + "get": { + "x-ms-examples": { + "Get all Microsoft Sentinel billing statistics.": { + "$ref": "./examples/billingStatistics/GetAllBillingStatistics.json" + } + }, + "tags": [ + "billingStatistics" + ], + "description": "Gets all Microsoft Sentinel billing statistics.", + "operationId": "BillingStatistics_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BillingStatisticList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}": { + "get": { + "x-ms-examples": { + "Get a billing statistic.": { + "$ref": "./examples/billingStatistics/GetBillingStatistic.json" + } + }, + "tags": [ + "billingStatistics" + ], + "description": "Gets a billing statistic", + "operationId": "BillingStatistics_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BillingStatisticName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BillingStatistic" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "BillingStatisticList": { + "description": "List of all Microsoft Sentinel billing statistics.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of billing statistics.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of billing statistics.", + "items": { + "$ref": "#/definitions/BillingStatistic" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "BillingStatistic": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "Billing statistic", + "properties": { + "kind": { + "$ref": "#/definitions/BillingStatisticKindEnum", + "description": "The kind of the billing statistic" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "BillingStatisticKindEnum": { + "description": "The kind of the billing statistic", + "enum": [ + "SapSolutionUsage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "BillingStatisticKind", + "values": [ + { + "value": "SapSolutionUsage" + } + ] + } + }, + "SapSolutionUsageStatistic": { + "allOf": [ + { + "$ref": "#/definitions/BillingStatistic" + } + ], + "description": "Billing statistic about the Microsoft Sentinel solution for SAP Usage", + "properties": { + "properties": { + "$ref": "#/definitions/SapSolutionUsageStatisticProperties", + "description": "The SAP solution usage object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SapSolutionUsage" + }, + "SapSolutionUsageStatisticProperties": { + "description": "Properties of the billing statistic about the Microsoft Sentinel solution for SAP usage", + "properties": { + "activeSystemIdCount": { + "description": "The latest count of active SAP system IDs under the Microsoft Sentinel solution for SAP Usage", + "type": "integer", + "format": "int64", + "readOnly": true + } + }, + "type": "object" + } + }, + "parameters": { + "BillingStatisticName": { + "description": "The name of the billing statistic", + "in": "path", + "name": "billingStatisticName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Bookmarks.json new file mode 100644 index 000000000000..65437ece6726 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Bookmarks.json @@ -0,0 +1,751 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { + "get": { + "x-ms-examples": { + "Get all bookmarks.": { + "$ref": "./examples/bookmarks/GetBookmarks.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets all bookmarks.", + "operationId": "Bookmarks_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}": { + "get": { + "x-ms-examples": { + "Get a bookmark.": { + "$ref": "./examples/bookmarks/GetBookmarkById.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets a bookmark.", + "operationId": "Bookmarks_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a bookmark.": { + "$ref": "./examples/bookmarks/CreateBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Creates or updates the bookmark.", + "operationId": "Bookmarks_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "#/parameters/Bookmark" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a bookmark.": { + "$ref": "./examples/bookmarks/DeleteBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Delete the bookmark.", + "operationId": "Bookmarks_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations": { + "get": { + "x-ms-examples": { + "Get all bookmark relations.": { + "$ref": "./examples/bookmarks/relations/GetAllBookmarkRelations.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Gets all bookmark relations.", + "operationId": "BookmarkRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "./common/RelationTypes.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand": { + "post": { + "x-ms-examples": { + "Expand an bookmark": { + "$ref": "./examples/bookmarks/expand/PostExpandBookmark.json" + } + }, + "description": "Expand an bookmark", + "operationId": "Bookmark_Expand", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "#/parameters/BookmarkExpandRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BookmarkExpandResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "tags": [ + "Bookmark" + ] + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get a bookmark relation.": { + "$ref": "./examples/bookmarks/relations/GetBookmarkRelationByName.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Gets a bookmark relation.", + "operationId": "BookmarkRelations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a bookmark relation.": { + "$ref": "./examples/bookmarks/relations/CreateBookmarkRelation.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Creates the bookmark relation.", + "operationId": "BookmarkRelations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/Relation" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the bookmark relation.": { + "$ref": "./examples/bookmarks/relations/DeleteBookmarkRelation.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Delete the bookmark relation.", + "operationId": "BookmarkRelations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "Bookmark": { + "description": "The bookmark", + "in": "body", + "name": "bookmark", + "required": true, + "schema": { + "$ref": "#/definitions/Bookmark" + }, + "x-ms-parameter-location": "method" + }, + "BookmarkExpandRequestBody": { + "description": "The parameters required to execute an expand operation on the given bookmark.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/BookmarkExpandParameters" + }, + "x-ms-parameter-location": "method" + }, + "BookmarkId": { + "description": "Bookmark ID", + "in": "path", + "name": "bookmarkId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "Bookmark": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a bookmark in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/BookmarkProperties", + "description": "Bookmark properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "BookmarkExpandParameters": { + "description": "The parameters required to execute an expand operation on the given bookmark.", + "properties": { + "endTime": { + "description": "The end date filter, so the only expansion results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "expansionId": { + "description": "The Id of the expansion to perform.", + "format": "uuid", + "type": "string" + }, + "startTime": { + "description": "The start date filter, so the only expansion results returned are after this date.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "BookmarkExpandResponse": { + "description": "The entity expansion result operation response.", + "properties": { + "metaData": { + "$ref": "./common/EntityTypes.json#/definitions/ExpansionResultsMetadata", + "description": "The metadata from the expansion operation results." + }, + "value": { + "description": "The expansion result values.", + "properties": { + "entities": { + "description": "Array of the expansion result entities.", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + }, + "type": "array" + }, + "edges": { + "description": "Array of expansion result connected entities", + "items": { + "$ref": "#/definitions/ConnectedEntity" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "BookmarkList": { + "description": "List all the bookmarks.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of bookmarks.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of bookmarks.", + "items": { + "$ref": "#/definitions/Bookmark" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "BookmarkProperties": { + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "eventTime": { + "description": "The bookmark event time", + "format": "date-time", + "type": "string" + }, + "queryStartTime": { + "description": "The start time for the query", + "format": "date-time", + "type": "string" + }, + "queryEndTime": { + "description": "The end time for the query", + "format": "date-time", + "type": "string" + }, + "incidentInfo": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappingsList", + "description": "Describes the entity mappings of the bookmark", + "type": "object" + }, + "tactics": { + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "description": "A list of relevant mitre attacks", + "type": "array" + }, + "techniques": { + "items": { + "$ref": "#/definitions/AttackTechnique" + }, + "description": "A list of relevant mitre techniques", + "type": "array" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "ConnectedEntity": { + "description": "Expansion result connected entities", + "properties": { + "targetEntityId": { + "description": "Entity Id of the connected entity", + "type": "string" + }, + "additionalData": { + "description": "key-value pairs for a connected entity mapping", + "type": "object" + } + }, + "type": "object" + }, + "EntityMappingsList": { + "description": "Describes the entity mappings of the bookmark", + "items": { + "$ref": "#/definitions/BookmarkEntityMappings" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "BookmarkEntityMappings": { + "description": "Describes the entity mappings of a single entity", + "properties": { + "entityType": { + "description": "The entity type", + "type": "string" + }, + "fieldMappings": { + "description": "Array of fields mapping for that entity type", + "items": { + "$ref": "#/definitions/EntityFieldMapping" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object" + }, + "EntityFieldMapping": { + "description": "Map identifiers of a single entity", + "properties": { + "identifier": { + "description": "Alert V3 identifier", + "type": "string" + }, + "value": { + "description": "The value of the identifier", + "type": "string" + } + }, + "type": "object" + }, + "AttackTechnique": { + "description": "Mitre technique (https://attack.mitre.org/matrices/enterprise/)", + "type": "string" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentPackages.json new file mode 100644 index 000000000000..1338ba30ed12 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentPackages.json @@ -0,0 +1,310 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages": { + "get": { + "x-ms-examples": { + "Get all available packages.": { + "$ref": "./examples/contentPackages/GetPackages.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Gets all installed packages.", + "operationId": "ContentPackages_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/packageList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}": { + "get": { + "x-ms-examples": { + "Get installed packages by id.": { + "$ref": "./examples/contentPackages/GetPackageById.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Gets an installed packages by its id.", + "operationId": "ContentPackages_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Install a package to the workspace.": { + "$ref": "./examples/contentPackages/InstallPackage.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Install a package to the workspace.", + "operationId": "ContentPackage_Install", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + }, + { + "$ref": "#/parameters/PackageInstallationProperties" + } + ], + "responses": { + "200": { + "description": "OK, a package is updated.", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Uninstall a package from the workspace.": { + "$ref": "./examples/contentPackages/UninstallPackage.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Uninstall a package from the workspace.", + "operationId": "ContentPackage_Uninstall", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "packageList": { + "description": "List available packages.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of packages.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of packages.", + "items": { + "$ref": "#/definitions/packageModel" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "packageModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Package in Azure Security Insights.", + "properties": { + "properties": { + "description": "package properties", + "$ref": "#/definitions/packageProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "packageProperties": { + "description": "Describes package properties", + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/packageBaseProperties" + } + ], + "required": [ + "contentId", + "contentProductId", + "contentKind", + "version", + "displayName" + ], + "type": "object" + } + }, + "parameters": { + "PackageIdParameter": { + "description": "package Id", + "in": "path", + "name": "packageId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "PackageInstallationProperties": { + "description": "Package installation properties", + "in": "body", + "name": "packageInstallationProperties", + "required": true, + "schema": { + "$ref": "#/definitions/packageModel" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductPackages.json new file mode 100644 index 000000000000..8fcfc2ecd4f8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductPackages.json @@ -0,0 +1,231 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages": { + "get": { + "x-ms-examples": { + "Get all available packages.": { + "$ref": "./examples/contentPackages/GetProductPackages.json" + } + }, + "tags": [ + "ContentProductPackages" + ], + "description": "Gets all packages from the catalog.", + "operationId": "ProductPackages_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/productPackageList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}": { + "get": { + "x-ms-examples": { + "Get a package.": { + "$ref": "./examples/contentPackages/GetProductPackageById.json" + } + }, + "tags": [ + "ContentProductPackages" + ], + "description": "Gets a package by its identifier from the catalog.", + "operationId": "ProductPackage_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/productPackageModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "productPackageList": { + "description": "List available packages.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of packages.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of packages.", + "items": { + "$ref": "#/definitions/productPackageModel" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "productPackageModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Package in Azure Security Insights.", + "properties": { + "properties": { + "description": "package properties", + "$ref": "#/definitions/productPackageProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "productPackageProperties": { + "description": "Describes package properties", + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/packageBaseProperties", + "description": "The content id of the package" + }, + { + "$ref": "#/definitions/productPackageAdditionalProperties", + "description": "The package kind" + } + ], + "required": [ + "contentId", + "contentKind", + "version", + "displayName" + ], + "type": "object" + }, + "productPackageAdditionalProperties": { + "description": "product package additional properties", + "properties": { + "installedVersion": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", + "description": "The version of the installed package, null or absent means not installed." + }, + "resourceId": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", + "description": "The metadata resource id." + }, + "packagedContent": { + "$ref": "#/definitions/packagedContent", + "description": "the json to deploy" + } + }, + "type": "object" + }, + "packagedContent": { + "type": "object", + "description": "the json to deploy" + } + }, + "parameters": { + "PackageIdParameter": { + "description": "package Id", + "in": "path", + "name": "packageId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductTemplates.json new file mode 100644 index 000000000000..03b04dee41e3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductTemplates.json @@ -0,0 +1,217 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates": { + "get": { + "x-ms-examples": { + "Get all installed templates.": { + "$ref": "./examples/contentTemplates/GetProductTemplates.json" + } + }, + "tags": [ + "ContentProductTemplates" + ], + "description": "Gets all templates in the catalog.", + "operationId": "ProductTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/productTemplateList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}": { + "get": { + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/GetProductTemplateById.json" + } + }, + "tags": [ + "ContentProductTemplates" + ], + "description": "Gets a template by its identifier.", + "operationId": "ProductTemplate_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/productTemplateModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "productTemplateList": { + "description": "List of all the template.", + "type": "object", + "properties": { + "value": { + "description": "Array of templates.", + "items": { + "$ref": "#/definitions/productTemplateModel" + }, + "type": "array" + }, + "nextLink": { + "description": "URL to fetch the next page of template.", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "productTemplateModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Template resource definition.", + "properties": { + "properties": { + "description": "template properties", + "$ref": "#/definitions/productTemplateProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "productTemplateProperties": { + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/templateBaseProperties" + }, + { + "$ref": "#/definitions/productTemplateAdditionalProperties" + } + ], + "description": "Template property bag.", + "required": [ + "contentId", + "version", + "displayName", + "contentKind", + "source" + ] + }, + "productTemplateAdditionalProperties": { + "description": "additional properties of product template.", + "type": "object", + "properties": { + "packagedContent": { + "type": "object", + "description": "the json to deploy" + } + } + } + }, + "parameters": { + "templateIdParameter": { + "description": "template Id", + "in": "path", + "name": "templateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentTemplates.json new file mode 100644 index 000000000000..25b755bb3b2e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentTemplates.json @@ -0,0 +1,330 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates": { + "get": { + "x-ms-examples": { + "Get all installed templates.": { + "$ref": "./examples/contentTemplates/GetTemplates.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Gets all installed templates.", + "operationId": "ContentTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templateList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}": { + "put": { + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/InstallTemplate.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Install a template.", + "operationId": "ContentTemplate_Install", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + }, + { + "$ref": "#/parameters/templateInstallationProperties" + } + ], + "responses": { + "200": { + "description": "OK, a template is updated.", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "get": { + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/GetTemplateById.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Gets a template byt its identifier.", + "operationId": "ContentTemplate_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/contentTemplates/DeleteTemplate.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Delete an installed template.", + "operationId": "ContentTemplate_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "templateList": { + "description": "List of all the template.", + "type": "object", + "properties": { + "value": { + "description": "Array of templates.", + "items": { + "$ref": "#/definitions/templateModel" + }, + "type": "array" + }, + "nextLink": { + "description": "URL to fetch the next page of template.", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "templateModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Template resource definition.", + "properties": { + "properties": { + "description": "template properties", + "$ref": "#/definitions/templateProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "templateProperties": { + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/templateBaseProperties" + }, + { + "$ref": "#/definitions/templateAdditionalProperties" + } + ], + "description": "Template property bag.", + "required": [ + "contentId", + "version", + "displayName", + "contentKind", + "source", + "packageId", + "packageVersion", + "contentProductId" + ], + "type": "object" + }, + "templateAdditionalProperties": { + "description": "additional properties of product template.", + "type": "object", + "properties": { + "mainTemplate": { + "$ref": "#/definitions/mainTemplate", + "description": "The JSON of the ARM template to deploy active content" + } + } + }, + "mainTemplate": { + "description": "The JSON of the ARM template to deploy active content", + "type": "object" + } + }, + "parameters": { + "templateIdParameter": { + "description": "template Id", + "in": "path", + "name": "templateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "templateInstallationProperties": { + "description": "Template installation properties", + "in": "body", + "name": "templateInstallationProperties", + "required": true, + "schema": { + "$ref": "#/definitions/templateModel" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Enrichment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Enrichment.json new file mode 100644 index 000000000000..884ec500cb6d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Enrichment.json @@ -0,0 +1,381 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/": { + "get": { + "x-ms-examples": { + "Get geodata for a single IP address": { + "$ref": "./examples/enrichment/GetGeodataByIp.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get geodata for a single IP address", + "operationId": "IPGeodata_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/EnrichmentIpAddress" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentIpGeodata" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this ip.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/": { + "get": { + "x-ms-examples": { + "Get whois information for a single domain name": { + "$ref": "./examples/enrichment/GetWhoisByDomainName.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get whois information for a single domain name", + "operationId": "DomainWhois_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/EnrichmentDomain" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentDomainWhois" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this domain.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "EnrichmentIpAddress": { + "description": "IP address (v4 or v6) to be enriched", + "in": "query", + "name": "ipAddress", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EnrichmentDomain": { + "description": "Domain name to be enriched", + "in": "query", + "name": "domain", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "EnrichmentDomainWhois": { + "description": "Whois information for a given domain and associated metadata", + "properties": { + "domain": { + "description": "The domain for this whois record", + "type": "string" + }, + "server": { + "description": "The hostname of this registrar's whois server", + "type": "string" + }, + "created": { + "description": "The timestamp at which this record was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The timestamp at which this record was last updated", + "format": "date-time", + "type": "string" + }, + "expires": { + "description": "The timestamp at which this record will expire", + "format": "date-time", + "type": "string" + }, + "parsedWhois": { + "description": "The whois record for a given domain", + "$ref": "#/definitions/EnrichmentDomainWhoisDetails" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisDetails": { + "description": "The whois record for a given domain", + "properties": { + "registrar": { + "description": "The registrar associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisRegistrarDetails" + }, + "contacts": { + "description": "The set of contacts associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisContacts" + }, + "nameServers": { + "description": "A list of name servers associated with this domain", + "type": "array", + "items": { + "type": "string" + } + }, + "statuses": { + "description": "The set of status flags for this whois record", + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisRegistrarDetails": { + "description": "The registrar associated with this domain", + "properties": { + "name": { + "description": "The name of this registrar", + "type": "string" + }, + "abuseContactEmail": { + "description": "This registrar's abuse contact email", + "type": "string" + }, + "abuseContactPhone": { + "description": "This registrar's abuse contact phone number", + "type": "string" + }, + "ianaId": { + "description": "This registrar's Internet Assigned Numbers Authority id", + "type": "string" + }, + "url": { + "description": "This registrar's URL", + "type": "string" + }, + "whoisServer": { + "description": "The hostname of this registrar's whois server", + "type": "string" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisContacts": { + "description": "The set of contacts associated with this domain", + "properties": { + "admin": { + "description": "The admin contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "billing": { + "description": "The billing contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "registrant": { + "description": "The registrant contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "tech": { + "description": "The technical contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisContact": { + "description": "An individual contact associated with this domain", + "properties": { + "name": { + "description": "The name of this contact", + "type": "string" + }, + "org": { + "description": "The organization for this contact", + "type": "string" + }, + "street": { + "description": "A list describing the street address for this contact", + "type": "array", + "items": { + "type": "string" + } + }, + "city": { + "description": "The city for this contact", + "type": "string" + }, + "state": { + "description": "The state for this contact", + "type": "string" + }, + "postal": { + "description": "The postal code for this contact", + "type": "string" + }, + "country": { + "description": "The country for this contact", + "type": "string" + }, + "phone": { + "description": "The phone number for this contact", + "type": "string" + }, + "fax": { + "description": "The fax number for this contact", + "type": "string" + }, + "email": { + "description": "The email address for this contact", + "type": "string" + } + }, + "type": "object" + }, + "EnrichmentIpGeodata": { + "description": "Geodata information for a given IP address", + "properties": { + "asn": { + "description": "The autonomous system number associated with this IP address", + "type": "string" + }, + "carrier": { + "description": "The name of the carrier for this IP address", + "type": "string" + }, + "city": { + "description": "The city this IP address is located in", + "type": "string" + }, + "cityCf": { + "description": "A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "continent": { + "description": "The continent this IP address is located on", + "type": "string" + }, + "country": { + "description": "The county this IP address is located in", + "type": "string" + }, + "countryCf": { + "description": "A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "ipAddr": { + "description": "The dotted-decimal or colon-separated string representation of the IP address", + "type": "string" + }, + "ipRoutingType": { + "description": "A description of the connection type of this IP address", + "type": "string" + }, + "latitude": { + "description": "The latitude of this IP address", + "type": "string" + }, + "longitude": { + "description": "The longitude of this IP address", + "type": "string" + }, + "organization": { + "description": "The name of the organization for this IP address", + "type": "string" + }, + "organizationType": { + "description": "The type of the organization for this IP address", + "type": "string" + }, + "region": { + "description": "The geographic region this IP address is located in", + "type": "string" + }, + "state": { + "description": "The state this IP address is located in", + "type": "string" + }, + "stateCf": { + "description": "A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "stateCode": { + "description": "The abbreviated name for the state this IP address is located in", + "type": "string" + } + }, + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Entities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Entities.json new file mode 100644 index 000000000000..66d96f6bff0a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Entities.json @@ -0,0 +1,1556 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities": { + "get": { + "x-ms-examples": { + "Get all entities.": { + "$ref": "./examples/entities/GetEntities.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Gets all entities.", + "operationId": "Entities_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}": { + "get": { + "x-ms-examples": { + "Get an account entity.": { + "$ref": "./examples/entities/GetAccountEntityById.json" + }, + "Get a host entity.": { + "$ref": "./examples/entities/GetHostEntityById.json" + }, + "Get a file entity.": { + "$ref": "./examples/entities/GetFileEntityById.json" + }, + "Get a security alert entity.": { + "$ref": "./examples/entities/GetSecurityAlertEntityById.json" + }, + "Get a file hash entity.": { + "$ref": "./examples/entities/GetFileHashEntityById.json" + }, + "Get a malware entity.": { + "$ref": "./examples/entities/GetMalwareEntityById.json" + }, + "Get a security group entity.": { + "$ref": "./examples/entities/GetSecurityGroupEntityById.json" + }, + "Get an azure resource entity.": { + "$ref": "./examples/entities/GetAzureResourceEntityById.json" + }, + "Get a cloud application entity.": { + "$ref": "./examples/entities/GetCloudApplicationEntityById.json" + }, + "Get a process entity.": { + "$ref": "./examples/entities/GetProcessEntityById.json" + }, + "Get a dns entity.": { + "$ref": "./examples/entities/GetDnsEntityById.json" + }, + "Get an ip entity.": { + "$ref": "./examples/entities/GetIpEntityById.json" + }, + "Get a registry key entity.": { + "$ref": "./examples/entities/GetRegistryKeyEntityById.json" + }, + "Get a registry value entity.": { + "$ref": "./examples/entities/GetRegistryValueEntityById.json" + }, + "Get a url entity.": { + "$ref": "./examples/entities/GetUrlEntityById.json" + }, + "Get an IoT device entity.": { + "$ref": "./examples/entities/GetIoTDeviceEntityById.json" + }, + "Get a mailCluster entity.": { + "$ref": "./examples/entities/GetMailClusterEntityById.json" + }, + "Get a mailbox entity.": { + "$ref": "./examples/entities/GetMailboxEntityById.json" + }, + "Get a mailMessage entity.": { + "$ref": "./examples/entities/GetMailMessageEntityById.json" + }, + "Get a submissionMail entity.": { + "$ref": "./examples/entities/GetSubmissionMailEntityById.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Gets an entity.", + "operationId": "Entities_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand": { + "post": { + "x-ms-examples": { + "Expand an entity": { + "$ref": "./examples/entities/expand/PostExpandEntity.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Expands an entity.", + "operationId": "Entities_Expand", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityExpandRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityExpandResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline": { + "post": { + "x-ms-examples": { + "Entity timeline": { + "$ref": "./examples/entities/timeline/PostTimelineEntity.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Timeline for an entity.", + "operationId": "EntitiesGetTimeline_list", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityTimelineRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityTimelineResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries": { + "get": { + "x-ms-examples": { + "Get Entity Query": { + "$ref": "./examples/entities/GetQueries.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Get Insights and Activities for an entity.", + "operationId": "Entities_Queries", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityQueryKindParam" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/GetQueriesResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights": { + "post": { + "x-ms-examples": { + "Entity Insight": { + "$ref": "./examples/entities/insights/PostGetInsights.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Execute Insights for an entity.", + "operationId": "Entities_GetInsights", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/GetInsightsEntityQueriesRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityGetInsightsResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations": { + "get": { + "x-ms-examples": { + "Get all relations of an entity.": { + "$ref": "./examples/entities/relations/GetAllEntityRelations.json" + } + }, + "tags": [ + "EntityRelations" + ], + "description": "Gets all relations of an entity.", + "operationId": "EntitiesRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "./common/RelationTypes.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get an entity relation.": { + "$ref": "./examples/entities/relations/GetEntityRelationByName.json" + } + }, + "tags": [ + "EntityRelations" + ], + "description": "Gets an entity relation.", + "operationId": "EntityRelations_GetRelation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "EntityExpandRequestBody": { + "description": "The parameters required to execute an expand operation on the given entity.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/EntityExpandParameters" + }, + "x-ms-parameter-location": "method" + }, + "EntityId": { + "description": "entity ID", + "in": "path", + "name": "entityId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityTimelineRequestBody": { + "description": "The parameters required to execute an timeline operation on the given entity.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/EntityTimelineParameters" + }, + "x-ms-parameter-location": "method" + }, + "EntityQueryKindParam": { + "description": "The Kind parameter for queries", + "in": "query", + "name": "kind", + "required": true, + "type": "string", + "enum": [ + "Insight" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "EntityItemQueryKind", + "values": [ + { + "description": "insight", + "value": "Insight" + } + ] + }, + "x-ms-parameter-location": "method" + }, + "GetInsightsEntityQueriesRequestBody": { + "description": "The parameters required to execute insights on the given entity.", + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/EntityGetInsightsParameters" + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "ActivityTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents Activity timeline item.", + "properties": { + "queryId": { + "type": "string", + "description": "The activity query id." + }, + "bucketStartTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The grouping bucket start time." + }, + "bucketEndTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The grouping bucket end time." + }, + "firstActivityTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The time of the first activity in the grouping bucket." + }, + "lastActivityTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The time of the last activity in the grouping bucket." + }, + "content": { + "type": "string", + "description": "The activity timeline content." + }, + "title": { + "type": "string", + "description": "The activity timeline title." + } + }, + "required": [ + "queryId", + "bucketStartTimeUTC", + "bucketEndTimeUTC", + "firstActivityTimeUTC", + "lastActivityTimeUTC", + "content", + "title" + ], + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "BookmarkTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents bookmark timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The bookmark azure resource id." + }, + "displayName": { + "type": "string", + "description": "The bookmark display name." + }, + "notes": { + "type": "string", + "description": "The notes of the bookmark" + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The bookmark end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The bookmark start time." + }, + "eventTime": { + "format": "date-time", + "type": "string", + "description": "The bookmark event time." + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + } + }, + "required": [ + "azureResourceId" + ], + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "AnomalyTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents anomaly timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The anomaly azure resource id." + }, + "productName": { + "type": "string", + "description": "The anomaly product name." + }, + "description": { + "type": "string", + "description": "The anomaly description." + }, + "displayName": { + "type": "string", + "description": "The anomaly name." + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The anomaly end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The anomaly start time." + }, + "timeGenerated": { + "format": "date-time", + "type": "string", + "description": "The anomaly generated time." + }, + "vendor": { + "type": "string", + "description": "The name of the anomaly vendor." + }, + "intent": { + "type": "string", + "description": "The intent of the anomaly." + }, + "techniques": { + "type": "array", + "items": { + "type": "string", + "description": "technique of the anomaly" + }, + "description": "The techniques of the anomaly." + }, + "reasons": { + "type": "array", + "items": { + "type": "string", + "description": "Reason of the anomaly" + }, + "description": "The reasons that cause the anomaly." + } + }, + "required": [ + "azureResourceId", + "displayName", + "endTimeUtc", + "startTimeUtc", + "timeGenerated" + ], + "type": "object", + "x-ms-discriminator-value": "Anomaly" + }, + "EntityGetInsightsParameters": { + "description": "The parameters required to execute insights operation on the given entity.", + "type": "object", + "properties": { + "startTime": { + "description": "The start timeline date, so the results returned are after this date.", + "format": "date-time", + "type": "string" + }, + "endTime": { + "description": "The end timeline date, so the results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "addDefaultExtendedTimeRange": { + "description": "Indicates if query time range should be extended with default time range of the query. Default value is false", + "type": "boolean" + }, + "insightQueryIds": { + "description": "List of Insights Query Id. If empty, default value is all insights of this entity", + "type": "array", + "items": { + "description": "Insight Query Id (GUID)", + "format": "uuid", + "type": "string" + } + } + }, + "required": [ + "startTime", + "endTime" + ] + }, + "EntityGetInsightsResponse": { + "description": "The Get Insights result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/GetInsightsResultsMetadata", + "description": "The metadata from the get insights operation results." + }, + "value": { + "description": "The insights result values.", + "items": { + "$ref": "#/definitions/EntityInsightItem" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "EntityEdges": { + "description": "The edge that connects the entity to the other entity.", + "properties": { + "targetEntityId": { + "description": "The target entity Id.", + "type": "string" + }, + "additionalData": { + "additionalProperties": true, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "type": "object" + } + }, + "type": "object" + }, + "EntityExpandParameters": { + "description": "The parameters required to execute an expand operation on the given entity.", + "properties": { + "endTime": { + "description": "The end date filter, so the only expansion results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "expansionId": { + "description": "The Id of the expansion to perform.", + "format": "uuid", + "type": "string" + }, + "startTime": { + "description": "The start date filter, so the only expansion results returned are after this date.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "EntityExpandResponse": { + "description": "The entity expansion result operation response.", + "properties": { + "metaData": { + "$ref": "./common/EntityTypes.json#/definitions/ExpansionResultsMetadata", + "description": "The metadata from the expansion operation results." + }, + "value": { + "description": "The expansion result values.", + "properties": { + "entities": { + "description": "Array of the expansion result entities.", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "edges": { + "description": "Array of edges that connects the entity to the list of entities.", + "items": { + "$ref": "#/definitions/EntityEdges" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "EntityInsightItem": { + "description": "Entity insight Item.", + "type": "object", + "properties": { + "queryId": { + "type": "string", + "description": "The query id of the insight" + }, + "queryTimeInterval": { + "type": "object", + "description": "The Time interval that the query actually executed on.", + "properties": { + "startTime": { + "format": "date-time", + "type": "string", + "description": "Insight query start time" + }, + "endTime": { + "format": "date-time", + "type": "string", + "description": "Insight query end time" + } + } + }, + "tableQueryResults": { + "$ref": "#/definitions/InsightsTableResult", + "description": "Query results for table insights query." + }, + "chartQueryResults": { + "type": "array", + "description": "Query results for table insights query.", + "items": { + "$ref": "#/definitions/InsightsTableResult", + "description": "Query results for table insights query." + }, + "x-ms-identifiers": [] + } + } + }, + "EntityList": { + "description": "List of all the entities.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entities.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entities.", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "EntityTimelineItem": { + "description": "Entity timeline Item.", + "discriminator": "kind", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/EntityTimelineKind", + "description": "The entity query kind type." + } + }, + "required": [ + "kind" + ] + }, + "EntityTimelineResponse": { + "description": "The entity timeline result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/TimelineResultsMetadata", + "description": "The metadata from the timeline operation results." + }, + "value": { + "description": "The timeline result values.", + "items": { + "$ref": "#/definitions/EntityTimelineItem" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "EntityTimelineKind": { + "description": "The entity query kind", + "enum": [ + "Activity", + "Bookmark", + "SecurityAlert", + "Anomaly" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityTimelineKind", + "values": [ + { + "description": "activity", + "value": "Activity" + }, + { + "description": "bookmarks", + "value": "Bookmark" + }, + { + "description": "security alerts", + "value": "SecurityAlert" + }, + { + "description": "anomaly", + "value": "Anomaly" + } + ] + } + }, + "EntityTimelineParameters": { + "description": "The parameters required to execute s timeline operation on the given entity.", + "properties": { + "kinds": { + "description": "Array of timeline Item kinds.", + "items": { + "$ref": "#/definitions/EntityTimelineKind" + }, + "type": "array" + }, + "startTime": { + "description": "The start timeline date, so the results returned are after this date.", + "format": "date-time", + "type": "string" + }, + "endTime": { + "description": "The end timeline date, so the results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "numberOfBucket": { + "description": "The number of bucket for timeline queries aggregation.", + "type": "integer", + "format": "int32" + } + }, + "type": "object", + "required": [ + "startTime", + "endTime" + ] + }, + "EntityQueryItem": { + "description": "An abstract Query item for entity", + "type": "object", + "discriminator": "kind", + "properties": { + "id": { + "description": "Query Template ARM ID", + "type": "string", + "readOnly": true + }, + "name": { + "description": "Query Template ARM Name", + "type": "string" + }, + "type": { + "description": "ARM Type", + "type": "string" + }, + "kind": { + "$ref": "./common/EntityTypes.json#/definitions/EntityQueryKind", + "description": "The kind of the entity query" + } + }, + "required": [ + "kind" + ] + }, + "EntityQueryItemProperties": { + "description": "An properties abstract Query item for entity", + "type": "object", + "properties": { + "dataTypes": { + "description": "Data types for template", + "type": "array", + "items": { + "properties": { + "dataType": { + "description": "Data type name", + "type": "string" + } + }, + "type": "object" + }, + "x-ms-identifiers": [] + }, + "inputEntityType": { + "description": "The type of the entity", + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType" + }, + "requiredInputFieldsSets": { + "description": "Data types for template", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object" + } + } + }, + "InsightsTableResult": { + "type": "object", + "description": "Query results for table insights query.", + "properties": { + "columns": { + "type": "array", + "description": "Columns Metadata of the table", + "items": { + "properties": { + "type": { + "type": "string", + "description": "the type of the colum" + }, + "name": { + "type": "string", + "description": "the name of the colum" + } + }, + "type": "object" + }, + "x-ms-identifiers": [] + }, + "rows": { + "type": "array", + "description": "Rows data of the table", + "items": { + "type": "array", + "description": "Single row of data", + "items": { + "type": "string", + "description": "Cell in the table" + } + } + } + } + }, + "InsightQueryItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityQueryItem" + } + ], + "description": "Represents Insight Query.", + "properties": { + "properties": { + "description": "Properties bag for InsightQueryItem", + "$ref": "#/definitions/InsightQueryItemProperties" + } + }, + "type": "object", + "x-ms-discriminator-value": "Insight" + }, + "InsightQueryItemProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityQueryItemProperties" + } + ], + "description": "Represents Insight Query.", + "properties": { + "displayName": { + "type": "string", + "description": "The insight display name." + }, + "description": { + "type": "string", + "description": "The insight description." + }, + "baseQuery": { + "type": "string", + "description": "The base query of the insight." + }, + "tableQuery": { + "type": "object", + "description": "The insight table query.", + "properties": { + "columnsDefinitions": { + "type": "array", + "description": "List of insight column definitions.", + "items": { + "properties": { + "header": { + "type": "string", + "description": "Insight column header." + }, + "outputType": { + "type": "string", + "description": "Insights Column type.", + "enum": [ + "Number", + "String", + "Date", + "Entity" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "outputType" + } + }, + "supportDeepLink": { + "type": "boolean", + "description": "Is query supports deep-link." + } + }, + "type": "object" + }, + "x-ms-identifiers": [] + }, + "queriesDefinitions": { + "type": "array", + "description": "List of insight queries definitions.", + "x-ms-identifiers": [], + "items": { + "properties": { + "filter": { + "type": "string", + "description": "Insight column header." + }, + "summarize": { + "type": "string", + "description": "Insight column header." + }, + "project": { + "type": "string", + "description": "Insight column header." + }, + "linkColumnsDefinitions": { + "type": "array", + "description": "Insight column header.", + "x-ms-identifiers": [], + "items": { + "properties": { + "projectedName": { + "type": "string", + "description": "Insight Link Definition Projected Name." + }, + "Query": { + "type": "string", + "description": "Insight Link Definition Query." + } + }, + "type": "object" + } + } + }, + "type": "object" + } + } + } + }, + "chartQuery": { + "type": "object", + "description": "The insight chart query." + }, + "additionalQuery": { + "type": "object", + "description": "The activity query definitions.", + "properties": { + "query": { + "type": "string", + "description": "The insight query." + }, + "text": { + "type": "string", + "description": "The insight text." + } + } + }, + "defaultTimeRange": { + "type": "object", + "description": "The insight chart query.", + "properties": { + "beforeRange": { + "type": "string", + "description": "The padding for the start time of the query." + }, + "afterRange": { + "type": "string", + "description": "The padding for the end time of the query." + } + } + }, + "referenceTimeRange": { + "type": "object", + "description": "The insight chart query.", + "properties": { + "beforeRange": { + "type": "string", + "description": "Additional query time for looking back." + } + } + } + }, + "type": "object" + }, + "GetInsightsResultsMetadata": { + "description": "Get Insights result metadata.", + "properties": { + "totalCount": { + "description": "the total items found for the insights request", + "type": "integer", + "format": "int32" + }, + "errors": { + "description": "information about the failed queries", + "items": { + "$ref": "#/definitions/GetInsightsErrorKind" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "totalCount" + ], + "type": "object" + }, + "GetInsightsErrorKind": { + "description": "GetInsights Query Errors.", + "properties": { + "kind": { + "description": "the query kind", + "type": "string", + "enum": [ + "Insight" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "GetInsightsError", + "values": [ + { + "value": "Insight" + } + ] + } + }, + "queryId": { + "description": "the query id", + "type": "string" + }, + "errorMessage": { + "description": "the error message", + "type": "string" + } + }, + "required": [ + "kind", + "errorMessage" + ], + "type": "object" + }, + "GetQueriesResponse": { + "description": "Retrieve queries for entity result operation response.", + "properties": { + "value": { + "description": "The query result values.", + "items": { + "$ref": "#/definitions/EntityQueryItem" + }, + "type": "array" + } + }, + "type": "object" + }, + "SecurityAlertTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents security alert timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The alert azure resource id." + }, + "productName": { + "type": "string", + "description": "The alert product name." + }, + "description": { + "type": "string", + "description": "The alert description." + }, + "displayName": { + "type": "string", + "description": "The alert name." + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The alert severity." + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The alert end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The alert start time." + }, + "timeGenerated": { + "format": "date-time", + "type": "string", + "description": "The alert generated time." + }, + "alertType": { + "type": "string", + "description": "The name of the alert type." + }, + "intent": { + "type": "string", + "description": "The intent of the alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "KillChainIntent", + "values": [ + { + "description": "The default value.", + "value": "Unknown" + }, + { + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in.", + "value": "Probing" + }, + { + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage.", + "value": "Exploitation" + }, + { + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access.", + "value": "Persistence" + }, + { + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.", + "value": "PrivilegeEscalation" + }, + { + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ", + "value": "DefenseEvasion" + }, + { + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment.", + "value": "CredentialAccess" + }, + { + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must navigate themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.", + "value": "Discovery" + }, + { + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect.", + "value": "LateralMovement" + }, + { + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network.", + "value": "Execution" + }, + { + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Collection" + }, + { + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Exfiltration" + }, + { + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network.", + "value": "CommandAndControl" + }, + { + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.", + "value": "Impact" + } + ] + } + }, + "techniques": { + "type": "array", + "items": { + "type": "string", + "description": "technique of the alert" + }, + "description": "The techniques of the alert." + } + }, + "required": [ + "azureResourceId", + "displayName", + "severity", + "endTimeUtc", + "startTimeUtc", + "timeGenerated", + "alertType" + ], + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "TimelineError": { + "description": "Timeline Query Errors.", + "properties": { + "kind": { + "description": "the query kind", + "$ref": "#/definitions/EntityTimelineKind" + }, + "queryId": { + "description": "the query id", + "type": "string" + }, + "errorMessage": { + "description": "the error message", + "type": "string" + } + }, + "required": [ + "kind", + "errorMessage" + ], + "type": "object" + }, + "TimelineResultsMetadata": { + "description": "Expansion result metadata.", + "properties": { + "totalCount": { + "description": "the total items found for the timeline request", + "type": "integer", + "format": "int32" + }, + "aggregations": { + "description": "timeline aggregation per kind", + "items": { + "$ref": "#/definitions/TimelineAggregation" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "errors": { + "description": "information about the failure queries", + "items": { + "$ref": "#/definitions/TimelineError" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "totalCount", + "aggregations" + ], + "type": "object" + }, + "TimelineAggregation": { + "description": "timeline aggregation information per kind", + "properties": { + "count": { + "description": "the total items found for a kind", + "type": "integer", + "format": "int32" + }, + "kind": { + "description": "the query kind", + "$ref": "#/definitions/EntityTimelineKind" + } + }, + "required": [ + "kind", + "count" + ], + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueries.json new file mode 100644 index 000000000000..0af3d5760fc8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueries.json @@ -0,0 +1,507 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries": { + "get": { + "x-ms-examples": { + "Get all entity queries.": { + "$ref": "./examples/entityQueries/GetEntityQueries.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets all entity queries.", + "operationId": "EntityQueries_List", + "parameters": [ + { + "$ref": "#/parameters/EntityQueryKind" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}": { + "get": { + "x-ms-examples": { + "Get an Expansion entity query.": { + "$ref": "./examples/entityQueries/GetExpansionEntityQueryById.json" + }, + "Get an Activity entity query.": { + "$ref": "./examples/entityQueries/GetActivityEntityQueryById.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets an entity query.", + "operationId": "EntityQueries_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Activity entity query.": { + "$ref": "./examples/entityQueries/CreateEntityQueryActivity.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Creates or updates the entity query.", + "operationId": "EntityQueries_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + }, + { + "$ref": "#/parameters/CustomEntityQuery" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an entity query.": { + "$ref": "./examples/entityQueries/DeleteEntityQuery.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Delete the entity query.", + "operationId": "EntityQueries_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "CustomEntityQueryKind": { + "description": "The kind of the entity query that supports put request.", + "enum": [ + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CustomEntityQueryKind", + "values": [ + { + "value": "Activity" + } + ] + } + }, + "EntityQueryList": { + "description": "List of all the entity queries.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entity queries.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entity queries.", + "items": { + "$ref": "#/definitions/EntityQuery" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "EntityQuery": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Specific entity query.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "./common/EntityTypes.json#/definitions/EntityQueryKind", + "description": "the entity query kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "CustomEntityQuery": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Specific entity query that supports put requests.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "#/definitions/CustomEntityQueryKind", + "description": "the entity query kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "ExpansionEntityQuery": { + "description": "Represents Expansion entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ExpansionEntityQueriesProperties", + "description": "Expansion entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Expansion" + }, + "ExpansionEntityQueriesProperties": { + "description": "Describes expansion entity query properties", + "properties": { + "dataSources": { + "description": "List of the data sources that are required to run the query", + "items": { + "description": "data source", + "type": "string" + }, + "type": "array" + }, + "displayName": { + "description": "The query display name", + "type": "string" + }, + "inputEntityType": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "inputFields": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "input field", + "type": "string" + }, + "type": "array" + }, + "outputEntityTypes": { + "description": "List of the desired output types to be constructed from the result", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "output entity type" + }, + "type": "array" + }, + "queryTemplate": { + "description": "The template query string to be parsed and formatted", + "type": "string" + } + }, + "type": "object" + }, + "ActivityEntityQuery": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueriesProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityCustomEntityQuery": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/CustomEntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueriesProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityEntityQueriesProperties": { + "description": "Describes activity entity query properties", + "properties": { + "title": { + "description": "The entity query title", + "type": "string" + }, + "content": { + "description": "The entity query content to display in timeline", + "type": "string" + }, + "description": { + "description": "The entity query description", + "type": "string" + }, + "queryDefinitions": { + "description": "The Activity query definitions", + "properties": { + "query": { + "description": "The Activity query to run on a given entity", + "type": "string" + } + }, + "type": "object" + }, + "inputEntityType": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "requiredInputFieldsSets": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "Sub sets of the field of the source entity that are required to run the query", + "items": { + "description": "Required input field name", + "type": "string" + }, + "type": "array" + }, + "type": "array" + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object", + "additionalProperties": { + "description": "Filter field name", + "items": { + "description": "Filter field values", + "type": "string" + }, + "type": "array" + } + }, + "templateName": { + "description": "The template id this activity was created from", + "type": "string" + }, + "enabled": { + "description": "Determines whether this activity is enabled or disabled.", + "type": "boolean" + }, + "createdTimeUtc": { + "description": "The time the activity was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The last time the activity was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": { + "EntityQueryId": { + "description": "entity query ID", + "in": "path", + "name": "entityQueryId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityQueryKind": { + "description": "The entity query kind we want to fetch", + "in": "query", + "name": "kind", + "required": false, + "enum": [ + "Expansion", + "Activity" + ], + "type": "string", + "x-ms-parameter-location": "method" + }, + "CustomEntityQuery": { + "description": "The entity query we want to create or update", + "in": "body", + "name": "entityQuery", + "required": true, + "schema": { + "$ref": "#/definitions/CustomEntityQuery" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueryTemplates.json new file mode 100644 index 000000000000..2f9e51947faa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueryTemplates.json @@ -0,0 +1,304 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates": { + "get": { + "x-ms-examples": { + "Get all entity query templates.": { + "$ref": "./examples/entityQueryTemplates/GetEntityQueryTemplates.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets all entity query templates.", + "operationId": "EntityQueryTemplates_List", + "parameters": [ + { + "$ref": "#/parameters/EntityQueryTemplateKind" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryTemplateList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}": { + "get": { + "x-ms-examples": { + "Get an Activity entity query template.": { + "$ref": "./examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets an entity query.", + "operationId": "EntityQueryTemplates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryTemplateId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryTemplate" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "EntityQueryTemplateKind": { + "description": "The kind of the entity query template.", + "enum": [ + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityQueryTemplateKind", + "values": [ + { + "value": "Activity" + } + ] + } + }, + "EntityQueryTemplateList": { + "description": "List of all the entity query templates.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entity query templates.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entity query templates.", + "items": { + "$ref": "#/definitions/EntityQueryTemplate" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "EntityQueryTemplate": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Specific entity query template.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "#/definitions/EntityQueryTemplateKind", + "description": "the entity query template kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "ActivityEntityQueryTemplate": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQueryTemplate" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueryTemplateProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityEntityQueryTemplateProperties": { + "description": "Describes activity entity query properties", + "properties": { + "title": { + "description": "The entity query title", + "type": "string" + }, + "content": { + "description": "The entity query content to display in timeline", + "type": "string" + }, + "description": { + "description": "The entity query description", + "type": "string" + }, + "queryDefinitions": { + "description": "The Activity query definitions", + "properties": { + "query": { + "description": "The Activity query to run on a given entity", + "type": "string" + }, + "summarizeBy": { + "description": "The dimensions we want to summarize the timeline results on, this is comma separated list", + "type": "string" + } + }, + "type": "object" + }, + "dataTypes": { + "description": "List of required data types for the given entity query template", + "items": { + "$ref": "#/definitions/DataTypeDefinitions" + }, + "type": "array" + }, + "inputEntityType": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "requiredInputFieldsSets": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "Sub sets of the field of the source entity that are required to run the query", + "items": { + "description": "Required input field name", + "type": "string" + }, + "type": "array" + }, + "type": "array" + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object", + "additionalProperties": { + "description": "Filter field name", + "items": { + "description": "Filter field values", + "type": "string" + }, + "type": "array" + } + } + }, + "type": "object" + }, + "DataTypeDefinitions": { + "description": "The data type definition", + "properties": { + "dataType": { + "description": "The data type name", + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": { + "EntityQueryTemplateId": { + "description": "entity query template ID", + "in": "path", + "name": "entityQueryTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityQueryTemplateKind": { + "description": "The entity template query kind we want to fetch", + "in": "query", + "name": "kind", + "required": false, + "enum": [ + "Activity" + ], + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/FileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/FileImports.json new file mode 100644 index 000000000000..2a970b073439 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/FileImports.json @@ -0,0 +1,564 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports": { + "get": { + "x-ms-examples": { + "Get all file imports.": { + "$ref": "./examples/fileImports/GetFileImports.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Gets all file imports.", + "operationId": "FileImports_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/FileImportList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}": { + "get": { + "x-ms-examples": { + "Get a file import.": { + "$ref": "./examples/fileImports/GetFileImportById.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Gets a file import.", + "operationId": "FileImports_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create a file import.": { + "$ref": "./examples/fileImports/CreateFileImport.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Creates the file import.", + "operationId": "FileImports_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + }, + { + "$ref": "#/parameters/FileImport" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a file import.": { + "$ref": "./examples/fileImports/DeleteFileImport.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Delete the file import.", + "operationId": "FileImports_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + } + ], + "responses": { + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + } + } + } + }, + "definitions": { + "FileMetadata": { + "description": "Represents a file.", + "properties": { + "fileFormat": { + "description": "The format of the file", + "enum": [ + "CSV", + "JSON", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "fileFormat", + "values": [ + { + "description": "A CSV file.", + "value": "CSV" + }, + { + "description": "A JSON file.", + "value": "JSON" + }, + { + "description": "A file of other format.", + "value": "Unspecified" + } + ] + } + }, + "fileName": { + "description": "The name of the file.", + "type": "string" + }, + "fileSize": { + "description": "The size of the file.", + "format": "int32", + "type": "integer" + }, + "fileContentUri": { + "description": "A URI with a valid SAS token to allow uploading / downloading the file.", + "type": "string", + "readOnly": true + }, + "deleteStatus": { + "description": "Indicates whether the file was deleted from the storage account.", + "enum": [ + "Deleted", + "NotDeleted", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeleteStatus", + "values": [ + { + "description": "The file was deleted.", + "value": "Deleted" + }, + { + "description": "The file was not deleted.", + "value": "NotDeleted" + }, + { + "description": "Unspecified", + "value": "Unspecified" + } + ] + }, + "readOnly": true + } + }, + "type": "object" + }, + "FileImport": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Represents a file import in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/FileImportProperties", + "description": "File import properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "FileImportList": { + "description": "List all the file imports.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of file imports.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of file imports.", + "items": { + "$ref": "#/definitions/FileImport" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "FileImportProperties": { + "description": "Describes the FileImport's properties", + "properties": { + "ingestionMode": { + "description": "Describes how to ingest the records in the file.", + "enum": [ + "IngestOnlyIfAllAreValid", + "IngestAnyValidRecords", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IngestionMode", + "values": [ + { + "description": "No records should be ingested when invalid records are detected.", + "value": "IngestOnlyIfAllAreValid" + }, + { + "description": "Valid records should still be ingested when invalid records are detected.", + "value": "IngestAnyValidRecords" + }, + { + "description": "Unspecified", + "value": "Unspecified" + } + ] + } + }, + "contentType": { + "description": "The content type of this file.", + "enum": [ + "BasicIndicator", + "StixIndicator", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileImportContentType", + "values": [ + { + "description": "File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern.", + "value": "BasicIndicator" + }, + { + "description": "File containing STIX indicators.", + "value": "StixIndicator" + }, + { + "description": "File containing other records.", + "value": "Unspecified" + } + ] + } + }, + "createdTimeUTC": { + "description": "The time the file was imported.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "errorFile": { + "description": "Represents the error file (if the import was ingested with errors or failed the validation).", + "$ref": "#/definitions/FileMetadata", + "readOnly": true, + "type": "object" + }, + "errorsPreview": { + "description": "An ordered list of some of the errors that were encountered during validation.", + "items": { + "description": "An error that were encountered during validation.", + "$ref": "#/definitions/ValidationError" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "importFile": { + "description": "Represents the imported file.", + "$ref": "#/definitions/FileMetadata", + "type": "object" + }, + "ingestedRecordCount": { + "description": "The number of records that have been successfully ingested.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "source": { + "description": "The source for the data in the file.", + "type": "string" + }, + "state": { + "description": "The state of the file import.", + "enum": [ + "FatalError", + "Ingested", + "IngestedWithErrors", + "InProgress", + "Invalid", + "WaitingForUpload", + "Unspecified" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileImportState", + "values": [ + { + "description": "A fatal error has occurred while ingesting the file.", + "value": "FatalError" + }, + { + "description": "The file has been ingested.", + "value": "Ingested" + }, + { + "description": "The file has been ingested with errors.", + "value": "IngestedWithErrors" + }, + { + "description": "The file ingestion is in progress.", + "value": "InProgress" + }, + { + "description": "The file is invalid.", + "value": "Invalid" + }, + { + "description": "Waiting for the file to be uploaded.", + "value": "WaitingForUpload" + }, + { + "description": "Unspecified state.", + "value": "Unspecified" + } + ] + } + }, + "totalRecordCount": { + "description": "The number of records in the file.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "validRecordCount": { + "description": "The number of records that have passed validation.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "filesValidUntilTimeUTC": { + "description": "The time the files associated with this import are deleted from the storage account.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "importValidUntilTimeUTC": { + "description": "The time the file import record is soft deleted from the database and history.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "ingestionMode", + "contentType", + "importFile", + "source" + ], + "type": "object" + }, + "ValidationError": { + "description": "Describes an error encountered in the file during validation.", + "properties": { + "recordIndex": { + "description": "The number of the record that has the error.", + "type": "integer", + "format": "int32" + }, + "errorMessages": { + "description": "A list of descriptions of the error.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + } + }, + "parameters": { + "FileImportId": { + "description": "File import ID", + "in": "path", + "name": "fileImportId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "FileImport": { + "description": "The file import", + "in": "body", + "name": "fileImport", + "required": true, + "schema": { + "$ref": "#/definitions/FileImport" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Hunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Hunts.json new file mode 100644 index 000000000000..56c25483a2fe --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Hunts.json @@ -0,0 +1,994 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts": { + "get": { + "x-ms-examples": { + "Get all hunts.": { + "$ref": "./examples/hunts/GetHunts.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Gets all hunts, without relations and comments.", + "operationId": "Hunts_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}": { + "get": { + "x-ms-examples": { + "Get a hunt.": { + "$ref": "./examples/hunts/GetHuntById.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Gets a hunt, without relations and comments.", + "operationId": "Hunts_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt.": { + "$ref": "./examples/hunts/DeleteHunt.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Delete a hunt.", + "operationId": "Hunts_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt.": { + "$ref": "./examples/hunts/CreateHunt.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Create or update a hunt", + "operationId": "Hunts_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/Hunt" + } + ], + "responses": { + "200": { + "description": "Create or update the Hunt", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations": { + "get": { + "x-ms-examples": { + "Get all hunt relations.": { + "$ref": "./examples/hunts/GetHuntRelations.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Gets all hunt relations", + "operationId": "HuntRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntRelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}": { + "get": { + "x-ms-examples": { + "Get a hunt relation.": { + "$ref": "./examples/hunts/GetHuntRelationById.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Gets a hunt relation", + "operationId": "HuntRelations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt relation.": { + "$ref": "./examples/hunts/DeleteHuntRelation.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Delete a hunt relation.", + "operationId": "HuntRelations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt relation.": { + "$ref": "./examples/hunts/CreateHuntRelation.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Creates or updates a hunt relation.", + "operationId": "HuntRelations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + }, + { + "$ref": "#/parameters/HuntRelation" + } + ], + "responses": { + "200": { + "description": "Create or update the hunt relation", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments": { + "get": { + "x-ms-examples": { + "Get all hunt comments.": { + "$ref": "./examples/hunts/GetHuntComments.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Gets all hunt comments", + "operationId": "HuntComments_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}": { + "get": { + "x-ms-examples": { + "Get a hunt comment.": { + "$ref": "./examples/hunts/GetHuntCommentById.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Gets a hunt comment", + "operationId": "HuntComments_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt comment.": { + "$ref": "./examples/hunts/DeleteHuntComment.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Delete a hunt comment.", + "operationId": "HuntComments_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt comment.": { + "$ref": "./examples/hunts/CreateHuntComment.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Creates or updates a hunt relation.", + "operationId": "HuntComments_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + }, + { + "$ref": "#/parameters/HuntComment" + } + ], + "responses": { + "200": { + "description": "Create or update the hunt comment", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "HuntList": { + "description": "List all the hunts.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunts.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunts.", + "items": { + "$ref": "#/definitions/Hunt" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Hunt": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntProperties", + "description": "Hunt properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntProperties": { + "description": "Describes hunt properties", + "properties": { + "displayName": { + "description": "The display name of the hunt", + "type": "string" + }, + "description": { + "description": "The description of the hunt", + "type": "string" + }, + "status": { + "description": "The status of the hunt.", + "enum": [ + "New", + "Active", + "Closed", + "Backlog", + "Approved" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "status" + }, + "default": "New" + }, + "hypothesisStatus": { + "description": "The hypothesis status of the hunt.", + "enum": [ + "Unknown", + "Invalidated", + "Validated" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "hypothesisStatus" + }, + "default": "Unknown" + }, + "attackTactics": { + "description": "A list of mitre attack tactics the hunt is associated with", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "attackTechniques": { + "description": "A list of a mitre attack techniques the hunt is associated with", + "items": { + "description": "Attack Technique", + "type": "string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels relevant to this hunt ", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + }, + "owner": { + "$ref": "#/definitions/HuntOwner" + } + }, + "required": [ + "displayName", + "description" + ], + "type": "object" + }, + "HuntRelationList": { + "description": "List of all the hunt relations", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunt relations.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunt relations", + "items": { + "$ref": "#/definitions/HuntRelation" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "HuntRelation": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt Relation in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntRelationProperties", + "description": "Hunt Relation properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntRelationProperties": { + "description": "Describes hunt relation properties", + "properties": { + "relatedResourceId": { + "description": "The id of the related resource", + "type": "string" + }, + "relatedResourceName": { + "description": "The name of the related resource", + "type": "string", + "readOnly": true + }, + "relationType": { + "description": "The type of the hunt relation", + "type": "string", + "readOnly": true + }, + "relatedResourceKind": { + "description": "The resource that the relation is related to", + "type": "string", + "readOnly": true + }, + "labels": { + "description": "List of labels relevant to this hunt", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + } + }, + "required": [ + "relatedResourceId" + ], + "type": "object" + }, + "HuntCommentList": { + "description": "List of all hunt comments", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunt comments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunt comments", + "items": { + "$ref": "#/definitions/HuntComment" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "HuntComment": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt Comment in Azure Security Insights", + "properties": { + "properties": { + "$ref": "#/definitions/HuntCommentProperties", + "description": "Hunt Comment properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntCommentProperties": { + "description": "Describes a hunt comment properties", + "properties": { + "message": { + "description": "The message for the comment", + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "HuntOwner": { + "description": "Describes a user that the hunt is assigned to", + "type": "object", + "properties": { + "email": { + "description": "The email of the user the hunt is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the hunt is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the hunt is assigned to.", + "format": "uuid", + "type": "string", + "x-nullable": true + }, + "userPrincipalName": { + "description": "The user principal name of the user the hunt is assigned to.", + "type": "string" + }, + "ownerType": { + "description": "The type of the owner the hunt is assigned to.", + "type": "string", + "enum": [ + "Unknown", + "User", + "Group" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "OwnerType", + "values": [ + { + "description": "The hunt owner type is unknown", + "value": "Unknown" + }, + { + "description": "The hunt owner type is an AAD user", + "value": "User" + }, + { + "description": "The hunt owner type is an AAD group", + "value": "Group" + } + ] + } + } + } + } + }, + "parameters": { + "Hunt": { + "description": "The hunt", + "name": "hunt", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/Hunt" + }, + "x-ms-parameter-location": "method" + }, + "HuntId": { + "description": "The hunt id (GUID)", + "in": "path", + "name": "huntId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "HuntRelation": { + "description": "The hunt relation", + "in": "body", + "name": "huntRelation", + "required": true, + "schema": { + "$ref": "#/definitions/HuntRelation" + }, + "x-ms-parameter-location": "method" + }, + "HuntRelationId": { + "description": "The hunt relation id (GUID)", + "in": "path", + "name": "huntRelationId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "HuntComment": { + "description": "The hunt comment", + "in": "body", + "name": "huntComment", + "required": true, + "schema": { + "$ref": "#/definitions/HuntComment" + }, + "x-ms-parameter-location": "method" + }, + "HuntCommentId": { + "description": "The hunt comment id (GUID)", + "in": "path", + "name": "huntCommentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Incidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Incidents.json new file mode 100644 index 000000000000..85fdc88aae83 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Incidents.json @@ -0,0 +1,1658 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { + "get": { + "tags": [ + "Incidents" + ], + "description": "Gets all incidents.", + "operationId": "Incidents_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "Incidents_List": { + "$ref": "./examples/incidents/Incidents_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}": { + "get": { + "tags": [ + "Incidents" + ], + "description": "Gets an incident.", + "operationId": "Incidents_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_Get": { + "$ref": "./examples/incidents/Incidents_Get.json" + } + } + }, + "put": { + "tags": [ + "Incidents" + ], + "description": "Creates or updates the incident.", + "operationId": "Incidents_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/Incident" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_CreateOrUpdate": { + "$ref": "./examples/incidents/Incidents_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "Incidents" + ], + "description": "Delete the incident.", + "operationId": "Incidents_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_Delete": { + "$ref": "./examples/incidents/Incidents_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam": { + "post": { + "tags": [ + "IncidentTeam" + ], + "description": "Creates a Microsoft team to investigate the incident by sharing information and insights between participants.", + "operationId": "Incidents_CreateTeam", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/TeamProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TeamInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_CreateTeam": { + "$ref": "./examples/incidents/IncidentTeam/Incidents_CreateTeam.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts": { + "post": { + "tags": [ + "IncidentAlerts" + ], + "description": "Gets all incident alerts.", + "operationId": "Incidents_ListAlerts", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentAlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListAlerts": { + "$ref": "./examples/incidents/IncidentAlerts/Incidents_ListAlerts.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks": { + "post": { + "tags": [ + "IncidentBookmarks" + ], + "description": "Gets all incident bookmarks.", + "operationId": "Incidents_ListBookmarks", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentBookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListBookmarks": { + "$ref": "./examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments": { + "get": { + "tags": [ + "IncidentComments" + ], + "description": "Gets all incident comments.", + "operationId": "IncidentComments_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "IncidentComments_List": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}": { + "get": { + "tags": [ + "IncidentComments" + ], + "description": "Gets an incident comment.", + "operationId": "IncidentComments_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_Get": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_Get.json" + } + } + }, + "put": { + "tags": [ + "IncidentComments" + ], + "description": "Creates or updates the incident comment.", + "operationId": "IncidentComments_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + }, + { + "$ref": "#/parameters/IncidentComment" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_CreateOrUpdate": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "IncidentComments" + ], + "description": "Delete the incident comment.", + "operationId": "IncidentComments_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_Delete": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities": { + "post": { + "tags": [ + "IncidentEntities" + ], + "description": "Gets all incident related entities.", + "operationId": "Incidents_ListEntities", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentEntitiesResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListEntities": { + "$ref": "./examples/incidents/IncidentEntities/Incidents_ListEntities.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations": { + "get": { + "x-ms-examples": { + "Get all incident relations.": { + "$ref": "./examples/incidents/relations/GetAllIncidentRelations.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets all incident relations.", + "operationId": "IncidentRelations_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "./common/RelationTypes.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get an incident relation.": { + "$ref": "./examples/incidents/relations/GetIncidentRelationByName.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets an incident relation.", + "operationId": "IncidentRelations_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident relation.": { + "$ref": "./examples/incidents/relations/CreateIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Creates or updates the incident relation.", + "operationId": "IncidentRelations_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/Relation" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the incident relation.": { + "$ref": "./examples/incidents/relations/DeleteIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Delete the incident relation.", + "operationId": "IncidentRelations_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks": { + "get": { + "tags": [ + "IncidentTasks" + ], + "description": "Gets all incident tasks.", + "operationId": "IncidentTasks_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentTaskList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "IncidentTasks_List": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}": { + "get": { + "tags": [ + "IncidentTasks" + ], + "description": "Gets an incident task.", + "operationId": "IncidentTasks_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentTaskId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_Get": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_Get.json" + } + } + }, + "put": { + "tags": [ + "IncidentTasks" + ], + "description": "Creates or updates the incident task.", + "operationId": "IncidentTasks_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentTaskId" + }, + { + "$ref": "#/parameters/IncidentTask" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_CreateOrUpdate": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "IncidentTasks" + ], + "description": "Delete the incident task.", + "operationId": "IncidentTasks_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentTaskId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_Delete": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_Delete.json" + } + } + } + } + }, + "definitions": { + "Incident": { + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/IncidentProperties", + "x-ms-client-flatten": true + } + } + }, + "IncidentAdditionalData": { + "description": "Incident additional data property bag.", + "type": "object", + "properties": { + "alertsCount": { + "format": "int32", + "description": "The number of alerts in the incident", + "type": "integer", + "readOnly": true + }, + "bookmarksCount": { + "format": "int32", + "description": "The number of bookmarks in the incident", + "type": "integer", + "readOnly": true + }, + "commentsCount": { + "format": "int32", + "description": "The number of comments in the incident", + "type": "integer", + "readOnly": true + }, + "alertProductNames": { + "description": "List of product names of alerts in the incident", + "type": "array", + "items": { + "description": "Alert product name", + "type": "string" + }, + "readOnly": true + }, + "tactics": { + "description": "The tactics associated with incident", + "type": "array", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true + }, + "techniques": { + "description": "The techniques associated with incident's tactics", + "type": "array", + "items": { + "type": "string" + }, + "readOnly": true + }, + "providerIncidentUrl": { + "description": "The provider incident url to the incident in Microsoft 365 Defender portal", + "type": "string", + "readOnly": true + } + } + }, + "IncidentAlertList": { + "description": "List of incident alerts.", + "type": "object", + "properties": { + "value": { + "description": "Array of incident alerts.", + "type": "array", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/SecurityAlert" + } + } + }, + "required": [ + "value" + ] + }, + "IncidentBookmarkList": { + "description": "List of incident bookmarks.", + "type": "object", + "properties": { + "value": { + "description": "Array of incident bookmarks.", + "type": "array", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/HuntingBookmark" + } + } + }, + "required": [ + "value" + ] + }, + "IncidentComment": { + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an incident comment", + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/IncidentCommentProperties", + "description": "Incident comment properties", + "x-ms-client-flatten": true + } + } + }, + "IncidentCommentList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentComment" + } + }, + "nextLink": { + "type": "string", + "readOnly": true + } + }, + "required": [ + "value" + ] + }, + "IncidentCommentProperties": { + "description": "Incident comment property bag.", + "required": [ + "message" + ], + "type": "object", + "properties": { + "message": { + "description": "The comment message", + "type": "string" + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the comment was created", + "type": "string", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The time the comment was updated", + "type": "string", + "readOnly": true + }, + "author": { + "type": "object", + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo", + "description": "Describes the client that created the comment", + "readOnly": true + } + } + }, + "IncidentEntitiesResponse": { + "description": "The incident related entities response.", + "type": "object", + "properties": { + "entities": { + "description": "Array of the incident related entities.", + "type": "array", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + } + }, + "metaData": { + "description": "The metadata from the incident related entities results.", + "type": "array", + "items": { + "$ref": "#/definitions/IncidentEntitiesResultsMetadata" + } + } + } + }, + "IncidentEntitiesResultsMetadata": { + "description": "Information of a specific aggregation in the incident related entities result.", + "required": [ + "count", + "entityKind" + ], + "type": "object", + "properties": { + "entityKind": { + "description": "The kind of the aggregated entity.", + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerKind" + }, + "count": { + "format": "int32", + "description": "Total number of aggregations of the given kind in the incident related entities result.", + "type": "integer" + } + } + }, + "IncidentList": { + "required": [ + "value" + ], + "description": "List all the incidents.", + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/Incident" + } + }, + "nextLink": { + "description": "URL to fetch the next set of incidents.", + "type": "string", + "readOnly": true + } + } + }, + "IncidentProperties": { + "required": [ + "severity", + "status", + "title" + ], + "type": "object", + "properties": { + "title": { + "description": "The title of the incident", + "type": "string" + }, + "description": { + "description": "The description of the incident", + "type": "string" + }, + "severity": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" + }, + "status": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum" + }, + "classification": { + "description": "The reason the incident was closed", + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum" + }, + "classificationReason": { + "description": "The classification reason the incident was closed with", + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" + }, + "classificationComment": { + "description": "Describes the reason the incident was closed", + "type": "string" + }, + "owner": { + "type": "object", + "description": "Describes a user that the incident is assigned to", + "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo" + }, + "labels": { + "description": "List of labels relevant to this incident", + "type": "array", + "items": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" + } + }, + "firstActivityTimeUtc": { + "format": "date-time", + "description": "The time of the first activity in the incident", + "type": "string" + }, + "lastActivityTimeUtc": { + "format": "date-time", + "description": "The time of the last activity in the incident", + "type": "string" + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The last time the incident was updated", + "type": "string", + "readOnly": true + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the incident was created", + "type": "string", + "readOnly": true + }, + "incidentNumber": { + "format": "int32", + "description": "A sequential number", + "type": "integer", + "readOnly": true + }, + "additionalData": { + "$ref": "#/definitions/IncidentAdditionalData", + "description": "Additional data on the incident", + "readOnly": true, + "type": "object" + }, + "relatedAnalyticRuleIds": { + "description": "List of resource ids of Analytic rules related to the incident", + "type": "array", + "items": { + "description": "Related Analytic rule resource id", + "type": "string" + }, + "readOnly": true + }, + "incidentUrl": { + "description": "The deep-link url to the incident in Azure portal", + "type": "string", + "readOnly": true + }, + "providerName": { + "description": "The name of the source provider that generated the incident", + "type": "string", + "readOnly": true + }, + "providerIncidentId": { + "description": "The incident ID assigned by the incident provider", + "type": "string", + "readOnly": true + }, + "teamInformation": { + "$ref": "#/definitions/TeamInformation", + "description": "Describes a team for the incident", + "type": "object" + } + } + }, + "IncidentTask": { + "required": [ + "properties" + ], + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/IncidentTaskProperties", + "x-ms-client-flatten": true + } + } + }, + "IncidentTaskList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentTask" + } + }, + "nextLink": { + "type": "string" + } + } + }, + "IncidentTaskProperties": { + "required": [ + "status", + "title" + ], + "type": "object", + "properties": { + "title": { + "description": "The title of the task", + "type": "string" + }, + "description": { + "description": "The description of the task", + "type": "string" + }, + "status": { + "$ref": "#/definitions/IncidentTaskStatus" + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the task was created", + "type": "string", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The last time the task was updated", + "type": "string", + "readOnly": true + }, + "createdBy": { + "type": "object", + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + }, + "lastModifiedBy": { + "type": "object", + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + } + } + }, + "IncidentTaskStatus": { + "enum": [ + "New", + "Completed" + ], + "type": "string", + "example": "New", + "x-ms-enum": { + "name": "IncidentTaskStatus", + "modelAsString": true, + "values": [ + { + "value": "New", + "description": "A new task" + }, + { + "value": "Completed", + "description": "A completed task" + } + ] + } + }, + "TeamInformation": { + "description": "Describes team information", + "type": "object", + "properties": { + "teamId": { + "description": "Team ID", + "type": "string", + "readOnly": true + }, + "primaryChannelUrl": { + "description": "The primary channel URL of the team", + "type": "string", + "readOnly": true + }, + "teamCreationTimeUtc": { + "format": "date-time", + "description": "The time the team was created", + "type": "string", + "readOnly": true + }, + "name": { + "description": "The name of the team", + "type": "string", + "readOnly": true + }, + "description": { + "description": "The description of the team", + "type": "string", + "readOnly": true + } + } + }, + "TeamProperties": { + "description": "Describes team properties", + "required": [ + "teamName" + ], + "type": "object", + "properties": { + "teamName": { + "description": "The name of the team", + "type": "string" + }, + "teamDescription": { + "description": "The description of the team", + "type": "string" + }, + "groupIds": { + "description": "List of group IDs to add their members to the team", + "type": "array", + "items": { + "format": "uuid", + "type": "string" + } + }, + "memberIds": { + "description": "List of member IDs to add to the team", + "type": "array", + "items": { + "format": "uuid", + "type": "string" + } + } + } + } + }, + "parameters": { + "Incident": { + "name": "incident", + "description": "The incident", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "IncidentId": { + "in": "path", + "name": "incidentId", + "description": "Incident ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + }, + "IncidentComment": { + "name": "incidentComment", + "description": "The incident comment", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "IncidentCommentId": { + "in": "path", + "name": "incidentCommentId", + "description": "Incident comment ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + }, + "TeamProperties": { + "name": "teamProperties", + "description": "Team properties", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/TeamInformation" + } + }, + "IncidentTask": { + "name": "incidentTask", + "description": "The incident task", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "IncidentTaskId": { + "in": "path", + "name": "incidentTaskId", + "description": "Incident task ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Metadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Metadata.json new file mode 100644 index 000000000000..104c95c2f64f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Metadata.json @@ -0,0 +1,774 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata": { + "get": { + "x-ms-examples": { + "Get all metadata.": { + "$ref": "./examples/metadata/GetAllMetadata.json" + }, + "Get all metadata with OData filter/orderby/skip/top": { + "$ref": "./examples/metadata/GetAllMetadataOData.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "List of all metadata", + "operationId": "Metadata_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkip" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}": { + "get": { + "x-ms-examples": { + "Get single metadata by name": { + "$ref": "./examples/metadata/GetMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Get a Metadata.", + "operationId": "Metadata_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/metadata/DeleteMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Delete a Metadata.", + "operationId": "Metadata_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create/update full metadata.": { + "$ref": "./examples/metadata/PutMetadata.json" + }, + "Create/update minimal metadata.": { + "$ref": "./examples/metadata/PutMetadataMinimal.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Create a Metadata.", + "operationId": "Metadata_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + }, + { + "$ref": "#/parameters/Metadata" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Update metadata.": { + "$ref": "./examples/metadata/PatchMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Update an existing Metadata.", + "operationId": "Metadata_Update", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + }, + { + "$ref": "#/parameters/MetadataPatch" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "MetadataList": { + "description": "List of all the metadata.", + "type": "object", + "properties": { + "value": { + "description": "Array of metadata.", + "items": { + "$ref": "#/definitions/MetadataModel" + }, + "type": "array" + }, + "nextLink": { + "description": "URL to fetch the next page of metadata.", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "MetadataModel": { + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Metadata resource definition.", + "properties": { + "properties": { + "$ref": "#/definitions/metadataProperties", + "description": "Metadata properties", + "x-ms-client-flatten": true + } + } + }, + "metadataPatch": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Metadata patch request body.", + "type": "object", + "properties": { + "properties": { + "$ref": "#/definitions/metadataPropertiesPatch", + "description": "Metadata patch request body", + "x-ms-client-flatten": true + } + } + }, + "metadataContentId": { + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a template, both will have the same contentId.", + "type": "string" + }, + "metadataParentId": { + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)", + "type": "string" + }, + "metadataVersion": { + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks", + "type": "string" + }, + "metadataKind": { + "type": "string", + "description": "The kind of content the metadata is for." + }, + "metadataSource": { + "description": "The original source of the content item, where it comes from.", + "type": "object", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "Source type of the content", + "type": "string", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "sourceKind", + "values": [ + { + "value": "LocalWorkspace" + }, + { + "value": "Community" + }, + { + "value": "Solution" + }, + { + "value": "SourceRepository" + } + ] + } + }, + "name": { + "description": "Name of the content source. The repo name, solution name, LA workspace name etc.", + "type": "string" + }, + "sourceId": { + "description": "ID of the content source. The solution ID, workspace ID, etc", + "type": "string" + } + } + }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "description": "Name of the author. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of author contact", + "type": "string" + }, + "link": { + "description": "Link for author/vendor page", + "type": "string" + } + } + }, + "metadataSupport": { + "type": "object", + "description": "Support information for the content item.", + "required": [ + "tier" + ], + "properties": { + "tier": { + "description": "Type of support for content item", + "type": "string", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "supportTier", + "values": [ + { + "value": "Microsoft" + }, + { + "value": "Partner" + }, + { + "value": "Community" + } + ] + } + }, + "name": { + "description": "Name of the support contact. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of support contact", + "type": "string" + }, + "link": { + "description": "Link for support help, like to support page to open a ticket etc.", + "type": "string" + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "description": "domain for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "verticals": { + "description": "Industry verticals for the solution content item", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "str1", + "str2", + "str3" + ] + } + } + }, + "metadataProviders": { + "description": "Providers for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "description": "first publish date of solution content item", + "type": "string", + "format": "date" + }, + "lastPublishDate": { + "description": "last publish date of solution content item", + "type": "string", + "format": "date" + }, + "metadataCustomVersion": { + "description": "The custom version of the content. A optional free text", + "type": "string" + }, + "metadataContentSchemaVersion": { + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version", + "type": "string" + }, + "metadataIcon": { + "description": "the icon identifier. this id can later be fetched from the solution template", + "type": "string" + }, + "metadataThreatAnalysisTactics": { + "description": "the tactics the resource covers", + "type": "array", + "example": [ + "reconnaissance", + "exfiltration" + ], + "items": { + "type": "string" + } + }, + "metadataThreatAnalysisTechniques": { + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "type": "array", + "example": [ + "T1548", + "T1548.001", + "T1134.003" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImages": { + "description": "preview image file names. These will be taken from the solution artifacts", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImagesDark": { + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataProperties": { + "description": "Metadata property bag.", + "required": [ + "parentId", + "kind" + ], + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "parentId": { + "$ref": "#/definitions/metadataParentId", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the solution content item" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the solution content item" + }, + "firstPublishDate": { + "$ref": "#/definitions/firstPublishDate", + "description": "first publish date solution content item" + }, + "lastPublishDate": { + "$ref": "#/definitions/lastPublishDate", + "description": "last publish date for the solution content item" + }, + "customVersion": { + "$ref": "#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the solution template" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + } + } + }, + "metadataPropertiesPatch": { + "description": "Metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required", + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "parentId": { + "$ref": "#/definitions/metadataParentId", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the solution content item" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the solution content item" + }, + "firstPublishDate": { + "$ref": "#/definitions/firstPublishDate", + "description": "first publish date solution content item" + }, + "lastPublishDate": { + "$ref": "#/definitions/lastPublishDate", + "description": "last publish date for the solution content item" + }, + "customVersion": { + "$ref": "#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the solution template" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + } + } + } + }, + "parameters": { + "Metadata": { + "description": "Metadata resource.", + "in": "body", + "name": "metadata", + "required": true, + "schema": { + "$ref": "#/definitions/MetadataModel" + }, + "x-ms-parameter-location": "method" + }, + "MetadataPatch": { + "description": "Partial metadata request.", + "in": "body", + "name": "metadataPatch", + "required": true, + "schema": { + "$ref": "#/definitions/metadataPatch" + }, + "x-ms-parameter-location": "method" + }, + "MetadataName": { + "description": "The Metadata name.", + "in": "path", + "name": "metadataName", + "required": true, + "pattern": "^\\S+$", + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OfficeConsents.json new file mode 100644 index 000000000000..d61b94f5a6db --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OfficeConsents.json @@ -0,0 +1,234 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents": { + "get": { + "x-ms-examples": { + "Get all office consents.": { + "$ref": "./examples/officeConsents/GetOfficeConsents.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Gets all office365 consents.", + "operationId": "OfficeConsents_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/OfficeConsentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}": { + "get": { + "x-ms-examples": { + "Get an office consent.": { + "$ref": "./examples/officeConsents/GetOfficeConsentsById.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Gets an office365 consent.", + "operationId": "OfficeConsents_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ConsentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/OfficeConsent" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an office consent.": { + "$ref": "./examples/officeConsents/DeleteOfficeConsents.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Delete the office365 consent.", + "operationId": "OfficeConsents_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ConsentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "ConsentId": { + "description": "consent ID", + "in": "path", + "name": "consentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "OfficeConsent": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Consent for Office365 tenant that already made.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeConsentProperties", + "description": "Office consent properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "OfficeConsentList": { + "description": "List of all the office365 consents.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of office consents.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of the consents.", + "items": { + "$ref": "#/definitions/OfficeConsent" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "OfficeConsentProperties": { + "description": "Consent property bag.", + "properties": { + "tenantId": { + "description": "The tenantId of the Office365 with the consent.", + "type": "string" + }, + "consentId": { + "description": "Help to easily cascade among the data layers.", + "type": "string" + } + }, + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OnboardingStates.json new file mode 100644 index 000000000000..b6e9d528ed9d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OnboardingStates.json @@ -0,0 +1,284 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}": { + "get": { + "x-ms-examples": { + "Get Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/GetSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Get Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "Error in getting the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/CreateSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Create Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "Error in creating the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/DeleteSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Delete Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error in deleting the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates": { + "get": { + "x-ms-examples": { + "Get all Sentinel onboarding states": { + "$ref": "./examples/onboardingStates/GetAllSentinelOnboardingStates.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Gets all Sentinel onboarding states", + "operationId": "SentinelOnboardingStates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingStatesList" + } + }, + "default": { + "description": "Error in listing the Sentinel onboarding states", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SentinelOnboardingStateProperties": { + "description": "The Sentinel onboarding state properties", + "type": "object", + "properties": { + "customerManagedKey": { + "description": "Flag that indicates the status of the CMK setting", + "type": "boolean" + } + } + }, + "SentinelOnboardingState": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Sentinel onboarding state", + "properties": { + "properties": { + "$ref": "#/definitions/SentinelOnboardingStateProperties", + "description": "The Sentinel onboarding state object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "SentinelOnboardingStatesList": { + "description": "List of the Sentinel onboarding states", + "properties": { + "value": { + "description": "Array of Sentinel onboarding states", + "items": { + "$ref": "#/definitions/SentinelOnboardingState" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + } + }, + "parameters": { + "SentinelOnboardingStateName": { + "description": "The Sentinel onboarding state name. Supports - default", + "in": "path", + "name": "sentinelOnboardingStateName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SentinelOnboardingStateParameter": { + "description": "The Sentinel onboarding state parameter", + "in": "body", + "name": "sentinelOnboardingStateParameter", + "required": false, + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Recommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Recommendations.json new file mode 100644 index 000000000000..38df528e8619 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Recommendations.json @@ -0,0 +1,564 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations": { + "get": { + "x-ms-examples": { + "Get Recommendations list.": { + "$ref": "./examples/recommendations/GetRecommendations.json" + } + }, + "tags": [ + "recommendations" + ], + "description": "Gets a list of all recommendations.", + "operationId": "GetRecommendations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RecommendationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}": { + "get": { + "x-ms-examples": { + "Get a recommendation.": { + "$ref": "./examples/recommendations/GetRecommendation.json" + } + }, + "tags": [ + "recommendations" + ], + "description": "Gets a recommendation by its id.", + "operationId": "Get_SingleRecommendation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RecommendationId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Recommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Creates a recommendation.": { + "$ref": "./examples/recommendations/PatchRecommendation.json" + } + }, + "tags": [ + "recommendations" + ], + "description": "Patch a recommendation.", + "operationId": "Update_Recommendation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RecommendationId" + }, + { + "$ref": "#/parameters/RecommendationPatch" + } + ], + "x-ms-long-running-operation": true, + "responses": { + "202": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Recommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "Recommendation": { + "description": "Recommendation object.", + "properties": { + "id": { + "description": "id of recommendation.", + "type": "string", + "format": "uuid" + }, + "instructions": { + "description": "Instructions of the recommendation.", + "$ref": "#/definitions/Instructions" + }, + "content": { + "description": "Content of the recommendation.", + "$ref": "#/definitions/Content", + "x-nullable": true + }, + "resourceId": { + "description": "Id of the resource this recommendation refers to.", + "type": "string", + "x-nullable": true + }, + "additionalProperties": { + "description": "Collection of additional properties for the recommendation.", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "x-nullable": true + }, + "title": { + "description": "Title of the recommendation.", + "type": "string" + }, + "description": { + "description": "Description of the recommendation.", + "type": "string" + }, + "recommendationTypeTitle": { + "description": "Title of the recommendation type.", + "type": "string" + }, + "recommendationTypeId": { + "description": "Id of the recommendation type.", + "type": "string" + }, + "category": { + "description": "Category of the recommendation.", + "$ref": "#/definitions/RecommendationCategory" + }, + "context": { + "description": "Context of the recommendation.", + "$ref": "#/definitions/RecommendationContext" + }, + "workspaceId": { + "description": "Id of the workspace this recommendation refers to.", + "type": "string", + "format": "uuid" + }, + "actions": { + "description": "List of actions to take for this recommendation.", + "type": "array", + "items": { + "$ref": "#/definitions/RecommendedAction" + }, + "x-ms-identifiers": [] + }, + "state": { + "description": "State of the recommendation.", + "$ref": "#/definitions/RecommendationState" + }, + "priority": { + "description": "Priority of the recommendation.", + "$ref": "#/definitions/RecommendationPriority" + }, + "lastEvaluatedTimeUtc": { + "description": "The time stamp (UTC) when the recommendation was last evaluated.", + "type": "string", + "format": "date-time" + }, + "hideUntilTimeUtc": { + "description": "The time stamp (UTC) when the recommendation should be displayed again.", + "type": "string", + "format": "date-time", + "x-nullable": true + }, + "displayUntilTimeUtc": { + "description": "The timestamp (UTC) after which the recommendation should not be displayed anymore.", + "type": "string", + "format": "date-time", + "x-nullable": true + }, + "visible": { + "description": "Value indicating if the recommendation should be displayed or not.", + "type": "boolean" + } + }, + "required": [ + "id", + "instructions", + "title", + "description", + "recommendationTypeTitle", + "recommendationTypeId", + "category", + "context", + "workspaceId", + "actions", + "state", + "priority", + "lastEvaluatedTimeUtc" + ], + "type": "object" + }, + "RecommendationList": { + "description": "A list of recommendations", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/Recommendation" + }, + "description": "An list of recommendations" + } + }, + "type": "object" + }, + "Content": { + "description": "Content section of the recommendation.", + "properties": { + "title": { + "description": "Title of the content.", + "type": "string" + }, + "description": { + "description": "Description of the content.", + "type": "string" + } + }, + "required": [ + "title", + "description" + ], + "type": "object" + }, + "Instructions": { + "description": "Instructions section of a recommendation.", + "properties": { + "actionsToBePerformed": { + "description": "What actions should be taken to complete the recommendation.", + "type": "string" + }, + "recommendationImportance": { + "description": "Explains why the recommendation is important.", + "type": "string" + }, + "howToPerformActionDetails": { + "description": "How should the user complete the recommendation.", + "type": "string", + "x-nullable": true + } + }, + "required": [ + "actionsToBePerformed", + "recommendationImportance" + ], + "type": "object" + }, + "RecommendedAction": { + "description": "What actions should be taken to complete the recommendation.", + "properties": { + "linkText": { + "description": "Text of the link to complete the action.", + "type": "string" + }, + "linkUrl": { + "description": "The Link to complete the action.", + "type": "string" + }, + "state": { + "description": "The state of the action.", + "$ref": "#/definitions/ActionState" + } + }, + "required": [ + "linkText", + "linkUrl" + ], + "type": "object" + }, + "RecommendationPatch": { + "description": "Recommendation Fields to update.", + "properties": { + "state": { + "description": "State of the recommendation.", + "$ref": "#/definitions/RecommendationState" + }, + "hideUntilTimeUtc": { + "description": "The time stamp (UTC) when the recommendation should be displayed again.", + "type": "string", + "format": "date-time" + } + }, + "type": "object" + }, + "RecommendationCategory": { + "description": "Categories of recommendations.", + "type": "string", + "enum": [ + "Onboarding", + "NewFeature", + "SocEfficiency", + "CostOptimization", + "Demo" + ], + "x-ms-enum": { + "name": "Category", + "modelAsString": true, + "values": [ + { + "value": "Onboarding", + "description": "Onboarding recommendation." + }, + { + "value": "NewFeature", + "description": "New feature recommendation." + }, + { + "value": "SocEfficiency", + "description": "Soc Efficiency recommendation." + }, + { + "value": "CostOptimization", + "description": "Cost optimization recommendation." + }, + { + "value": "Demo", + "description": "Demo recommendation." + } + ] + } + }, + "RecommendationContext": { + "description": "Context of recommendation.", + "type": "string", + "enum": [ + "Analytics", + "Incidents", + "Overview", + "None" + ], + "x-ms-enum": { + "name": "Context", + "modelAsString": true, + "values": [ + { + "value": "Analytics", + "description": "Analytics context." + }, + { + "value": "Incidents", + "description": "Incidents context." + }, + { + "value": "Overview", + "description": "Overview context." + }, + { + "value": "None", + "description": "No context." + } + ] + } + }, + "RecommendationState": { + "description": "State of recommendation.", + "type": "string", + "enum": [ + "Active", + "Disabled", + "CompletedByUser", + "CompletedByAction", + "Hidden" + ], + "x-ms-enum": { + "name": "State", + "modelAsString": true, + "values": [ + { + "value": "Active", + "description": "Recommendation is active." + }, + { + "value": "Disabled", + "description": "Recommendation is disabled." + }, + { + "value": "CompletedByUser", + "description": "Recommendation has been completed by user." + }, + { + "value": "CompletedByAction", + "description": "Recommendation has been completed by action." + }, + { + "value": "Hidden", + "description": "Recommendation is hidden." + } + ] + } + }, + "RecommendationPriority": { + "description": "Priority of recommendation.", + "type": "string", + "enum": [ + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "Priority", + "modelAsString": true, + "values": [ + { + "value": "Low", + "description": "Low priority for recommendation." + }, + { + "value": "Medium", + "description": "Medium priority for recommendation." + }, + { + "value": "High", + "description": "High priority for recommendation." + } + ] + } + }, + "ActionState": { + "description": "Represents the state the recommendation action is currently in.", + "type": "string", + "enum": [ + "Active", + "InProgress", + "Done" + ], + "x-ms-enum": { + "name": "Priority", + "modelAsString": true, + "values": [ + { + "value": "Active", + "description": "Default state of actions." + }, + { + "value": "InProgress", + "description": "State for when actions have been clicked on." + }, + { + "value": "Done", + "description": "State of completed actions." + } + ] + } + } + }, + "parameters": { + "RecommendationId": { + "description": "Recommendation Id.", + "in": "path", + "name": "recommendationId", + "required": true, + "type": "string", + "format": "uuid", + "x-ms-parameter-location": "method" + }, + "RecommendationPatch": { + "description": "Recommendation Fields to Update.", + "in": "body", + "name": "recommendationPatch", + "required": true, + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RecommendationPatch" + }, + "x-ms-identifiers": [] + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SecurityMLAnalyticsSettings.json new file mode 100644 index 000000000000..e7649b5e7202 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SecurityMLAnalyticsSettings.json @@ -0,0 +1,444 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings": { + "get": { + "x-ms-examples": { + "Get all Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Gets all Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}": { + "get": { + "x-ms-examples": { + "Get a Anomaly Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Gets the Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsResourceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a Anomaly Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Creates or updates the Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsResourceName" + }, + { + "$ref": "#/parameters/SecurityMLAnalyticsSetting" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Delete the Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsResourceName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "SecurityMLAnalyticsSetting": { + "description": "The security ML Analytics setting", + "in": "body", + "name": "securityMLAnalyticsSetting", + "required": true, + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + }, + "x-ms-parameter-location": "method" + }, + "SettingsResourceName": { + "description": "Security ML Analytics Settings resource name", + "in": "path", + "name": "settingsResourceName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "SecurityMLAnalyticsSetting": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Security ML Analytics Setting", + "properties": { + "kind": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsKindEnum", + "description": "The kind of security ML Analytics Settings" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "SecurityMLAnalyticsSettingsKindEnum": { + "description": "The kind of security ML analytics settings", + "enum": [ + "Anomaly" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SecurityMLAnalyticsSettingsKind", + "values": [ + { + "value": "Anomaly" + } + ] + } + }, + "SecurityMLAnalyticsSettingsList": { + "description": "List all the SecurityMLAnalyticsSettings", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of SecurityMLAnalyticsSettings.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of SecurityMLAnalyticsSettings", + "items": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AnomalySecurityMLAnalyticsSettings": { + "allOf": [ + { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + ], + "description": "Represents Anomaly Security ML Analytics Settings", + "properties": { + "properties": { + "$ref": "#/definitions/AnomalySecurityMLAnalyticsSettingsProperties", + "description": "Anomaly Security ML Analytics Settings properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Anomaly" + }, + "AnomalySecurityMLAnalyticsSettingsProperties": { + "description": "AnomalySecurityMLAnalytics settings base property bag.", + "properties": { + "description": { + "description": "The description of the SecurityMLAnalyticsSettings.", + "type": "string" + }, + "displayName": { + "description": "The display name for settings created by this SecurityMLAnalyticsSettings.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this settings is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this SecurityMLAnalyticsSettings has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data sources for this SecurityMLAnalyticsSettings", + "items": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ], + "type": "array" + }, + "tactics": { + "description": "The tactics of the SecurityMLAnalyticsSettings", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the SecurityMLAnalyticsSettings", + "items": { + "type": "string" + }, + "type": "array" + }, + "anomalyVersion": { + "description": "The anomaly version of the AnomalySecurityMLAnalyticsSettings.", + "type": "string" + }, + "customizableObservations": { + "description": "The customizable observations of the AnomalySecurityMLAnalyticsSettings.", + "type": "object" + }, + "frequency": { + "description": "The frequency that this SecurityMLAnalyticsSettings will be run.", + "format": "duration", + "type": "string" + }, + "settingsStatus": { + "$ref": "#/definitions/AnomalySecurityMLAnalyticsSettingsStatus", + "description": "The anomaly SecurityMLAnalyticsSettings status" + }, + "isDefaultSettings": { + "description": "Determines whether this anomaly security ml analytics settings is a default settings", + "type": "boolean" + }, + "anomalySettingsVersion": { + "description": "The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.", + "type": "integer", + "format": "int32" + }, + "settingsDefinitionId": { + "description": "The anomaly settings definition Id", + "format": "uuid", + "type": "string" + } + }, + "required": [ + "displayName", + "enabled", + "anomalyVersion", + "frequency", + "settingsStatus", + "isDefaultSettings" + ], + "type": "object" + }, + "SecurityMLAnalyticsSettingsDataSource": { + "description": "security ml analytics settings data sources", + "properties": { + "connectorId": { + "description": "The connector id that provides the following data types", + "type": "string" + }, + "dataTypes": { + "description": "The data types used by the security ml analytics settings", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AnomalySecurityMLAnalyticsSettingsStatus": { + "description": "The anomaly SecurityMLAnalyticsSettings status", + "enum": [ + "Production", + "Flighting" + ], + "type": "string", + "x-ms-enum": { + "name": "SettingsStatus", + "modelAsString": true, + "values": [ + { + "description": "Anomaly settings status in Production mode", + "value": "Production" + }, + { + "description": "Anomaly settings status in Flighting mode", + "value": "Flighting" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Settings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Settings.json new file mode 100644 index 000000000000..306672b77c78 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Settings.json @@ -0,0 +1,423 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings": { + "get": { + "x-ms-examples": { + "Get all settings.": { + "$ref": "./examples/settings/GetAllSettings.json" + } + }, + "tags": [ + "Settings" + ], + "description": "List of all the settings", + "operationId": "ProductSettings_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SettingList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}": { + "get": { + "x-ms-examples": { + "Get EyesOn settings.": { + "$ref": "./examples/settings/GetEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Gets a setting.", + "operationId": "ProductSettings_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete EyesOn settings.": { + "$ref": "./examples/settings/DeleteEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Delete setting of the product.", + "operationId": "ProductSettings_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Update EyesOn settings.": { + "$ref": "./examples/settings/UpdateEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Updates setting.", + "operationId": "ProductSettings_Update", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + }, + { + "$ref": "#/parameters/Settings" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SettingList": { + "description": "List of all the settings.", + "properties": { + "value": { + "description": "Array of settings.", + "items": { + "$ref": "#/definitions/Settings" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "Settings": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "The Setting.", + "properties": { + "kind": { + "description": "The kind of the setting", + "enum": [ + "Anomalies", + "EyesOn", + "EntityAnalytics", + "Ueba" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SettingKind" + } + } + }, + "required": [ + "kind" + ], + "discriminator": "kind", + "type": "object" + }, + "Anomalies": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/AnomaliesSettingsProperties", + "description": "Anomalies properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Anomalies" + }, + "AnomaliesSettingsProperties": { + "description": "Anomalies property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "EyesOn": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EyesOnSettingsProperties", + "description": "EyesOn properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "EyesOn" + }, + "EyesOnSettingsProperties": { + "description": "EyesOn property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "EntityAnalytics": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EntityAnalyticsProperties", + "description": "EntityAnalytics properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "EntityAnalytics" + }, + "EntityAnalyticsProperties": { + "description": "EntityAnalytics property bag.", + "properties": { + "entityProviders": { + "description": "The relevant entity providers that are synced", + "items": { + "$ref": "#/definitions/EntityProviders" + }, + "type": "array" + } + }, + "type": "object" + }, + "EntityProviders": { + "description": "The entity provider that is synced.", + "enum": [ + "ActiveDirectory", + "AzureActiveDirectory" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityProviders" + } + }, + "Ueba": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/UebaProperties", + "description": "Ueba properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ueba" + }, + "UebaProperties": { + "description": "Ueba property bag.", + "properties": { + "dataSources": { + "description": "The relevant data sources that enriched by ueba", + "items": { + "$ref": "#/definitions/UebaDataSources" + }, + "type": "array" + } + }, + "type": "object" + }, + "UebaDataSources": { + "description": "The data source that enriched by ueba.", + "enum": [ + "AuditLogs", + "AzureActivity", + "SecurityEvent", + "SigninLogs" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "UebaDataSources" + } + } + }, + "parameters": { + "Settings": { + "description": "The setting", + "in": "body", + "name": "settings", + "required": true, + "schema": { + "$ref": "#/definitions/Settings" + }, + "x-ms-parameter-location": "method" + }, + "SettingsName": { + "description": "The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba", + "in": "path", + "name": "settingsName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SourceControls.json new file mode 100644 index 000000000000..0e9b63882cb1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SourceControls.json @@ -0,0 +1,971 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories": { + "post": { + "x-ms-examples": { + "Get repository list.": { + "$ref": "./examples/repositories/GetRepositories.json" + } + }, + "tags": [ + "Repositories" + ], + "description": "Gets a list of repositories metadata.", + "operationId": "SourceControl_listRepositories", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RepoTypeParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RepoList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols": { + "get": { + "x-ms-examples": { + "Get all source controls.": { + "$ref": "./examples/sourcecontrols/GetSourceControls.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Gets all source controls, without source control items.", + "operationId": "SourceControls_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SourceControlList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}": { + "get": { + "x-ms-examples": { + "Get a source control.": { + "$ref": "./examples/sourcecontrols/GetSourceControlById.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Gets a source control byt its identifier.", + "operationId": "SourceControls_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a source control.": { + "$ref": "./examples/sourcecontrols/CreateSourceControl.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Creates a source control.", + "operationId": "SourceControls_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + }, + { + "$ref": "#/parameters/SourceControl" + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete": { + "post": { + "x-ms-examples": { + "Delete a source control.": { + "$ref": "./examples/sourcecontrols/DeleteSourceControl.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Delete a source control.", + "operationId": "SourceControls_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + }, + { + "$ref": "#/parameters/RepositoryAccess" + } + ], + "responses": { + "200": { + "description": "Source control deleted.", + "schema": { + "$ref": "#/definitions/Warning" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "RepoList": { + "description": "List all the source controls.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of repositories.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of repositories.", + "items": { + "$ref": "#/definitions/Repo" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "Repo": { + "description": "Represents a repository.", + "properties": { + "url": { + "description": "The url to access the repository.", + "type": "string" + }, + "fullName": { + "description": "The name of the repository.", + "type": "string" + }, + "branches": { + "description": "Array of branches.", + "items": { + "description": "name of branch.", + "type": "string" + }, + "type": "array" + } + }, + "x-ms-azure-resource": false, + "type": "object" + }, + "SourceControlList": { + "description": "List all the source controls.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of source controls.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of source controls.", + "items": { + "$ref": "#/definitions/SourceControl" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "SourceControl": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a SourceControl in Azure Security Insights.", + "properties": { + "properties": { + "description": "source control properties", + "$ref": "#/definitions/SourceControlProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "SourceControlProperties": { + "description": "Describes source control properties", + "properties": { + "id": { + "description": "The id (a Guid) of the source control", + "type": "string", + "readOnly": true + }, + "version": { + "$ref": "#/definitions/Version", + "description": "The version number associated with the source control", + "type": "string" + }, + "displayName": { + "description": "The display name of the source control", + "type": "string" + }, + "description": { + "description": "A description of the source control", + "type": "string" + }, + "repoType": { + "$ref": "#/definitions/RepoType", + "description": "The repository type of the source control", + "type": "string" + }, + "contentTypes": { + "description": "Array of source control content types.", + "items": { + "$ref": "#/definitions/ContentType" + }, + "type": "array" + }, + "repository": { + "description": "Repository metadata.", + "$ref": "#/definitions/Repository" + }, + "servicePrincipal": { + "description": "Service principal metadata.", + "$ref": "#/definitions/ServicePrincipal" + }, + "repositoryAccess": { + "description": "Repository access credentials. This is write-only object and it never returns back to a user.", + "x-ms-mutability": [ + "create", + "update" + ], + "$ref": "#/definitions/RepositoryAccess" + }, + "repositoryResourceInfo": { + "description": "Information regarding the resources created in user's repository.", + "$ref": "#/definitions/RepositoryResourceInfo" + }, + "lastDeploymentInfo": { + "description": "Information regarding the latest deployment for the source control.", + "$ref": "#/definitions/DeploymentInfo" + }, + "pullRequest": { + "description": "Information regarding the pull request of the source control.", + "$ref": "#/definitions/PullRequest" + } + }, + "required": [ + "displayName", + "repoType", + "contentTypes", + "repository" + ], + "type": "object" + }, + "RepositoryAccess": { + "type": "object", + "description": "Credentials to access repository.", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "The kind of repository access credentials", + "$ref": "#/definitions/RepositoryAccessKind" + }, + "code": { + "x-ms-secret": true, + "type": "string", + "description": "OAuth Code. Required when `kind` is `OAuth`" + }, + "state": { + "x-ms-secret": true, + "type": "string", + "description": "OAuth State. Required when `kind` is `OAuth`" + }, + "clientId": { + "type": "string", + "description": "OAuth ClientId. Required when `kind` is `OAuth`" + }, + "token": { + "x-ms-secret": true, + "type": "string", + "description": "Personal Access Token. Required when `kind` is `PAT`" + }, + "installationId": { + "type": "string", + "description": "Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only." + } + } + }, + "Repository": { + "type": "object", + "required": [ + "url", + "branch" + ], + "description": "metadata of a repository.", + "properties": { + "url": { + "description": "Url of repository.", + "type": "string" + }, + "branch": { + "description": "Branch name of repository.", + "type": "string" + }, + "displayUrl": { + "description": "Display url of repository.", + "type": "string" + }, + "deploymentLogsUrl": { + "description": "Url to access repository action logs.", + "type": "string", + "readOnly": true + } + } + }, + "ServicePrincipal": { + "readOnly": true, + "type": "object", + "description": "Service principal metadata.", + "properties": { + "id": { + "description": "Id of service principal.", + "type": "string", + "readOnly": true + }, + "tenantId": { + "description": "Tenant id of service principal.", + "type": "string", + "readOnly": true + }, + "appId": { + "description": "App id of service principal.", + "type": "string", + "readOnly": true + } + } + }, + "RepositoryResourceInfo": { + "type": "object", + "description": "Resources created in user's repository for the source-control.", + "properties": { + "webhook": { + "type": "object", + "description": "The webhook object created for the source-control.", + "$ref": "#/definitions/Webhook" + }, + "gitHubResourceInfo": { + "type": "object", + "description": "Resources created in GitHub for this source-control.", + "$ref": "#/definitions/GitHubResourceInfo" + }, + "azureDevOpsResourceInfo": { + "type": "object", + "description": "Resources created in Azure DevOps for this source-control.", + "$ref": "#/definitions/AzureDevOpsResourceInfo" + } + } + }, + "Webhook": { + "description": "Detail about the webhook object.", + "type": "object", + "properties": { + "webhookId": { + "description": "Unique identifier for the webhook.", + "type": "string", + "readOnly": true + }, + "webhookUrl": { + "description": "URL that gets invoked by the webhook.", + "type": "string", + "readOnly": true + }, + "webhookSecretUpdateTime": { + "format": "date-time", + "description": "Time when the webhook secret was updated.", + "type": "string", + "readOnly": true + }, + "rotateWebhookSecret": { + "description": "A flag to instruct the backend service to rotate webhook secret.", + "type": "boolean" + } + } + }, + "GitHubResourceInfo": { + "readOnly": true, + "description": "Resources created in GitHub repository.", + "type": "object", + "properties": { + "appInstallationId": { + "description": "GitHub application installation id.", + "type": "string" + } + } + }, + "AzureDevOpsResourceInfo": { + "readOnly": true, + "description": "Resources created in Azure DevOps repository.", + "type": "object", + "properties": { + "pipelineId": { + "description": "Id of the pipeline created for the source-control.", + "type": "string" + }, + "serviceConnectionId": { + "description": "Id of the service-connection created for the source-control.", + "type": "string" + } + } + }, + "DeploymentInfo": { + "readOnly": true, + "description": "Information regarding a deployment.", + "type": "object", + "properties": { + "deploymentFetchStatus": { + "$ref": "#/definitions/DeploymentFetchStatus", + "description": "Status while fetching the last deployment.", + "type": "string" + }, + "deployment": { + "$ref": "#/definitions/Deployment", + "description": "Deployment information.", + "type": "object" + }, + "message": { + "description": "Additional details about the deployment that can be shown to the user.", + "type": "string" + } + } + }, + "Deployment": { + "description": "Description about a deployment.", + "type": "object", + "properties": { + "deploymentId": { + "description": "Deployment identifier.", + "type": "string" + }, + "deploymentState": { + "$ref": "#/definitions/DeploymentState", + "description": "Current status of the deployment.", + "type": "string" + }, + "deploymentResult": { + "$ref": "#/definitions/DeploymentResult", + "description": "The outcome of the deployment.", + "type": "string" + }, + "deploymentTime": { + "format": "date-time", + "description": "The time when the deployment finished.", + "type": "string" + }, + "deploymentLogsUrl": { + "description": "Url to access repository action logs.", + "type": "string" + } + } + }, + "ContentType": { + "description": "The content type of a source control path.", + "enum": [ + "AnalyticRule", + "AutomationRule", + "HuntingQuery", + "Parser", + "Playbook", + "Workbook" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ContentType", + "values": [ + { + "value": "AnalyticRule" + }, + { + "value": "AutomationRule" + }, + { + "value": "HuntingQuery" + }, + { + "value": "Parser" + }, + { + "value": "Playbook" + }, + { + "value": "Workbook" + } + ] + } + }, + "RepoType": { + "description": "The type of repository.", + "enum": [ + "Github", + "AzureDevOps" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RepoType", + "values": [ + { + "value": "Github" + }, + { + "value": "AzureDevOps" + } + ] + } + }, + "RepositoryAccessKind": { + "description": "The kind of repository access credentials", + "enum": [ + "OAuth", + "PAT", + "App" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RepositoryAccessKind", + "values": [ + { + "value": "OAuth" + }, + { + "value": "PAT" + }, + { + "value": "App" + } + ] + } + }, + "Version": { + "readOnly": true, + "description": "The version of the source control.", + "enum": [ + "V1", + "V2" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "Version", + "values": [ + { + "value": "V1" + }, + { + "value": "V2" + } + ] + } + }, + "DeploymentFetchStatus": { + "description": "Status while trying to fetch the deployment information.", + "enum": [ + "Success", + "Unauthorized", + "NotFound" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeploymentFetchStatus", + "values": [ + { + "value": "Success" + }, + { + "value": "Unauthorized" + }, + { + "value": "NotFound" + } + ] + } + }, + "DeploymentState": { + "description": "The current state of the deployment.", + "enum": [ + "In_Progress", + "Completed", + "Queued", + "Canceling" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeploymentState", + "values": [ + { + "value": "In_Progress" + }, + { + "value": "Completed" + }, + { + "value": "Queued" + }, + { + "value": "Canceling" + } + ] + } + }, + "DeploymentResult": { + "description": "Status while trying to fetch the deployment information.", + "enum": [ + "Success", + "Canceled", + "Failed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeploymentResult", + "values": [ + { + "value": "Success" + }, + { + "value": "Canceled" + }, + { + "value": "Failed" + } + ] + } + }, + "PullRequest": { + "readOnly": true, + "description": "Information regarding pull request for protected branches.", + "type": "object", + "properties": { + "url": { + "description": "URL of pull request", + "type": "string", + "readOnly": true + }, + "state": { + "$ref": "#/definitions/PullRequestState", + "description": "State of the pull request", + "type": "object", + "readOnly": true + } + } + }, + "PullRequestState": { + "description": "Status of the pull request.", + "enum": [ + "Open", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "state", + "values": [ + { + "value": "Open" + }, + { + "value": "Closed" + } + ] + } + }, + "Warning": { + "description": "Warning response structure.", + "x-ms-external": true, + "properties": { + "warning": { + "$ref": "#/definitions/WarningBody", + "description": "Warning data." + } + }, + "type": "object" + }, + "WarningBody": { + "readOnly": true, + "x-ms-external": true, + "description": "Warning details.", + "properties": { + "code": { + "description": "An identifier for the warning. Codes are invariant and are intended to be consumed programmatically.", + "readOnly": true, + "type": "object", + "$ref": "#/definitions/WarningCode" + }, + "message": { + "description": "A message describing the warning, intended to be suitable for display in a user interface.", + "readOnly": true, + "type": "string" + }, + "details": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/WarningBody" + }, + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "WarningCode": { + "readOnly": true, + "description": "The type of repository.", + "enum": [ + "SourceControlWarning_DeleteServicePrincipal", + "SourceControlWarning_DeletePipelineFromAzureDevOps", + "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "SourceControlWarning_DeleteRoleAssignment", + "SourceControl_DeletedWithWarnings" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "WarningCode", + "values": [ + { + "value": "SourceControlWarning_DeleteServicePrincipal" + }, + { + "value": "SourceControlWarning_DeletePipelineFromAzureDevOps" + }, + { + "value": "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub" + }, + { + "value": "SourceControlWarning_DeleteRoleAssignment" + }, + { + "value": "SourceControl_DeletedWithWarnings" + } + ] + } + } + }, + "parameters": { + "RepoTypeParameter": { + "description": "The repo type.", + "in": "body", + "name": "repoType", + "required": true, + "schema": { + "$ref": "#/definitions/RepoType" + }, + "x-ms-parameter-location": "method" + }, + "SourceControlIdParameter": { + "description": "Source control Id", + "in": "path", + "name": "sourceControlId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SourceControl": { + "description": "The SourceControl", + "in": "body", + "name": "sourceControl", + "required": true, + "schema": { + "$ref": "#/definitions/SourceControl" + }, + "x-ms-parameter-location": "method" + }, + "RepositoryAccess": { + "description": "The repository access credentials.", + "in": "body", + "name": "repositoryAccess", + "required": true, + "schema": { + "required": [ + "repositoryAccess" + ], + "properties": { + "repositoryAccess": { + "$ref": "#/definitions/RepositoryAccess" + } + } + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ThreatIntelligence.json new file mode 100644 index 000000000000..f1235eabb35b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ThreatIntelligence.json @@ -0,0 +1,1097 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": { + "post": { + "x-ms-examples": { + "Create a new Threat Intelligence": { + "$ref": "./examples/threatintelligence/CreateThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Create a new threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to create indicators.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators": { + "get": { + "x-ms-examples": { + "Get all threat intelligence indicators": { + "$ref": "./examples/threatintelligence/GetThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Get all threat intelligence indicators.", + "operationId": "ThreatIntelligenceIndicators_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "Error response describing why the operation failed to get indicators.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}": { + "get": { + "x-ms-examples": { + "View a threat intelligence indicator by name": { + "$ref": "./examples/threatintelligence/GetThreatIntelligenceById.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "View a threat intelligence indicator by name.", + "operationId": "ThreatIntelligenceIndicator_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to view an indicator.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Update a threat Intelligence indicator": { + "$ref": "./examples/threatintelligence/UpdateThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Update a threat Intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to update an indicator.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/DeleteThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Delete a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed to delete an indicator.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators": { + "post": { + "x-ms-examples": { + "Query threat intelligence indicators as per filtering criteria": { + "$ref": "./examples/threatintelligence/QueryThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Query threat intelligence indicators as per filtering criteria.", + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceFilteringCriteria" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics": { + "get": { + "x-ms-examples": { + "Get threat intelligence indicators metrics.": { + "$ref": "./examples/threatintelligence/CollectThreatIntelligenceMetrics.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).", + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceMetricsList" + } + }, + "default": { + "description": "Error response describing why the operation failed to get metrics.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags": { + "post": { + "x-ms-examples": { + "Append tags to a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/AppendTagsThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Append tags to a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceAppendTags" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed to append tags.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags": { + "post": { + "x-ms-examples": { + "Replace tags to a Threat Intelligence": { + "$ref": "./examples/threatintelligence/ReplaceTagsThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Replace tags added to a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceReplaceTags" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to replace tags.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "ThreatIntelligenceName": { + "description": "Threat intelligence indicator name field.", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceProperties": { + "description": "Properties of threat intelligence indicators to create and update.", + "in": "body", + "name": "ThreatIntelligenceProperties", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceReplaceTags": { + "description": "Tags in the threat intelligence indicator to be replaced.", + "in": "body", + "name": "ThreatIntelligenceReplaceTags", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", + "in": "body", + "name": "ThreatIntelligenceFilteringCriteria", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceFilteringCriteria" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceIndicatorEntityKind": { + "description": "The threat intelligence entity kind", + "in": "query", + "name": "ctiEntityKind", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceAppendTags": { + "description": "The threat intelligence append tags request body", + "in": "body", + "name": "ThreatIntelligenceAppendTags", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceAppendTags" + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "ThreatIntelligenceInformationList": { + "description": "List of all the threat intelligence information objects.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of information objects.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of threat intelligence information objects.", + "items": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "ThreatIntelligenceInformation": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Threat intelligence information object.", + "properties": { + "kind": { + "$ref": "#/definitions/ThreatIntelligenceResourceInnerKind", + "description": "The kind of the entity." + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "ThreatIntelligenceIndicatorModel": { + "allOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + ], + "description": "Threat intelligence indicator entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties", + "description": "Threat Intelligence Entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "indicator" + }, + "ThreatIntelligenceResourceInnerKind": { + "description": "The kind of the threat intelligence entity", + "enum": [ + "indicator" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ThreatIntelligenceResourceInnerKind", + "values": [ + { + "description": "Entity represents threat intelligence indicator in the system.", + "value": "indicator" + } + ] + } + }, + "ThreatIntelligenceIndicatorProperties": { + "allOf": [ + { + "$ref": "./common/EntityTypes.json#/definitions/EntityCommonProperties" + } + ], + "description": "Describes threat intelligence entity properties", + "properties": { + "threatIntelligenceTags": { + "description": "List of tags", + "items": { + "description": "tag", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "lastUpdatedTimeUtc": { + "description": "Last updated time in UTC", + "type": "string" + }, + "source": { + "description": "Source of a threat intelligence entity", + "type": "string" + }, + "displayName": { + "description": "Display name of a threat intelligence entity", + "type": "string" + }, + "description": { + "description": "Description of a threat intelligence entity", + "type": "string" + }, + "indicatorTypes": { + "description": "Indicator types of threat intelligence entities", + "items": { + "description": "Indicator type of a threat intelligence entity", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "pattern": { + "description": "Pattern of a threat intelligence entity", + "type": "string" + }, + "patternType": { + "description": "Pattern type of a threat intelligence entity", + "type": "string" + }, + "patternVersion": { + "description": "Pattern version of a threat intelligence entity", + "type": "string" + }, + "killChainPhases": { + "description": "Kill chain phases", + "items": { + "description": "Kill chain phase", + "$ref": "#/definitions/ThreatIntelligenceKillChainPhase" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "parsedPattern": { + "description": "Parsed patterns", + "items": { + "description": "Parsed pattern", + "$ref": "#/definitions/ThreatIntelligenceParsedPattern" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "externalId": { + "description": "External ID of threat intelligence entity", + "type": "string" + }, + "createdByRef": { + "description": "Created by reference of threat intelligence entity", + "type": "string" + }, + "defanged": { + "description": "Is threat intelligence entity defanged", + "type": "boolean" + }, + "externalLastUpdatedTimeUtc": { + "description": "External last updated time in UTC", + "type": "string" + }, + "externalReferences": { + "description": "External References", + "items": { + "description": "external_reference", + "$ref": "#/definitions/ThreatIntelligenceExternalReference" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "granularMarkings": { + "description": "Granular Markings", + "items": { + "description": "Granular marking", + "$ref": "#/definitions/ThreatIntelligenceGranularMarkingModel" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "labels": { + "description": "Labels of threat intelligence entity", + "items": { + "description": "label", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "revoked": { + "description": "Is threat intelligence entity revoked", + "type": "boolean" + }, + "confidence": { + "description": "Confidence of threat intelligence entity", + "type": "integer", + "format": "int32" + }, + "objectMarkingRefs": { + "description": "Threat intelligence entity object marking references", + "items": { + "description": "Threat intelligence entity object marking reference", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "language": { + "description": "Language of threat intelligence entity", + "type": "string" + }, + "threatTypes": { + "description": "Threat types", + "items": { + "description": "Threat type", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "validFrom": { + "description": "Valid from", + "type": "string" + }, + "validUntil": { + "description": "Valid until", + "type": "string" + }, + "created": { + "description": "Created by", + "type": "string" + }, + "modified": { + "description": "Modified by", + "type": "string" + }, + "extensions": { + "description": "Extensions map", + "type": "object", + "additionalProperties": {} + } + }, + "type": "object" + }, + "ThreatIntelligenceKillChainPhase": { + "description": "Describes threat kill chain phase entity", + "properties": { + "killChainName": { + "description": "Kill chainName name", + "type": "string" + }, + "phaseName": { + "description": "Phase name", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceParsedPattern": { + "description": "Describes parsed pattern entity", + "properties": { + "patternTypeKey": { + "description": "Pattern type key", + "type": "string" + }, + "patternTypeValues": { + "description": "Pattern type keys", + "items": { + "description": "Pattern type key", + "$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceParsedPatternTypeValue": { + "description": "Describes threat kill chain phase entity", + "properties": { + "valueType": { + "description": "Type of the value", + "type": "string" + }, + "value": { + "description": "Value of parsed pattern", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceGranularMarkingModel": { + "description": "Describes threat granular marking model entity", + "properties": { + "language": { + "description": "Language granular marking model", + "type": "string" + }, + "markingRef": { + "description": "marking reference granular marking model", + "type": "integer", + "format": "int32" + }, + "selectors": { + "description": "granular marking model selectors", + "items": { + "description": "granular marking model selector", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceExternalReference": { + "description": "Describes external reference", + "properties": { + "description": { + "description": "External reference description", + "type": "string" + }, + "externalId": { + "description": "External reference ID", + "type": "string" + }, + "sourceName": { + "description": "External reference source name", + "type": "string" + }, + "url": { + "description": "External reference URL", + "type": "string" + }, + "hashes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "External reference hashes" + } + }, + "type": "object" + }, + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", + "properties": { + "pageSize": { + "description": "Page size", + "type": "integer", + "format": "int32" + }, + "minConfidence": { + "description": "Minimum confidence.", + "type": "integer", + "format": "int32" + }, + "maxConfidence": { + "description": "Maximum confidence.", + "type": "integer", + "format": "int32" + }, + "minValidUntil": { + "description": "Start time for ValidUntil filter.", + "type": "string" + }, + "maxValidUntil": { + "description": "End time for ValidUntil filter.", + "type": "string" + }, + "includeDisabled": { + "description": "Parameter to include/exclude disabled indicators.", + "type": "boolean" + }, + "sortBy": { + "description": "Columns to sort by and sorting order", + "items": { + "description": "Sort By", + "$ref": "#/definitions/ThreatIntelligenceSortingCriteria" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "sources": { + "description": "Sources of threat intelligence indicators", + "items": { + "description": "Source", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "patternTypes": { + "description": "Pattern types", + "items": { + "description": "Pattern type", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "threatTypes": { + "description": "Threat types of threat intelligence indicators", + "items": { + "description": "Threat type of a threat intelligence indicator", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "ids": { + "description": "Ids of threat intelligence indicators", + "items": { + "description": "Id of a threat intelligence indicator", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "keywords": { + "description": "Keywords for searching threat intelligence indicators", + "items": { + "description": "keyword for searching threat intelligence indicators", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "skipToken": { + "description": "Skip token.", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceSortingCriteria": { + "description": "List of available columns for sorting", + "properties": { + "itemKey": { + "description": "Column name", + "type": "string" + }, + "sortOrder": { + "$ref": "#/definitions/ThreatIntelligenceSortingOrder", + "description": "Sorting order (ascending/descending/unsorted)." + } + }, + "type": "object" + }, + "ThreatIntelligenceSortingOrder": { + "description": "Sorting order (ascending/descending/unsorted).", + "enum": [ + "unsorted", + "ascending", + "descending" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ThreatIntelligenceSortingOrder", + "values": [ + { + "value": "unsorted" + }, + { + "value": "ascending" + }, + { + "value": "descending" + } + ] + } + }, + "ThreatIntelligenceAppendTags": { + "description": "Array of tags to be appended to the threat intelligence indicator.", + "properties": { + "threatIntelligenceTags": { + "description": "List of tags to be appended.", + "items": { + "description": "parameter", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceMetricsList": { + "description": "List of all the threat intelligence metric fields (type/threat type/source).", + "properties": { + "value": { + "description": "Array of threat intelligence metric fields (type/threat type/source).", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetrics" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "ThreatIntelligenceMetrics": { + "description": "Threat intelligence metrics.", + "properties": { + "properties": { + "description": "Threat intelligence metrics.", + "$ref": "#/definitions/ThreatIntelligenceMetric" + } + }, + "type": "object" + }, + "ThreatIntelligenceMetric": { + "description": "Describes threat intelligence metric", + "properties": { + "lastUpdatedTimeUtc": { + "description": "Last updated indicator metric", + "type": "string" + }, + "threatTypeMetrics": { + "description": "Threat type metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "patternTypeMetrics": { + "description": "Pattern type metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "sourceMetrics": { + "description": "Source metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceMetricEntity": { + "description": "Describes threat intelligence metric entity", + "properties": { + "metricName": { + "description": "Metric name", + "type": "string" + }, + "metricValue": { + "description": "Metric value", + "type": "integer", + "format": "int32" + } + }, + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/TriggeredAnalyticsRuleRuns.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/TriggeredAnalyticsRuleRuns.json new file mode 100644 index 000000000000..17062f0f2d2c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/TriggeredAnalyticsRuleRuns.json @@ -0,0 +1,353 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}": { + "get": { + "tags": [ + "triggered analytics rule run" + ], + "description": "Gets the triggered analytics rule run.", + "operationId": "triggeredAnalyticsRuleRun_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "description": "the triggered rule id", + "in": "path", + "name": "ruleRunId", + "required": true, + "type": "string" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRun" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "triggeredAnalyticsRuleRun_Get": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns": { + "get": { + "tags": [ + "triggered analytics rule runs" + ], + "description": "Gets the triggered analytics rule runs.", + "operationId": "getTriggeredAnalyticsRuleRuns_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRuns" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "triggeredAnalyticsRuleRuns_Get": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun": { + "post": { + "tags": [ + "trigger analytics rule run" + ], + "description": "triggers analytics rule run", + "operationId": "alertRule_TriggerRuleRun", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AnalyticsRuleRunTriggerParameter" + } + ], + "responses": { + "202": { + "description": "The analytics rule run was successfully triggered.", + "headers": { + "Location": { + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "triggerRuleRun_Post": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json" + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + } + } + } + }, + "definitions": { + "ProvisioningState": { + "enum": [ + "Accepted", + "InProgress", + "Succeeded", + "Failed", + "Canceled" + ], + "description": "The triggered analytics rule run provisioning state", + "type": "string", + "example": "Accepted", + "x-ms-enum": { + "name": "ProvisioningState", + "modelAsString": true, + "values": [ + { + "value": "Accepted" + }, + { + "value": "InProgress" + }, + { + "value": "Succeeded" + }, + { + "value": "Failed" + }, + { + "value": "Canceled" + } + ] + } + }, + "TriggeredAnalyticsRuleRun": { + "required": [ + "properties" + ], + "description": "The triggered analytics rule run", + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRunProperties", + "x-ms-client-flatten": true + } + } + }, + "TriggeredAnalyticsRuleRunProperties": { + "required": [ + "executionTimeUtc", + "provisioningState", + "ruleId", + "triggeredAnalyticsRuleRunId" + ], + "description": "The triggered analytics rule run Properties", + "type": "object", + "properties": { + "executionTimeUtc": { + "format": "date-time", + "type": "string" + }, + "ruleId": { + "type": "string" + }, + "triggeredAnalyticsRuleRunId": { + "type": "string" + }, + "provisioningState": { + "$ref": "#/definitions/ProvisioningState" + }, + "ruleRunAdditionalData": { + "type": "object", + "additionalProperties": {} + } + } + }, + "TriggeredAnalyticsRuleRuns": { + "required": [ + "value" + ], + "description": "The triggered analytics rule run array", + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRun" + } + }, + "nextLink": { + "type": "string", + "readOnly": true + } + } + }, + "AnalyticsRuleRunTriggerProperties": { + "required": [ + "executionTimeUtc" + ], + "description": "The Analytics Rule Run Trigger properties", + "type": "object", + "properties": { + "executionTimeUtc": { + "format": "date-time", + "type": "string" + } + } + }, + "AnalyticsRuleRunTrigger": { + "required": [ + "properties" + ], + "description": "Analytics Rule Run Trigger request", + "properties": { + "properties": { + "$ref": "#/definitions/AnalyticsRuleRunTriggerProperties", + "description": "The analytics Rule Run Trigger request", + "x-ms-client-flatten": true + } + }, + "type": "object" + } + }, + "parameters": { + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AnalyticsRuleRunTriggerParameter": { + "description": "The Analytics Rule Run Trigger parameter", + "in": "body", + "name": "analyticsRuleRunTriggerParameter", + "required": true, + "schema": { + "$ref": "#/definitions/AnalyticsRuleRunTrigger" + }, + "x-ms-parameter-location": "method" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "tags": [ + { + "name": "AnalyticsOnDemandArm", + "description": "Controller that handles requests for triggeredAnalyticsRuleRuns ARM API." + }, + { + "name": "AnalyticsOnDemandArm", + "description": "Triggered Analytics Rule Runs" + } + ], + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Watchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Watchlists.json new file mode 100644 index 000000000000..38dd5f14db96 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Watchlists.json @@ -0,0 +1,721 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists": { + "get": { + "x-ms-examples": { + "Get all watchlists.": { + "$ref": "./examples/watchlists/GetWatchlists.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Gets all watchlists, without watchlist items.", + "operationId": "Watchlists_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}": { + "get": { + "x-ms-examples": { + "Get a watchlist.": { + "$ref": "./examples/watchlists/GetWatchlistByAlias.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Gets a watchlist, without its watchlist items.", + "operationId": "Watchlists_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist.": { + "$ref": "./examples/watchlists/DeleteWatchlist.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Delete a watchlist.", + "operationId": "Watchlists_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "headers": { + "Azure-AsyncOperation": { + "description": "Contains the status URL on which clients are expected to poll the status of the delete operation.", + "type": "string" + } + } + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a watchlist.": { + "$ref": "./examples/watchlists/CreateWatchlist.json" + }, + "Creates or updates a watchlist and bulk creates watchlist items.": { + "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItems.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can go up to 500 MB. The status of processing such large file can be polled through the URL returned in Azure-AsyncOperation header.", + "operationId": "Watchlists_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/Watchlist" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "201": { + "description": "Created. The response includes the Provisioning State and the Azure-AsyncOperation header. To get the progress of the operation, call GET operation on the URL in Azure-AsyncOperation header field.", + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "headers": { + "Azure-AsyncOperation": { + "description": "Contains the status URL on which clients are expected to poll the status of the operation.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems": { + "get": { + "x-ms-examples": { + "Get all watchlist Items.": { + "$ref": "./examples/watchlists/GetWatchlistItems.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Gets all watchlist Items.", + "operationId": "WatchlistItems_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItemList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": { + "get": { + "x-ms-examples": { + "Get a watchlist item.": { + "$ref": "./examples/watchlists/GetWatchlistItemById.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Gets a watchlist, without its watchlist items.", + "operationId": "WatchlistItems_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist Item.": { + "$ref": "./examples/watchlists/DeleteWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Delete a watchlist item.", + "operationId": "WatchlistItems_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a watchlist item.": { + "$ref": "./examples/watchlists/CreateWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Creates or updates a watchlist item.", + "operationId": "WatchlistItems_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + }, + { + "$ref": "#/parameters/WatchlistItem" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "WatchlistList": { + "description": "List all the watchlists.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlists.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist.", + "items": { + "$ref": "#/definitions/Watchlist" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Watchlist": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistProperties", + "description": "Watchlist properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistProperties": { + "description": "Describes watchlist properties", + "properties": { + "watchlistId": { + "description": "The id (a Guid) of the watchlist", + "type": "string" + }, + "displayName": { + "description": "The display name of the watchlist", + "type": "string" + }, + "provider": { + "description": "The provider of the watchlist", + "type": "string" + }, + "source": { + "description": "The filename of the watchlist, called 'source'", + "type": "string" + }, + "sourceType": { + "description": "The sourceType of the watchlist", + "enum": [ + "Local file", + "Remote storage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "sourceType" + } + }, + "created": { + "description": "The time the watchlist was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the watchlist", + "type": "object" + }, + "updatedBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist", + "type": "object" + }, + "description": { + "description": "A description of the watchlist", + "type": "string" + }, + "watchlistType": { + "description": "The type of the watchlist", + "type": "string" + }, + "watchlistAlias": { + "description": "The alias of the watchlist", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist is deleted or not", + "type": "boolean" + }, + "labels": { + "description": "List of labels relevant to this watchlist", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + }, + "defaultDuration": { + "description": "The default duration of a watchlist (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "tenantId": { + "description": "The tenantId where the watchlist belongs to", + "type": "string" + }, + "numberOfLinesToSkip": { + "description": "The number of lines in a csv/tsv content to skip before the header", + "type": "integer", + "format": "int32" + }, + "rawContent": { + "description": "The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint", + "type": "string" + }, + "itemsSearchKey": { + "description": "The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.", + "type": "string" + }, + "contentType": { + "description": "The content type of the raw content. Example : text/csv or text/tsv ", + "type": "string" + }, + "uploadStatus": { + "description": "The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted", + "type": "string" + } + }, + "required": [ + "displayName", + "provider", + "itemsSearchKey" + ], + "type": "object" + }, + "WatchlistItemList": { + "description": "List all the watchlist items.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlist item.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist items.", + "items": { + "$ref": "#/definitions/WatchlistItem" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "WatchlistItem": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist item in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistItemProperties", + "description": "Watchlist Item properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistItemProperties": { + "description": "Describes watchlist item properties", + "properties": { + "watchlistItemType": { + "description": "The type of the watchlist item", + "type": "string" + }, + "watchlistItemId": { + "description": "The id (a Guid) of the watchlist item", + "type": "string" + }, + "tenantId": { + "description": "The tenantId to which the watchlist item belongs to", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist item is deleted or not", + "type": "boolean" + }, + "created": { + "description": "The time the watchlist item was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist item was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the watchlist item", + "type": "object" + }, + "updatedBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist item" + }, + "itemsKeyValue": { + "description": "key-value pairs for a watchlist item", + "type": "object", + "additionalProperties": {} + }, + "entityMapping": { + "description": "key-value pairs for a watchlist item entity mapping", + "type": "object", + "additionalProperties": {} + } + }, + "required": [ + "itemsKeyValue" + ], + "type": "object" + } + }, + "parameters": { + "WatchlistAlias": { + "description": "Watchlist Alias", + "in": "path", + "name": "watchlistAlias", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Watchlist": { + "description": "The watchlist", + "in": "body", + "name": "watchlist", + "required": true, + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItem": { + "description": "The watchlist item", + "in": "body", + "name": "watchlistItem", + "required": true, + "schema": { + "$ref": "#/definitions/WatchlistItem" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItemId": { + "description": "Watchlist Item Id (GUID)", + "in": "path", + "name": "watchlistItemId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerAssignments.json new file mode 100644 index 000000000000..fde484db8625 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerAssignments.json @@ -0,0 +1,737 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments": { + "get": { + "x-ms-examples": { + "Get all workspace manager assignments for the Sentinel workspace manager.": { + "$ref": "./examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Get all workspace manager assignments for the Sentinel workspace manager.", + "operationId": "WorkspaceManagerAssignments_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignmentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager assignment": { + "$ref": "./examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Gets a workspace manager assignment", + "operationId": "WorkspaceManagerAssignments_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Creates or updates a workspace manager assignment.", + "operationId": "WorkspaceManagerAssignments_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignment" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Deletes a workspace manager assignment", + "operationId": "WorkspaceManagerAssignments_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs": { + "get": { + "x-ms-examples": { + "Get all jobs for the specified Sentinel workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/GetAllJobs.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Get all jobs for the specified workspace manager assignment", + "operationId": "WorkspaceManagerAssignmentJobs_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/JobList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + }, + "post": { + "x-ms-examples": { + "Creates a job for the specified workspace manager assignment": { + "$ref": "./examples/workspaceManagerAssignments/CreateJob.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Create a job for the specified workspace manager assignment", + "operationId": "WorkspaceManagerAssignmentJobs_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + } + ], + "responses": { + "200": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Job" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager job": { + "$ref": "./examples/workspaceManagerAssignments/GetJob.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Gets a job", + "operationId": "WorkspaceManagerAssignmentJobs_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "#/parameters/JobName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Job" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager job.": { + "$ref": "./examples/workspaceManagerAssignments/DeleteJob.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Deletes the specified job from the specified workspace manager assignment", + "operationId": "WorkspaceManagerAssignmentJobs_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "#/parameters/JobName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerAssignment": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager assignment", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerAssignmentProperties", + "description": "The workspace manager assignment object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerAssignmentProperties": { + "description": "The workspace manager assignment properties", + "properties": { + "targetResourceName": { + "description": "The resource name of the workspace manager group targeted by the workspace manager assignment", + "type": "string" + }, + "lastJobEndTime": { + "description": "The time the last job associated to this assignment ended at", + "format": "date-time", + "type": "string", + "readOnly": true + }, + "lastJobProvisioningState": { + "description": "State of the last job associated to this assignment", + "enum": [ + "Succeeded", + "InProgress", + "Canceled", + "Failed" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "provisioningState", + "values": [ + { + "description": "The job succeeded", + "value": "Succeeded" + }, + { + "description": "The job was canceled", + "value": "Canceled" + }, + { + "description": "The job is in progress", + "value": "InProgress" + }, + { + "description": "The job failed", + "value": "Failed" + } + ] + } + }, + "items": { + "description": "List of resources included in this workspace manager assignment", + "items": { + "$ref": "#/definitions/assignmentItem" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "targetResourceName", + "items" + ], + "type": "object" + }, + "assignmentItem": { + "description": "An entity describing a content item.", + "properties": { + "resourceId": { + "description": "The resource id of the content item", + "type": "string" + } + }, + "type": "object" + }, + "WorkspaceManagerAssignmentList": { + "description": "List of all the workspace manager assignments.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager assignments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager assignments.", + "items": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Job": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "The assignment job", + "properties": { + "properties": { + "$ref": "#/definitions/JobProperties", + "description": "The job object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "JobProperties": { + "description": "The job properties", + "properties": { + "endTime": { + "description": "The time the job completed", + "format": "date-time", + "type": "string", + "readOnly": true + }, + "items": { + "description": "List of items published by the job", + "items": { + "$ref": "#/definitions/jobItem" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "provisioningState": { + "description": "State of the job", + "enum": [ + "Succeeded", + "InProgress", + "Canceled", + "Failed" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "provisioningState", + "values": [ + { + "description": "The job succeeded", + "value": "Succeeded" + }, + { + "description": "The job was canceled", + "value": "Canceled" + }, + { + "description": "The job is in progress", + "value": "InProgress" + }, + { + "description": "The job failed", + "value": "Failed" + } + ] + } + }, + "startTime": { + "description": "The time the job started", + "format": "date-time", + "type": "string", + "readOnly": true + }, + "errorMessage": { + "description": "Message to describe error, if an error exists", + "type": "string", + "readOnly": true + } + }, + "type": "object" + }, + "jobItem": { + "description": "An entity describing the publish status of a content item.", + "properties": { + "resourceId": { + "description": "The resource id of the content item", + "type": "string" + }, + "status": { + "description": "Status of the item publication", + "enum": [ + "Succeeded", + "Failed", + "InProgress" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "status", + "values": [ + { + "description": "The item publication succeeded", + "value": "Succeeded" + }, + { + "description": "The item publication failed", + "value": "Failed" + }, + { + "description": "The item publication is in progress", + "value": "InProgress" + } + ] + } + }, + "executionTime": { + "description": "The time the item publishing was completed", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "errors": { + "description": "The list of error descriptions if the item publication fails.", + "items": { + "$ref": "#/definitions/error" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object" + }, + "error": { + "description": "The error description for why a publication failed", + "type": "object", + "properties": { + "memberResourceName": { + "description": "The member resource name for which the publication error occured", + "type": "string" + }, + "errorMessage": { + "description": "The error message", + "type": "string" + } + }, + "required": [ + "memberResourceName", + "errorMessage" + ] + }, + "JobList": { + "description": "List of all the jobs", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of jobs.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of jobs.", + "items": { + "$ref": "#/definitions/Job" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerAssignmentName": { + "description": "The name of the workspace manager assignment", + "in": "path", + "name": "workspaceManagerAssignmentName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerAssignment": { + "description": "The workspace manager assignment", + "in": "body", + "name": "workspaceManagerAssignment", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + }, + "x-ms-parameter-location": "method" + }, + "JobName": { + "description": "The job name", + "in": "path", + "name": "jobName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerConfigurations.json new file mode 100644 index 000000000000..ab8b91b6b747 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerConfigurations.json @@ -0,0 +1,323 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations": { + "get": { + "x-ms-examples": { + "Get all workspace manager configurations for a Sentinel workspace.": { + "$ref": "./examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Gets all workspace manager configurations for a Sentinel workspace.", + "operationId": "WorkspaceManagerConfigurations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfigurationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager configuration.": { + "$ref": "./examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Gets a workspace manager configuration", + "operationId": "WorkspaceManagerConfigurations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfigurationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager configuration.": { + "$ref": "./examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Deletes a workspace manager configuration", + "operationId": "WorkspaceManagerConfigurations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfigurationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or Update a workspace manager Configuration": { + "$ref": "./examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Creates or updates a workspace manager configuration.", + "operationId": "WorkspaceManagerConfigurations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfigurationName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfiguration" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerConfiguration": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager configuration", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerConfigurationProperties", + "description": "The workspace manager configuration object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerConfigurationProperties": { + "description": "The workspace manager configuration properties", + "properties": { + "mode": { + "description": "The current mode of the workspace manager configuration", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "mode", + "values": [ + { + "description": "The workspace manager configuration is enabled", + "value": "Enabled" + }, + { + "description": "The workspace manager configuration is disabled", + "value": "Disabled" + } + ] + } + } + }, + "required": [ + "mode" + ], + "type": "object" + }, + "WorkspaceManagerConfigurationList": { + "description": "List all the workspace manager configurations for the workspace.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager configurations.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager configurations.", + "items": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerConfigurationName": { + "description": "The name of the workspace manager configuration", + "in": "path", + "name": "workspaceManagerConfigurationName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerConfiguration": { + "description": "The workspace manager configuration", + "in": "body", + "name": "workspaceManagerConfiguration", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerGroups.json new file mode 100644 index 000000000000..1045b0baad5f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerGroups.json @@ -0,0 +1,318 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups": { + "get": { + "x-ms-examples": { + "Get all workspace manager groups in the Sentinel workspace manager.": { + "$ref": "./examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Gets all workspace manager groups in the Sentinel workspace manager", + "operationId": "WorkspaceManagerGroups_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroupList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager group": { + "$ref": "./examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Gets a workspace manager group", + "operationId": "WorkspaceManagerGroups_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroupName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a workspace manager group.": { + "$ref": "./examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Creates or updates a workspace manager group.", + "operationId": "WorkspaceManagerGroups_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroupName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroup" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager group.": { + "$ref": "./examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Deletes a workspace manager group", + "operationId": "WorkspaceManagerGroups_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroupName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerGroup": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager group", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerGroupProperties", + "description": "The workspace manager group object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerGroupProperties": { + "description": "The workspace manager group properties", + "properties": { + "description": { + "description": "The description of the workspace manager group", + "type": "string" + }, + "displayName": { + "description": "The display name of the workspace manager group", + "type": "string" + }, + "memberResourceNames": { + "description": "The names of the workspace manager members participating in this group.", + "items": { + "description": "memberResourceName", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "memberResourceNames" + ], + "type": "object" + }, + "WorkspaceManagerGroupList": { + "description": "List of all the workspace manager groups.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager groups.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager groups.", + "items": { + "$ref": "#/definitions/WorkspaceManagerGroup" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerGroupName": { + "description": "The name of the workspace manager group", + "in": "path", + "name": "workspaceManagerGroupName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerGroup": { + "description": "The workspace manager group object", + "in": "body", + "name": "workspaceManagerGroup", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerMembers.json new file mode 100644 index 000000000000..a31d5ac0d0e1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerMembers.json @@ -0,0 +1,310 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/": { + "get": { + "x-ms-examples": { + "Get all workspace manager members": { + "$ref": "./examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Gets all workspace manager members that exist for the given Sentinel workspace manager", + "operationId": "WorkspaceManagerMembers_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMembersList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/GetWorkspaceManagerMember.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Gets a workspace manager member", + "operationId": "WorkspaceManagerMembers_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMemberName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or Update a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Creates or updates a workspace manager member", + "operationId": "WorkspaceManagerMembers_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMemberName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMember" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Deletes a workspace manager member", + "operationId": "WorkspaceManagerMembers_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMemberName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerMemberProperties": { + "description": "The workspace manager member properties", + "properties": { + "targetWorkspaceResourceId": { + "description": "Fully qualified resource ID of the target Sentinel workspace joining the given Sentinel workspace manager", + "type": "string" + }, + "targetWorkspaceTenantId": { + "description": "Tenant id of the target Sentinel workspace joining the given Sentinel workspace manager", + "type": "string" + } + }, + "required": [ + "targetWorkspaceResourceId", + "targetWorkspaceTenantId" + ], + "type": "object" + }, + "WorkspaceManagerMember": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager member", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerMemberProperties", + "description": "The workspace manager member object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerMembersList": { + "description": "List of workspace manager members", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager members", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager members", + "items": { + "$ref": "#/definitions/WorkspaceManagerMember" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerMemberName": { + "description": "The name of the workspace manager member", + "in": "path", + "name": "workspaceManagerMemberName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerMember": { + "description": "The workspace manager member object", + "in": "body", + "name": "workspaceManagerMember", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/AlertTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/AlertTypes.json new file mode 100644 index 000000000000..559735ed160f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/AlertTypes.json @@ -0,0 +1,81 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-08-01-preview", + "title": "Common Alert types" + }, + "paths": {}, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "definitions": { + "AlertSeverityEnum": { + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "Reconnaissance", + "ResourceDevelopment", + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "PreAttack", + "ImpairProcessControl", + "InhibitResponseFunction" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ContentCommonTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ContentCommonTypes.json new file mode 100644 index 000000000000..5b4aa02c1ede --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ContentCommonTypes.json @@ -0,0 +1,637 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-08-01-preview", + "title": "Common content metadata types" + }, + "paths": {}, + "definitions": { + "metadataContentId": { + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a metadata, both will have the same contentId.", + "type": "string" + }, + "metadataParentId": { + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)", + "type": "string" + }, + "metadataDisplayName": { + "description": "DisplayName of the content.", + "type": "string" + }, + "metadataVersion": { + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks", + "type": "string" + }, + "metadataPackageKind": { + "description": "The package kind", + "enum": [ + "Solution", + "Standalone" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "packageKind", + "values": [ + { + "value": "Solution" + }, + { + "value": "Standalone" + } + ] + } + }, + "metadataKind": { + "type": "string", + "description": "The kind of content the metadata is for.", + "enum": [ + "DataConnector", + "DataType", + "Workbook", + "WorkbookTemplate", + "Playbook", + "PlaybookTemplate", + "AnalyticsRuleTemplate", + "AnalyticsRule", + "HuntingQuery", + "InvestigationQuery", + "Parser", + "Watchlist", + "WatchlistTemplate", + "Solution", + "AzureFunction", + "LogicAppsCustomConnector", + "AutomationRule" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "kind", + "values": [ + { + "value": "DataConnector" + }, + { + "value": "DataType" + }, + { + "value": "Workbook" + }, + { + "value": "WorkbookTemplate" + }, + { + "value": "Playbook" + }, + { + "value": "PlaybookTemplate" + }, + { + "value": "AnalyticsRuleTemplate" + }, + { + "value": "AnalyticsRule" + }, + { + "value": "HuntingQuery" + }, + { + "value": "InvestigationQuery" + }, + { + "value": "Parser" + }, + { + "value": "Watchlist" + }, + { + "value": "WatchlistTemplate" + }, + { + "value": "Solution" + }, + { + "value": "AzureFunction" + }, + { + "value": "LogicAppsCustomConnector" + }, + { + "value": "AutomationRule" + } + ] + } + }, + "metadataTrueFalseFlag": { + "type": "string", + "description": "The boolean value the metadata is for.", + "enum": [ + "true", + "false" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "flag", + "values": [ + { + "value": "true" + }, + { + "value": "false" + } + ] + } + }, + "metadataSource": { + "description": "The original source of the content item, where it comes from.", + "type": "object", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "Source type of the content", + "type": "string", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "sourceKind", + "values": [ + { + "value": "LocalWorkspace" + }, + { + "value": "Community" + }, + { + "value": "Solution" + }, + { + "value": "SourceRepository" + } + ] + } + }, + "name": { + "description": "Name of the content source. The repo name, solution name, LA workspace name etc.", + "type": "string" + }, + "sourceId": { + "description": "ID of the content source. The solution ID, workspace ID, etc", + "type": "string" + } + } + }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "description": "Name of the author. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of author contact", + "type": "string" + }, + "link": { + "description": "Link for author/vendor page", + "type": "string" + } + } + }, + "metadataSupport": { + "type": "object", + "description": "Support information for the content item.", + "required": [ + "tier" + ], + "properties": { + "tier": { + "description": "Type of support for content item", + "type": "string", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "supportTier", + "values": [ + { + "value": "Microsoft" + }, + { + "value": "Partner" + }, + { + "value": "Community" + } + ] + } + }, + "name": { + "description": "Name of the support contact. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of support contact", + "type": "string" + }, + "link": { + "description": "Link for support help, like to support page to open a ticket etc.", + "type": "string" + } + } + }, + "metadataDependencies": { + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "type": "object", + "properties": { + "contentId": { + "description": "Id of the content item we depend on", + "$ref": "#/definitions/metadataContentId" + }, + "kind": { + "description": "Type of the content item we depend on", + "$ref": "#/definitions/metadataKind" + }, + "version": { + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.", + "$ref": "#/definitions/metadataVersion" + }, + "name": { + "description": "Name of the content item", + "type": "string" + }, + "operator": { + "description": "Operator used for list of dependencies in criteria array.", + "type": "string", + "enum": [ + "AND", + "OR" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "operator", + "values": [ + { + "value": "AND" + }, + { + "value": "OR" + } + ] + } + }, + "criteria": { + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "type": "array", + "items": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "x-ms-identifiers": [ + "contentId" + ], + "example": [ + { + "kind": "DataConnector", + "contentId": "68b1de8a-b635-430d-b208-01ba3dda5877", + "version": "1.0.0" + }, + { + "kind": "Workbook", + "contentId": "ad903b46-9905-4504-9825-3bcce796da8e", + "version": "1.0.0" + } + ] + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "description": "domain for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "verticals": { + "description": "Industry verticals for the solution content item", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "str1", + "str2", + "str3" + ] + } + } + }, + "metadataProviders": { + "description": "Providers for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "metadataFirstPublishDate": { + "description": "first publish date of solution content item", + "type": "string", + "format": "date" + }, + "metadataLastPublishDate": { + "description": "last publish date of solution content item", + "type": "string", + "format": "date" + }, + "metadataCustomVersion": { + "description": "The custom version of the content. A optional free text", + "type": "string" + }, + "metadataContentSchemaVersion": { + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version", + "type": "string" + }, + "metadataIcon": { + "description": "the icon identifier. this id can later be fetched from the metadata", + "type": "string" + }, + "metadataThreatAnalysisTactics": { + "description": "the tactics the resource covers", + "type": "array", + "example": [ + "reconnaissance", + "exfiltration" + ], + "items": { + "type": "string" + } + }, + "metadataThreatAnalysisTechniques": { + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "type": "array", + "example": [ + "T1548", + "T1548.001", + "T1134.003" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImages": { + "description": "preview image file names. These will be taken from the solution artifacts", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImagesDark": { + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataTags": { + "description": "the tags assigned to the resource", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "templateBaseProperties": { + "description": "Template property bag.", + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the content item" + }, + "firstPublishDate": { + "$ref": "#/definitions/metadataFirstPublishDate", + "description": "first publish date content item" + }, + "lastPublishDate": { + "$ref": "#/definitions/metadataLastPublishDate", + "description": "last publish date for the content item" + }, + "customVersion": { + "$ref": "#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + }, + "packageId": { + "$ref": "#/definitions/metadataContentId", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "#/definitions/metadataPackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "the name of the package contains this template" + } + } + }, + "packageBaseProperties": { + "description": "Describes package properties", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/metadataPackageKind", + "description": "The package kind" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataVersion", + "description": "The version of the content schema." + }, + "isNew": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this is a newly published package." + }, + "isPreview": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this package is in preview." + }, + "isFeatured": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this package is among the featured list." + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "the latest version number of the package" + }, + "displayName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "The display name of the package" + }, + "description": { + "description": "The description of the package", + "type": "string" + }, + "publisherDisplayName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "The publisher display name of the package" + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "The source of the package" + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The author of the package" + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "The support tier of the package" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "The support tier of the package" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the package item" + }, + "firstPublishDate": { + "$ref": "#/definitions/metadataFirstPublishDate", + "description": "first publish date package item" + }, + "lastPublishDate": { + "$ref": "#/definitions/metadataLastPublishDate", + "description": "last publish date for the package item" + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "The categories of the package" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the content metadata" + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/EntityTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/EntityTypes.json new file mode 100644 index 000000000000..0832016148ca --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/EntityTypes.json @@ -0,0 +1,2550 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-08-01-preview", + "title": "Common Entity types" + }, + "paths": {}, + "definitions": { + "AccountEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an account entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AccountEntityProperties", + "description": "Account entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Account" + }, + "AccountEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Account entity property bag.", + "properties": { + "aadTenantId": { + "description": "The Azure Active Directory tenant id.", + "readOnly": true, + "type": "string" + }, + "aadUserId": { + "description": "The Azure Active Directory user id.", + "readOnly": true, + "type": "string" + }, + "accountName": { + "description": "The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name of the account.", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id that contains the account in case it is a local account (not domain joined)", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this is a domain account.", + "readOnly": true, + "type": "boolean" + }, + "ntDomain": { + "description": "The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY.", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "puid": { + "description": "The Azure Active Directory Passport User ID.", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The account security identifier, e.g. S-1-5-18.", + "readOnly": true, + "type": "string" + }, + "upnSuffix": { + "description": "The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The fully qualified domain DNS name.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "AzureResourceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an azure resource entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AzureResourceEntityProperties", + "description": "AzureResource entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureResource" + }, + "AzureResourceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "AzureResource entity property bag.", + "properties": { + "resourceId": { + "description": "The azure resource id of the resource", + "readOnly": true, + "type": "string" + }, + "subscriptionId": { + "description": "The subscription id of the resource", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "CloudApplicationEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a cloud application entity.", + "properties": { + "properties": { + "$ref": "#/definitions/CloudApplicationEntityProperties", + "description": "CloudApplication entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "CloudApplication" + }, + "CloudApplicationEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "CloudApplication entity property bag.", + "properties": { + "appId": { + "description": "The technical identifier of the application.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "appName": { + "description": "The name of the related cloud application.", + "readOnly": true, + "type": "string" + }, + "instanceName": { + "description": "The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "DnsEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a dns entity.", + "properties": { + "properties": { + "$ref": "#/definitions/DnsEntityProperties", + "description": "Dns entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "DnsResolution" + }, + "DnsEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Dns entity property bag.", + "properties": { + "dnsServerIpEntityId": { + "description": "An ip entity id for the dns server resolving the request", + "readOnly": true, + "type": "string" + }, + "domainName": { + "description": "The name of the dns record associated with the alert", + "readOnly": true, + "type": "string" + }, + "hostIpAddressEntityId": { + "description": "An ip entity id for the dns request client", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityIds": { + "description": "Ip entity identifiers for the resolved ip address.", + "items": { + "description": "Ip entity id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "Entity": { + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "properties": { + "kind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the entity." + } + }, + "description": "Specific entity.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "EntityCommonProperties": { + "description": "Entity common property bag.", + "properties": { + "additionalData": { + "additionalProperties": true, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "readOnly": true, + "type": "object" + }, + "friendlyName": { + "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "EntityInnerKind": { + "description": "The kind of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DnsResolution", + "FileHash", + "Ip", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "Url", + "IoTDevice", + "SecurityAlert", + "Bookmark", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail", + "Nic" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityKindEnum", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns resolution in the system.", + "value": "DnsResolution" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "Ip" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "Url" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents bookmark in the system.", + "value": "Bookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + }, + { + "description": "Entity represents network interface in the system.", + "value": "Nic" + } + ] + } + }, + "EntityInnerType": { + "description": "The type of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DNS", + "FileHash", + "IP", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "IoTDevice", + "SecurityAlert", + "HuntingBookmark", + "MailCluster", + "MailMessage", + "Mailbox", + "SubmissionMail", + "Nic" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityType", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns in the system.", + "value": "DNS" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "IP" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "URL" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents HuntingBookmark in the system.", + "value": "HuntingBookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + }, + { + "description": "Entity represents network interface in the system.", + "value": "Nic" + } + ] + } + }, + "EntityQueryKind": { + "description": "The kind of the entity query", + "enum": [ + "Expansion", + "Insight", + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityQueryKind", + "values": [ + { + "value": "Expansion" + }, + { + "value": "Insight" + }, + { + "value": "Activity" + } + ] + } + }, + "ExpansionResultAggregation": { + "description": "Information of a specific aggregation in the expansion result.", + "properties": { + "aggregationType": { + "description": "The common type of the aggregation. (for e.g. entity field name)", + "type": "string" + }, + "count": { + "description": "Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.", + "type": "integer", + "format": "int32" + }, + "displayName": { + "description": "The display name of the aggregation by type.", + "type": "string" + }, + "entityKind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the aggregated entity." + } + }, + "required": [ + "entityKind", + "count" + ], + "type": "object" + }, + "ExpansionResultsMetadata": { + "description": "Expansion result metadata.", + "properties": { + "aggregations": { + "description": "Information of the aggregated nodes in the expansion result.", + "items": { + "$ref": "#/definitions/ExpansionResultAggregation" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "FileEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "File" + }, + "FileEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "File entity property bag.", + "properties": { + "directory": { + "description": "The full path to the file.", + "readOnly": true, + "type": "string" + }, + "fileHashEntityIds": { + "description": "The file hash entity identifiers associated with this file", + "items": { + "description": "file hash id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "fileName": { + "description": "The file name without path (some alerts might not include path).", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id which the file belongs to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "FileHashEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file hash entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileHashEntityProperties", + "description": "FileHash entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "FileHash" + }, + "FileHashEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "FileHash entity property bag.", + "properties": { + "algorithm": { + "description": "The hash algorithm type.", + "enum": [ + "Unknown", + "MD5", + "SHA1", + "SHA256", + "SHA256AC" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileHashAlgorithm", + "values": [ + { + "description": "Unknown hash algorithm", + "value": "Unknown" + }, + { + "description": "MD5 hash type", + "value": "MD5" + }, + { + "description": "SHA1 hash type", + "value": "SHA1" + }, + { + "description": "SHA256 hash type", + "value": "SHA256" + }, + { + "description": "SHA256 Authenticode hash type", + "value": "SHA256AC" + } + ] + } + }, + "hashValue": { + "description": "The file hash value.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "HostEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a host entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HostEntityProperties", + "description": "Host entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Host" + }, + "HostEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Host entity property bag.", + "properties": { + "azureID": { + "description": "The azure resource id of the VM.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain", + "readOnly": true, + "type": "string" + }, + "hostName": { + "description": "The hostname without the domain suffix.", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this host belongs to a domain.", + "readOnly": true, + "type": "boolean" + }, + "netBiosName": { + "description": "The host name (pre-windows2000).", + "readOnly": true, + "type": "string" + }, + "ntDomain": { + "description": "The NT domain that this host belongs to.", + "readOnly": true, + "type": "string" + }, + "omsAgentID": { + "description": "The OMS agent id, if the host has OMS agent installed.", + "readOnly": true, + "type": "string" + }, + "osFamily": { + "description": "The operating system type.", + "enum": [ + "Linux", + "Windows", + "Android", + "IOS", + "Unknown" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "OSFamily", + "values": [ + { + "description": "Host with Linux operating system.", + "value": "Linux" + }, + { + "description": "Host with Windows operating system.", + "value": "Windows" + }, + { + "description": "Host with Android operating system.", + "value": "Android" + }, + { + "description": "Host with IOS operating system.", + "value": "IOS" + }, + { + "description": "Host with Unknown operating system.", + "value": "Unknown" + } + ] + } + }, + "osVersion": { + "description": "A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "HuntingBookmark": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a Hunting bookmark entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntingBookmarkProperties", + "description": "HuntingBookmark entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "HuntingBookmarkProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "eventTime": { + "description": "The time of the event", + "format": "date-time", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "../../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "../../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "incidentInfo": { + "$ref": "IncidentTypes.json#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "IoTDeviceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an IoT device entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDeviceEntityProperties", + "description": "IoTDevice entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IoTDevice" + }, + "IoTDeviceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "IoTDevice entity property bag.", + "properties": { + "deviceId": { + "description": "The ID of the IoT Device in the IoT Hub", + "readOnly": true, + "type": "string" + }, + "deviceName": { + "description": "The friendly name of the device", + "readOnly": true, + "type": "string" + }, + "source": { + "description": "The source of the device", + "readOnly": true, + "type": "string" + }, + "iotSecurityAgentId": { + "description": "The ID of the security agent running on the device", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "deviceType": { + "description": "The type of the device", + "readOnly": true, + "type": "string" + }, + "vendor": { + "description": "The vendor of the device", + "readOnly": true, + "type": "string" + }, + "edgeId": { + "description": "The ID of the edge device", + "readOnly": true, + "type": "string" + }, + "macAddress": { + "description": "The MAC address of the device", + "readOnly": true, + "type": "string" + }, + "model": { + "description": "The model of the device", + "readOnly": true, + "type": "string" + }, + "serialNumber": { + "description": "The serial number of the device", + "readOnly": true, + "type": "string" + }, + "firmwareVersion": { + "description": "The firmware version of the device", + "readOnly": true, + "type": "string" + }, + "operatingSystem": { + "description": "The operating system of the device", + "readOnly": true, + "type": "string" + }, + "iotHubEntityId": { + "description": "The AzureResource entity id of the IoT Hub", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id of this device", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityId": { + "description": "The IP entity if of this device", + "readOnly": true, + "type": "string" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the IoTDevice entity.", + "items": { + "$ref": "ThreatIntelligenceTypes.json#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "protocols": { + "description": "A list of protocols of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "owners": { + "description": "A list of owners of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "nicEntityIds": { + "description": "A list of Nic entity ids of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "site": { + "description": "The site of the device", + "readOnly": true, + "type": "string" + }, + "zone": { + "description": "The zone location of the device within a site", + "readOnly": true, + "type": "string" + }, + "sensor": { + "description": "The sensor the device is monitored by", + "readOnly": true, + "type": "string" + }, + "deviceSubType": { + "description": "The subType of the device ('PLC', 'HMI', 'EWS', etc.)", + "readOnly": true, + "type": "string" + }, + "importance": { + "description": "Device importance, determines if the device classified as 'crown jewel'", + "enum": [ + "Unknown", + "Low", + "Normal", + "High" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeviceImportance", + "values": [ + { + "description": "Unknown - Default value", + "value": "Unknown" + }, + { + "description": "Low", + "value": "Low" + }, + { + "description": "Normal", + "value": "Normal" + }, + { + "description": "High", + "value": "High" + } + ] + } + }, + "purdueLayer": { + "description": "The Purdue Layer of the device", + "readOnly": true, + "type": "string" + }, + "isAuthorized": { + "description": "Determines whether the device classified as authorized device", + "readOnly": true, + "type": "boolean" + }, + "isProgramming": { + "description": "Determines whether the device classified as programming device", + "readOnly": true, + "type": "boolean" + }, + "isScanner": { + "description": "Is the device classified as a scanner device", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "IpEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an ip entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IpEntityProperties", + "description": "Ip entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ip" + }, + "IpEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Ip entity property bag.", + "properties": { + "address": { + "description": "The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)", + "readOnly": true, + "type": "string" + }, + "location": { + "$ref": "#/definitions/GeoLocation", + "description": "The geo-location context attached to the ip entity" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the ip entity.", + "items": { + "$ref": "ThreatIntelligenceTypes.json#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "GeoLocation": { + "description": "The geo-location context attached to the ip entity", + "properties": { + "asn": { + "description": "Autonomous System Number", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "city": { + "description": "City name", + "readOnly": true, + "type": "string" + }, + "countryCode": { + "description": "The country code according to ISO 3166 format", + "readOnly": true, + "type": "string" + }, + "countryName": { + "description": "Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name", + "readOnly": true, + "type": "string" + }, + "latitude": { + "description": "The latitude of the identified location, expressed as a floating point number with range of - 90 to 90. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "longitude": { + "description": "The longitude of the identified location, expressed as a floating point number with range of -180 to 180. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "state": { + "description": "State name", + "readOnly": true, + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "MailboxEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mailbox entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailboxEntityProperties", + "description": "Mailbox entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Mailbox" + }, + "MailboxEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mailbox entity property bag.", + "properties": { + "mailboxPrimaryAddress": { + "description": "The mailbox's primary address", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The mailbox's display name", + "readOnly": true, + "type": "string" + }, + "upn": { + "description": "The mailbox's UPN", + "readOnly": true, + "type": "string" + }, + "externalDirectoryObjectId": { + "description": "The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side", + "format": "uuid", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailClusterEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail cluster entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailClusterEntityProperties", + "description": "Mail cluster entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailCluster" + }, + "MailClusterEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail cluster entity property bag.", + "properties": { + "networkMessageIds": { + "description": "The mail message IDs that are part of the mail cluster", + "items": { + "description": "A mail message ID", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "countByDeliveryStatus": { + "description": "Count of mail messages by DeliveryStatus string representation", + "readOnly": true, + "type": "object" + }, + "countByThreatType": { + "description": "Count of mail messages by ThreatType string representation", + "readOnly": true, + "type": "object" + }, + "countByProtectionStatus": { + "description": "Count of mail messages by ProtectionStatus string representation", + "readOnly": true, + "type": "object" + }, + "threats": { + "description": "The threats of mail messages that are part of the mail cluster", + "items": { + "description": "A threat", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "query": { + "description": "The query that was used to identify the messages of the mail cluster", + "readOnly": true, + "type": "string" + }, + "queryTime": { + "description": "The query time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "mailCount": { + "description": "The number of mail messages that are part of the mail cluster", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "isVolumeAnomaly": { + "description": "Is this a volume anomaly mail cluster", + "readOnly": true, + "type": "boolean" + }, + "source": { + "description": "The source of the mail cluster (default is 'O365 ATP')", + "readOnly": true, + "type": "string" + }, + "clusterSourceIdentifier": { + "description": "The id of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterSourceType": { + "description": "The type of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterQueryStartTime": { + "description": "The cluster query start time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterQueryEndTime": { + "description": "The cluster query end time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterGroup": { + "description": "The cluster group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailMessageEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail message entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailMessageEntityProperties", + "description": "Mail message entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailMessage" + }, + "MailMessageEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail message entity property bag.", + "properties": { + "fileEntityIds": { + "description": "The File entity ids of this mail message's attachments", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "recipient": { + "description": "The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient", + "readOnly": true, + "type": "string" + }, + "urls": { + "description": "The Urls contained in this mail message", + "items": { + "description": "A Url contained in this mail message", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "threats": { + "description": "The threats of this mail message", + "items": { + "description": "A threat of the mail message", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "p1Sender": { + "description": "The p1 sender's email address", + "readOnly": true, + "type": "string" + }, + "p1SenderDisplayName": { + "description": "The p1 sender's display name", + "readOnly": true, + "type": "string" + }, + "p1SenderDomain": { + "description": "The p1 sender's domain", + "readOnly": true, + "type": "string" + }, + "senderIP": { + "description": "The sender's IP address", + "readOnly": true, + "type": "string" + }, + "p2Sender": { + "description": "The p2 sender's email address", + "readOnly": true, + "type": "string" + }, + "p2SenderDisplayName": { + "description": "The p2 sender's display name", + "readOnly": true, + "type": "string" + }, + "p2SenderDomain": { + "description": "The p2 sender's domain", + "readOnly": true, + "type": "string" + }, + "receiveDate": { + "description": "The receive date of this message", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "networkMessageId": { + "description": "The network message id of this mail message", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "internetMessageId": { + "description": "The internet message id of this mail message", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of this mail message", + "readOnly": true, + "type": "string" + }, + "language": { + "description": "The language of this mail message", + "readOnly": true, + "type": "string" + }, + "threatDetectionMethods": { + "description": "The threat detection methods", + "items": { + "description": "A threat detection method", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "bodyFingerprintBin1": { + "description": "The bodyFingerprintBin1", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin2": { + "description": "The bodyFingerprintBin2", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin3": { + "description": "The bodyFingerprintBin3", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin4": { + "description": "The bodyFingerprintBin4", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin5": { + "description": "The bodyFingerprintBin5", + "type": "integer", + "format": "int32" + }, + "antispamDirection": { + "description": "The directionality of this mail message", + "enum": [ + "Unknown", + "Inbound", + "Outbound", + "Intraorg" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AntispamMailDirection", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbound", + "value": "Inbound" + }, + { + "description": "Outbound", + "value": "Outbound" + }, + { + "description": "Intraorg", + "value": "Intraorg" + } + ] + } + }, + "deliveryAction": { + "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc", + "enum": [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryAction", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "DeliveredAsSpam", + "value": "DeliveredAsSpam" + }, + { + "description": "Delivered", + "value": "Delivered" + }, + { + "description": "Blocked", + "value": "Blocked" + }, + { + "description": "Replaced", + "value": "Replaced" + } + ] + } + }, + "deliveryLocation": { + "description": "The delivery location of this mail message like Inbox, JunkFolder etc", + "enum": [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryLocation", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbox", + "value": "Inbox" + }, + { + "description": "JunkFolder", + "value": "JunkFolder" + }, + { + "description": "DeletedFolder", + "value": "DeletedFolder" + }, + { + "description": "Quarantine", + "value": "Quarantine" + }, + { + "description": "External", + "value": "External" + }, + { + "description": "Failed", + "value": "Failed" + }, + { + "description": "Dropped", + "value": "Dropped" + }, + { + "description": "Forwarded", + "value": "Forwarded" + } + ] + } + } + }, + "type": "object" + }, + "MalwareEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a malware entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MalwareEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Malware" + }, + "MalwareEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Malware entity property bag.", + "properties": { + "category": { + "description": "The malware category by the vendor, e.g. Trojan", + "readOnly": true, + "type": "string" + }, + "fileEntityIds": { + "description": "List of linked file entity identifiers on which the malware was found", + "items": { + "description": "file entity id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "malwareName": { + "description": "The malware name by the vendor, e.g. Win32/Toga!rfn", + "readOnly": true, + "type": "string" + }, + "processEntityIds": { + "description": "List of linked process entity identifiers on which the malware was found.", + "items": { + "description": "process entity id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ProcessEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a process entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ProcessEntityProperties", + "description": "Process entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Process" + }, + "ProcessEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Process entity property bag.", + "properties": { + "accountEntityId": { + "description": "The account entity id running the processes.", + "readOnly": true, + "type": "string" + }, + "commandLine": { + "description": "The command line used to create the process", + "readOnly": true, + "type": "string" + }, + "creationTimeUtc": { + "description": "The time when the process started to run", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "elevationToken": { + "description": "The elevation token associated with the process.", + "enum": [ + "Default", + "Full", + "Limited" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "ElevationToken", + "values": [ + { + "description": "Default elevation token", + "value": "Default" + }, + { + "description": "Full elevation token", + "value": "Full" + }, + { + "description": "Limited elevation token", + "value": "Limited" + } + ] + } + }, + "hostEntityId": { + "description": "The host entity id on which the process was running", + "readOnly": true, + "type": "string" + }, + "hostLogonSessionEntityId": { + "description": "The session entity id in which the process was running", + "readOnly": true, + "type": "string" + }, + "imageFileEntityId": { + "description": "Image file entity id", + "readOnly": true, + "type": "string" + }, + "parentProcessEntityId": { + "description": "The parent process entity id.", + "readOnly": true, + "type": "string" + }, + "processId": { + "description": "The process ID", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryKeyEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry key entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryKeyEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryKey" + }, + "RegistryKeyEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryKey entity property bag.", + "properties": { + "hive": { + "description": "the hive that holds the registry key.", + "enum": [ + "HKEY_LOCAL_MACHINE", + "HKEY_CLASSES_ROOT", + "HKEY_CURRENT_CONFIG", + "HKEY_USERS", + "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "HKEY_PERFORMANCE_DATA", + "HKEY_PERFORMANCE_NLSTEXT", + "HKEY_PERFORMANCE_TEXT", + "HKEY_A", + "HKEY_CURRENT_USER" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryHive", + "values": [ + { + "description": "HKEY_LOCAL_MACHINE", + "value": "HKEY_LOCAL_MACHINE" + }, + { + "description": "HKEY_CLASSES_ROOT", + "value": "HKEY_CLASSES_ROOT" + }, + { + "description": "HKEY_CURRENT_CONFIG", + "value": "HKEY_CURRENT_CONFIG" + }, + { + "description": "HKEY_USERS", + "value": "HKEY_USERS" + }, + { + "description": "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS" + }, + { + "description": "HKEY_PERFORMANCE_DATA", + "value": "HKEY_PERFORMANCE_DATA" + }, + { + "description": "HKEY_PERFORMANCE_NLSTEXT", + "value": "HKEY_PERFORMANCE_NLSTEXT" + }, + { + "description": "HKEY_PERFORMANCE_TEXT", + "value": "HKEY_PERFORMANCE_TEXT" + }, + { + "description": "HKEY_A", + "value": "HKEY_A" + }, + { + "description": "HKEY_CURRENT_USER", + "value": "HKEY_CURRENT_USER" + } + ] + } + }, + "key": { + "description": "The registry key path.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryValueEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry value entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryValueEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryValue" + }, + "RegistryValueEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryValue entity property bag.", + "properties": { + "keyEntityId": { + "description": "The registry key entity id.", + "readOnly": true, + "type": "string" + }, + "valueData": { + "description": "String formatted representation of the value data.", + "readOnly": true, + "type": "string" + }, + "valueName": { + "description": "The registry value name.", + "readOnly": true, + "type": "string" + }, + "valueType": { + "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", + "enum": [ + "None", + "Unknown", + "String", + "ExpandString", + "Binary", + "DWord", + "MultiString", + "QWord" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryValueKind", + "values": [ + { + "description": "None", + "value": "None" + }, + { + "description": "Unknown value type", + "value": "Unknown" + }, + { + "description": "String value type", + "value": "String" + }, + { + "description": "ExpandString value type", + "value": "ExpandString" + }, + { + "description": "Binary value type", + "value": "Binary" + }, + { + "description": "DWord value type", + "value": "DWord" + }, + { + "description": "MultiString value type", + "value": "MultiString" + }, + { + "description": "QWord value type", + "value": "QWord" + } + ] + } + } + }, + "type": "object" + }, + "SecurityAlert": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security alert entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityAlertProperties", + "description": "SecurityAlert entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "SecurityAlertProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityAlert entity property bag.", + "properties": { + "alertDisplayName": { + "description": "The display name of the alert.", + "readOnly": true, + "type": "string" + }, + "alertType": { + "description": "The type name of the alert.", + "readOnly": true, + "type": "string" + }, + "compromisedEntity": { + "description": "Display name of the main entity being reported on.", + "readOnly": true, + "type": "string" + }, + "confidenceLevel": { + "description": "The confidence level of this alert.", + "enum": [ + "Unknown", + "Low", + "High" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceLevel", + "values": [ + { + "description": "Unknown confidence, the is the default value", + "value": "Unknown" + }, + { + "description": "Low confidence, meaning we have some doubts this is indeed malicious or part of an attack", + "value": "Low" + }, + { + "description": "High confidence that the alert is true positive malicious", + "value": "High" + } + ] + } + }, + "confidenceReasons": { + "description": "The confidence reasons", + "items": { + "description": "confidence reason item", + "properties": { + "reason": { + "description": "The reason's description", + "readOnly": true, + "type": "string" + }, + "reasonType": { + "description": "The type (category) of the reason", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "confidenceScore": { + "description": "The confidence score of the alert.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "confidenceScoreStatus": { + "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", + "enum": [ + "NotApplicable", + "InProcess", + "NotFinal", + "Final" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceScoreStatus", + "values": [ + { + "description": "Score will not be calculated for this alert as it is not supported by virtual analyst", + "value": "NotApplicable" + }, + { + "description": "No score was set yet and calculation is in progress", + "value": "InProcess" + }, + { + "description": "Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data", + "value": "NotFinal" + }, + { + "description": "Final score was calculated and available", + "value": "Final" + } + ] + } + }, + "description": { + "description": "Alert description.", + "readOnly": true, + "type": "string" + }, + "endTimeUtc": { + "description": "The impact end time of the alert (the time of the last event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "intent": { + "description": "Holds the alert intent stage(s) mapping for this alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "KillChainIntent", + "values": [ + { + "description": "The default value.", + "value": "Unknown" + }, + { + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in.", + "value": "Probing" + }, + { + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage.", + "value": "Exploitation" + }, + { + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access.", + "value": "Persistence" + }, + { + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.", + "value": "PrivilegeEscalation" + }, + { + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ", + "value": "DefenseEvasion" + }, + { + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment.", + "value": "CredentialAccess" + }, + { + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must navigate themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.", + "value": "Discovery" + }, + { + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect.", + "value": "LateralMovement" + }, + { + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network.", + "value": "Execution" + }, + { + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Collection" + }, + { + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Exfiltration" + }, + { + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network.", + "value": "CommandAndControl" + }, + { + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.", + "value": "Impact" + } + ] + } + }, + "providerAlertId": { + "description": "The identifier of the alert inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "processingEndTime": { + "description": "The time the alert was made available for consumption.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "productComponentName": { + "description": "The name of a component inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "productName": { + "description": "The name of the product which published this alert.", + "readOnly": true, + "type": "string" + }, + "productVersion": { + "description": "The version of the product generating the alert.", + "readOnly": true, + "type": "string" + }, + "remediationSteps": { + "description": "Manual action items to take to remediate the alert.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "severity": { + "$ref": "AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity of the alert", + "type": "string" + }, + "startTimeUtc": { + "description": "The impact start time of the alert (the time of the first event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "status": { + "description": "The lifecycle status of the alert.", + "enum": [ + "Unknown", + "New", + "Resolved", + "Dismissed", + "InProgress" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertStatus", + "values": [ + { + "description": "Unknown value", + "value": "Unknown" + }, + { + "description": "New alert", + "value": "New" + }, + { + "description": "Alert closed after handling", + "value": "Resolved" + }, + { + "description": "Alert dismissed as false positive", + "value": "Dismissed" + }, + { + "description": "Alert is being handled", + "value": "InProgress" + } + ] + } + }, + "systemAlertId": { + "description": "Holds the product identifier of the alert for the product.", + "readOnly": true, + "type": "string" + }, + "tactics": { + "description": "The tactics of the alert", + "items": { + "$ref": "AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "timeGenerated": { + "description": "The time the alert was generated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "vendorName": { + "description": "The name of the vendor that raise the alert.", + "readOnly": true, + "type": "string" + }, + "alertLink": { + "description": "The uri link of the alert.", + "readOnly": true, + "type": "string" + }, + "resourceIdentifiers": { + "description": "The list of resource identifiers of the alert.", + "items": { + "type": "object" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "SecurityGroupEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security group entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityGroupEntityProperties", + "description": "SecurityGroup entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityGroup" + }, + "SecurityGroupEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityGroup entity property bag.", + "properties": { + "distinguishedName": { + "description": "The group distinguished name", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "A single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "SubmissionMailEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a submission mail entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SubmissionMailEntityProperties", + "description": "Submission mail entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SubmissionMail" + }, + "SubmissionMailEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Submission mail entity property bag.", + "properties": { + "networkMessageId": { + "description": "The network message id of email to which submission belongs", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submissionId": { + "description": "The submission id", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submitter": { + "description": "The submitter", + "readOnly": true, + "type": "string" + }, + "submissionDate": { + "description": "The submission date", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "timestamp": { + "description": "The Time stamp when the message is received (Mail)", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "recipient": { + "description": "The recipient of the mail", + "readOnly": true, + "type": "string" + }, + "sender": { + "description": "The sender of the mail", + "readOnly": true, + "type": "string" + }, + "senderIp": { + "description": "The sender's IP", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of submission mail", + "readOnly": true, + "type": "string" + }, + "reportType": { + "description": "The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "UrlEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a url entity.", + "properties": { + "properties": { + "$ref": "#/definitions/UrlEntityProperties", + "description": "Url entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Url" + }, + "UrlEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Url entity property bag.", + "properties": { + "url": { + "description": "A full URL the entity points to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "NicEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an network interface entity.", + "properties": { + "properties": { + "$ref": "#/definitions/NicEntityProperties", + "description": "Network interface entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Nic" + }, + "NicEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Nic entity property bag.", + "properties": { + "macAddress": { + "description": "The MAC address of this network interface", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityId": { + "description": "The IP entity id of this network interface", + "readOnly": true, + "type": "string" + }, + "vlans": { + "description": "A list of VLANs of the network interface entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/IncidentTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/IncidentTypes.json new file mode 100644 index 000000000000..14a806c690eb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/IncidentTypes.json @@ -0,0 +1,246 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-08-01-preview", + "title": "Common Incident types" + }, + "paths": {}, + "definitions": { + "IncidentClassificationEnum": { + "description": "The reason the incident was closed", + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassification", + "values": [ + { + "description": "Incident classification was undetermined", + "value": "Undetermined" + }, + { + "description": "Incident was true positive", + "value": "TruePositive" + }, + { + "description": "Incident was benign positive", + "value": "BenignPositive" + }, + { + "description": "Incident was false positive", + "value": "FalsePositive" + } + ] + } + }, + "IncidentClassificationReasonEnum": { + "description": "The classification reason the incident was closed with", + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassificationReason", + "values": [ + { + "description": "Classification reason was suspicious activity", + "value": "SuspiciousActivity" + }, + { + "description": "Classification reason was suspicious but expected", + "value": "SuspiciousButExpected" + }, + { + "description": "Classification reason was incorrect alert logic", + "value": "IncorrectAlertLogic" + }, + { + "description": "Classification reason was inaccurate data", + "value": "InaccurateData" + } + ] + } + }, + "IncidentLabel": { + "description": "Represents an incident label", + "properties": { + "labelName": { + "description": "The name of the label", + "type": "string" + }, + "labelType": { + "$ref": "#/definitions/IncidentLabelType" + } + }, + "required": [ + "labelName" + ], + "type": "object" + }, + "IncidentLabelType": { + "description": "The type of the label", + "enum": [ + "User", + "AutoAssigned" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentLabelType", + "values": [ + { + "description": "Label manually created by a user", + "value": "User" + }, + { + "description": "Label automatically created by the system", + "value": "AutoAssigned" + } + ] + } + }, + "IncidentSeverityEnum": { + "description": "The severity of the incident", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "IncidentStatusEnum": { + "description": "The status of the incident", + "enum": [ + "New", + "Active", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentStatus", + "values": [ + { + "description": "An active incident which isn't being handled currently", + "value": "New" + }, + { + "description": "An active incident which is being handled", + "value": "Active" + }, + { + "description": "A non-active incident", + "value": "Closed" + } + ] + } + }, + "IncidentOwnerInfo": { + "description": "Information on the user an incident is assigned to", + "properties": { + "email": { + "description": "The email of the user the incident is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the incident is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the incident is assigned to.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the user the incident is assigned to.", + "type": "string" + }, + "ownerType": { + "description": "The type of the owner the incident is assigned to.", + "type": "string", + "enum": [ + "Unknown", + "User", + "Group" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "OwnerType", + "values": [ + { + "description": "The incident owner type is unknown", + "value": "Unknown" + }, + { + "description": "The incident owner type is an AAD user", + "value": "User" + }, + { + "description": "The incident owner type is an AAD group", + "value": "Group" + } + ] + } + } + }, + "type": "object" + }, + "IncidentInfo": { + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "description": "Incident Id", + "type": "string" + }, + "severity": { + "description": "The severity of the incident", + "type": "string", + "$ref": "#/definitions/IncidentSeverityEnum" + }, + "title": { + "description": "The title of the incident", + "type": "string" + }, + "relationName": { + "description": "Relation Name", + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/RelationTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/RelationTypes.json new file mode 100644 index 000000000000..89961de0855f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/RelationTypes.json @@ -0,0 +1,95 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-08-01-preview", + "title": "Common Relation types" + }, + "paths": {}, + "definitions": { + "RelationList": { + "description": "List of relations.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of relations.", + "type": "string" + }, + "value": { + "description": "Array of relations.", + "type": "array", + "items": { + "$ref": "#/definitions/Relation" + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "Relation": { + "type": "object", + "description": "Represents a relation between two resources", + "allOf": [ + { + "$ref": "../../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/RelationProperties", + "description": "Relation properties", + "x-ms-client-flatten": true + } + } + }, + "RelationProperties": { + "description": "Relation property bag.", + "properties": { + "relatedResourceId": { + "description": "The resource ID of the related resource", + "type": "string" + }, + "relatedResourceName": { + "description": "The name of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceType": { + "description": "The resource type of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceKind": { + "description": "The resource kind of the related resource", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "relatedResourceId" + ], + "type": "object" + } + }, + "parameters": { + "RelationName": { + "name": "relationName", + "in": "path", + "required": true, + "type": "string", + "description": "Relation Name", + "x-ms-parameter-location": "method" + }, + "Relation": { + "name": "relation", + "in": "body", + "description": "The relation model", + "required": true, + "schema": { + "$ref": "#/definitions/Relation" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ThreatIntelligenceTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ThreatIntelligenceTypes.json new file mode 100644 index 000000000000..ddb2849a0d38 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ThreatIntelligenceTypes.json @@ -0,0 +1,48 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-08-01-preview", + "title": "Common Relation types" + }, + "paths": {}, + "definitions": { + "ThreatIntelligence": { + "description": "ThreatIntelligence property bag.", + "properties": { + "confidence": { + "description": "Confidence (must be between 0 and 1)", + "format": "double", + "readOnly": true, + "type": "number" + }, + "providerName": { + "description": "Name of the provider from whom this Threat Intelligence information was received", + "readOnly": true, + "type": "string" + }, + "reportLink": { + "description": "Report link", + "readOnly": true, + "type": "string" + }, + "threatDescription": { + "description": "Threat description (free text)", + "readOnly": true, + "type": "string" + }, + "threatName": { + "description": "Threat name (e.g. \"Jedobot malware\")", + "readOnly": true, + "type": "string" + }, + "threatType": { + "description": "Threat type (e.g. \"Botnet\")", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectorDefinitions.json new file mode 100644 index 000000000000..ee95e9c2f4ba --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectorDefinitions.json @@ -0,0 +1,737 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions": { + "get": { + "x-ms-examples": { + "Get all data connector definitions.": { + "$ref": "./examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Gets all data connector definitions.", + "operationId": "DataConnectorDefinitions_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/DataConnectorDefinitionArmCollectionWrapper" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}": { + "get": { + "x-ms-examples": { + "Get customize data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Gets a data connector definition.", + "operationId": "DataConnectorDefinitions_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/dataConnectorDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Creates or updates the data connector definition.", + "operationId": "DataConnectorDefinitions_CreateOrUpdate", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/dataConnectorDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "in": "body", + "name": "connectorDefinitionInput", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + }, + "description": "The data connector definition", + "x-ms-parameter-location": "method" + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Delete the data connector definition.", + "operationId": "DataConnectorDefinitions_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/dataConnectorDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "ConnectorDefinitionsAvailability": { + "description": "The exposure status of the connector to the customers.", + "type": "object", + "properties": { + "status": { + "$ref": "#/definitions/AvailabilityStatus" + }, + "isPreview": { + "description": "Gets or sets a value indicating whether the connector is preview.", + "type": "boolean" + } + } + }, + "AvailabilityStatus": { + "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal).", + "type": "integer", + "format": "int32" + }, + "ConnectivityCriterion": { + "description": "The criteria by which we determine whether the connector is connected or not.\r\nFor Example, use a KQL query to check if the expected data type is flowing).", + "required": [ + "type" + ], + "type": "object", + "properties": { + "type": { + "description": "Gets or sets the type of connectivity.", + "type": "string" + }, + "value": { + "description": "Gets or sets the queries for checking connectivity.", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "ConnectorDataType": { + "description": "The data type which is created by the connector,\r\nincluding a query indicated when was the last time that data type was received in the workspace.", + "required": [ + "lastDataReceivedQuery", + "name" + ], + "type": "object", + "properties": { + "name": { + "description": "Gets or sets the name of the data type to show in the graph.", + "type": "string" + }, + "lastDataReceivedQuery": { + "description": "Gets or sets the query to indicate when relevant data was last received in the workspace.", + "type": "string" + } + } + }, + "DataConnectorDefinition": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "required": [ + "kind" + ], + "description": "An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal,\r\nand the info required to define data connections.", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorDefinitionKind", + "description": "The data connector kind", + "type": "string" + } + }, + "discriminator": "kind" + }, + "DataConnectorDefinitionKind": { + "description": "The kind of the data connector definitions", + "enum": [ + "Customizable" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorDefinitionKind", + "values": [ + { + "value": "Customizable" + } + ] + } + }, + "DataConnectorDefinitionArmCollectionWrapper": { + "type": "object", + "description": "Encapsulate the data connector definition object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "nextLink": { + "type": "string" + } + } + }, + "CustomizableConnectorDefinition": { + "description": "Connector definition for kind 'Customizable'.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDefinition" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/CustomizableConnectorDefinitionProperties", + "description": "Customizable properties.", + "x-ms-client-flatten": true + } + }, + "x-ms-discriminator-value": "Customizable" + }, + "CustomizableConnectorDefinitionProperties": { + "description": "The UiConfig for 'Customizable' connector definition kind.", + "type": "object", + "required": [ + "connectorUiConfig" + ], + "properties": { + "createdTimeUtc": { + "format": "date-time", + "description": "Gets or sets the connector definition created date in UTC format.", + "type": "string" + }, + "lastModifiedUtc": { + "format": "date-time", + "description": "Gets or sets the connector definition last modified date in UTC format.", + "type": "string" + }, + "connectorUiConfig": { + "$ref": "#/definitions/CustomizableConnectorUiConfig" + }, + "connectionsConfig": { + "$ref": "#/definitions/CustomizableConnectionsConfig" + } + } + }, + "CustomizableConnectionsConfig": { + "description": "The UiConfig for 'Customizable' connector definition kind.", + "required": [ + "templateSpecVersion", + "templateSpecName" + ], + "type": "object", + "properties": { + "templateSpecName": { + "description": "Gets or sets the template name. The template includes ARM templates that can be created by the connector, usually it will be the dataConnectors ARM templates.", + "type": "string" + }, + "templateSpecVersion": { + "description": "Gets or sets the template version.", + "type": "string" + } + } + }, + "CustomizableConnectorUiConfig": { + "description": "The UiConfig for 'Customizable' connector definition kind.", + "required": [ + "dataTypes", + "descriptionMarkdown", + "graphQueries", + "instructionSteps", + "permissions", + "publisher", + "sampleQueries", + "title", + "connectivityCriteria" + ], + "type": "object", + "properties": { + "id": { + "description": "Gets or sets custom connector id. optional field.", + "type": "string" + }, + "title": { + "description": "Gets or sets the connector blade title.", + "type": "string" + }, + "publisher": { + "description": "Gets or sets the connector publisher name.", + "type": "string" + }, + "descriptionMarkdown": { + "description": "Gets or sets the connector description in markdown format.", + "type": "string" + }, + "graphQueriesTableName": { + "description": "Gets or sets the name of the table the connector will insert the data to.\r\nThis name can be used in other queries by specifying {{graphQueriesTableName}} placeholder\r\n in Query and LastDataReceivedQuery values.", + "type": "string" + }, + "graphQueries": { + "description": "Gets or sets the graph queries to show the current data volume over time.", + "type": "array", + "items": { + "$ref": "#/definitions/GraphQuery" + }, + "x-ms-identifiers": [] + }, + "sampleQueries": { + "description": "Gets or sets the sample queries for the connector.", + "type": "array", + "items": { + "$ref": "#/definitions/SampleQuery" + }, + "x-ms-identifiers": [] + }, + "dataTypes": { + "description": "Gets or sets the data types to check for last data received.", + "type": "array", + "items": { + "$ref": "#/definitions/ConnectorDataType" + }, + "x-ms-identifiers": [] + }, + "connectivityCriteria": { + "description": "Gets or sets the way the connector checks whether the connector is connected.", + "type": "array", + "items": { + "$ref": "#/definitions/ConnectivityCriterion" + }, + "x-ms-identifiers": [] + }, + "availability": { + "$ref": "#/definitions/ConnectorDefinitionsAvailability" + }, + "permissions": { + "$ref": "#/definitions/ConnectorDefinitionsPermissions" + }, + "instructionSteps": { + "description": "Gets or sets the instruction steps to enable the connector.", + "type": "array", + "items": { + "$ref": "#/definitions/InstructionStep" + }, + "x-ms-identifiers": [] + }, + "logo": { + "description": "Gets or sets the connector logo to be used when displaying the connector within Azure Sentinel's connector's gallery.\r\nThe logo value should be in SVG format.", + "type": "string" + }, + "isConnectivityCriteriasMatchSome": { + "description": "Gets or sets a value indicating whether to use 'OR'(SOME) or 'AND' between ConnectivityCriteria items.", + "type": "boolean" + } + } + }, + "CustomPermissionDetails": { + "description": "The Custom permissions required for the connector.", + "required": [ + "description", + "name" + ], + "type": "object", + "properties": { + "name": { + "description": "Gets or sets the custom permissions name.", + "type": "string" + }, + "description": { + "description": "Gets or sets the custom permissions description.", + "type": "string" + } + } + }, + "GraphQuery": { + "description": "The graph query to show the volume of data arriving into the workspace over time.", + "required": [ + "baseQuery", + "legend", + "metricName" + ], + "type": "object", + "properties": { + "metricName": { + "description": "Gets or sets the metric name that the query is checking. For example: 'Total data receive'.", + "type": "string" + }, + "legend": { + "description": "Gets or sets the legend for the graph.", + "type": "string" + }, + "baseQuery": { + "description": "Gets or sets the base query for the graph.\r\nThe base query is wrapped by Sentinel UI infra with a KQL query, that measures the volume over time.", + "type": "string" + } + } + }, + "InstructionStep": { + "description": "Instruction steps to enable the connector.", + "type": "object", + "properties": { + "title": { + "description": "Gets or sets the instruction step title.", + "type": "string" + }, + "description": { + "description": "Gets or sets the instruction step description.", + "type": "string" + }, + "instructions": { + "description": "Gets or sets the instruction step details.", + "type": "array", + "items": { + "$ref": "#/definitions/InstructionStepDetails" + }, + "x-ms-identifiers": [] + }, + "innerSteps": { + "description": "Gets or sets the inner instruction steps details.\r\nFoe Example: instruction step 1 might contain inner instruction steps: [instruction step 1.1, instruction step 1.2].", + "type": "array", + "items": { + "$ref": "#/definitions/InstructionStep" + }, + "x-ms-identifiers": [] + } + } + }, + "InstructionStepDetails": { + "description": "Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.", + "required": [ + "parameters", + "type" + ], + "type": "object", + "properties": { + "parameters": { + "description": "Gets or sets the instruction type parameters settings.", + "type": "object" + }, + "type": { + "description": "Gets or sets the instruction type name.", + "type": "string" + } + } + }, + "ConnectorDefinitionsPermissions": { + "description": "The required Permissions for the connector.", + "type": "object", + "properties": { + "tenant": { + "description": "Gets or sets the required tenant permissions for the connector.", + "type": "array", + "items": { + "type": "string" + } + }, + "licenses": { + "description": "Gets or sets the required licenses for the user to create connections.", + "type": "array", + "items": { + "type": "string" + } + }, + "resourceProvider": { + "description": "Gets or sets the resource provider permissions required for the user to create connections.", + "type": "array", + "items": { + "$ref": "#/definitions/ConnectorDefinitionsResourceProvider" + }, + "x-ms-identifiers": [] + }, + "customs": { + "description": "Gets or sets the customs permissions required for the user to create connections.", + "type": "array", + "items": { + "$ref": "#/definitions/CustomPermissionDetails" + }, + "x-ms-identifiers": [] + } + } + }, + "ProviderPermissionsScope": { + "description": "The scope on which the user should have permissions, in order to be able to create connections.", + "enum": [ + "Subscription", + "ResourceGroup", + "Workspace" + ], + "type": "string", + "example": "Subscription", + "x-ms-enum": { + "name": "ProviderPermissionsScope", + "modelAsString": true, + "values": [ + { + "value": "Subscription" + }, + { + "value": "ResourceGroup" + }, + { + "value": "Workspace" + } + ] + } + }, + "ConnectorDefinitionsResourceProvider": { + "description": "The resource provider details include the required permissions for the user to create connections.\r\nThe user should have the required permissions(Read\\Write, ..) in the specified scope ProviderPermissionsScope against the specified resource provider.", + "required": [ + "permissionsDisplayText", + "provider", + "providerDisplayName", + "requiredPermissions", + "scope" + ], + "type": "object", + "properties": { + "provider": { + "description": "Gets or sets the provider name.", + "type": "string" + }, + "permissionsDisplayText": { + "description": "Gets or sets the permissions description text.", + "type": "string" + }, + "providerDisplayName": { + "description": "Gets or sets the permissions provider display name.", + "type": "string" + }, + "scope": { + "$ref": "#/definitions/ProviderPermissionsScope" + }, + "requiredPermissions": { + "$ref": "#/definitions/ResourceProviderRequiredPermissions" + } + } + }, + "ResourceProviderRequiredPermissions": { + "description": "Required permissions for the connector resource provider that define in ResourceProviders.\r\nFor more information about the permissions see here.", + "type": "object", + "properties": { + "read": { + "description": "Gets or sets a value indicating whether the permission is read action (GET).", + "type": "boolean" + }, + "write": { + "description": "Gets or sets a value indicating whether the permission is write action (PUT or PATCH).", + "type": "boolean" + }, + "delete": { + "description": "Gets or sets a value indicating whether the permission is delete action (DELETE).", + "type": "boolean" + }, + "action": { + "description": "Gets or sets a value indicating whether the permission is custom actions (POST).", + "type": "boolean" + } + } + }, + "SampleQuery": { + "description": "The sample queries for the connector.", + "required": [ + "description", + "query" + ], + "type": "object", + "properties": { + "description": { + "description": "Gets or sets the sample query description.", + "type": "string" + }, + "query": { + "description": "Gets or sets the KQL sample query.", + "type": "string" + } + } + } + }, + "parameters": { + "dataConnectorDefinitionName": { + "in": "path", + "name": "dataConnectorDefinitionName", + "description": "The data connector definition name.", + "required": true, + "type": "string", + "pattern": "^[a-z0-9A-Z-_]*$", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectors.json new file mode 100644 index 000000000000..8ec92c639d81 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectors.json @@ -0,0 +1,3118 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { + "get": { + "x-ms-examples": { + "Get all data connectors.": { + "$ref": "./examples/dataConnectors/GetDataConnectors.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets all data connectors.", + "operationId": "DataConnectors_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnectorList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { + "get": { + "x-ms-examples": { + "Get an Office365 data connector.": { + "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" + }, + "Get a TI data connector": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" + }, + "Get a TI Taxii data connector.": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceTaxiiById.json" + }, + "Get a MCAS data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" + }, + "Get a ASC data connector": { + "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" + }, + "Get an AADIP (Azure Active Directory Identity Protection) data connector": { + "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" + }, + "Get an AwsCloudTrail data connector": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an Aws S3 data connector": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesS3ById.json" + }, + "Get an AATP data connector": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" + }, + "Get an Office ATP data connector": { + "$ref": "./examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json" + }, + "Get an Office IRM data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json" + }, + "Get an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/GetOffice365ProjectDataConnetorById.json" + }, + "Get a MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json" + }, + "Get an Office365 PowerBI data connector": { + "$ref": "./examples/dataConnectors/GetOfficePowerBIDataConnetorById.json" + }, + "Get a Dynamics365 data connector": { + "$ref": "./examples/dataConnectors/GetDynamics365DataConnectorById.json" + }, + "Get a MicrosoftThreatProtection data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatProtectionById.json" + }, + "Get a MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json" + }, + "Get a GenericUI data connector": { + "$ref": "./examples/dataConnectors/GetGenericUI.json" + }, + "Get a APIPolling data connector": { + "$ref": "./examples/dataConnectors/GetAPIPolling.json" + }, + "Get a IoT data connector": { + "$ref": "./examples/dataConnectors/GetIoTById.json" + }, + "Get a GCP data connector": { + "$ref": "./examples/dataConnectors/GetGoogleCloudPlatformById.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets a data connector.", + "operationId": "DataConnectors_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Office365 data connector": { + "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" + }, + "Creates or updates an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/CreateOffice365ProjectDataConnetor.json" + }, + "Creates or updates an MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json" + }, + "Creates or updates a Microsoft Threat Intelligence data connector.": { + "$ref": "./examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json" + }, + "Creates or updates an Office PowerBI data connector": { + "$ref": "./examples/dataConnectors/CreateOfficePowerBIDataConnector.json" + }, + "Creates or updates a Threat Intelligence Taxii data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json" + }, + "Creates or updates an Threat Intelligence Platform data connector": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" + }, + "Creates or updates a Dynamics365 data connector.": { + "$ref": "./examples/dataConnectors/CreateDynamics365DataConnetor.json" + }, + "Creates or updates a GenericUI data connector": { + "$ref": "./examples/dataConnectors/CreateGenericUI.json" + }, + "Creates or updates a APIPolling data connector": { + "$ref": "./examples/dataConnectors/CreateAPIPolling.json" + }, + "Creates or updates a MicrosoftThreatProtection data connector": { + "$ref": "./examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json" + }, + "Creates or updates a GCP data connector": { + "$ref": "./examples/dataConnectors/CreateGoogleCloudPlatform.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Creates or updates the data connector.", + "operationId": "DataConnectors_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + }, + { + "$ref": "#/parameters/DataConnector" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an Office365 data connector": { + "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" + }, + "Delete an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json" + }, + "Delete an MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json" + }, + "Delete an MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json" + }, + "Delete an Office PowerBI data connector": { + "$ref": "./examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json" + }, + "Delete a GenericUI data connector": { + "$ref": "./examples/dataConnectors/DeleteGenericUI.json" + }, + "Delete a APIPolling data connector": { + "$ref": "./examples/dataConnectors/DeleteAPIPolling.json" + }, + "Delete a GCP data connector": { + "$ref": "./examples/dataConnectors/DeleteGoogleCloudPlatform.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Delete the data connector.", + "operationId": "DataConnectors_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect": { + "post": { + "x-ms-examples": { + "Connect an APIPolling data connector": { + "$ref": "./examples/dataConnectors/ConnectAPIPolling.json" + }, + "Connect an APIPolling V2 logs data connector": { + "$ref": "./examples/dataConnectors/ConnectAPIPollingV2Logs.json" + } + }, + "tags": [ + "Data Connectors Connect" + ], + "description": "Connects a data connector.", + "operationId": "DataConnectors_Connect", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + }, + { + "$ref": "#/parameters/DataConnectorConnectBody" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect": { + "post": { + "x-ms-examples": { + "Disconnect an APIPolling data connector": { + "$ref": "./examples/dataConnectors/DisconnectAPIPolling.json" + } + }, + "tags": [ + "Data Connectors Disconnect" + ], + "description": "Disconnect a data connector.", + "operationId": "DataConnectors_Disconnect", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements": { + "post": { + "x-ms-examples": { + "Check requirements for TI.": { + "$ref": "./examples/dataConnectors/CheckRequirementsThreatIntelligence.json" + }, + "Check requirements for TI Taxii.": { + "$ref": "./examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection).": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection) - no license.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection) - no authorization.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json" + }, + "Check requirements for ASC.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json" + }, + "Check requirements for Mcas.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json" + }, + "Check requirements for Mdatp.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMdatp.json" + }, + "Check requirements for OfficeATP.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficeATP.json" + }, + "Check requirements for OfficeIRM.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficeIRM.json" + }, + "Check requirements for Office365Project.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOffice365Project.json" + }, + "Check requirements for MicrosoftPurviewInformationProtection.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json" + }, + "Check requirements for OfficePowerBI.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficePowerBI.json" + }, + "Check requirements for Dynamics365.": { + "$ref": "./examples/dataConnectors/CheckRequirementsDynamics365.json" + }, + "Check requirements for MicrosoftThreatProtection.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json" + }, + "Check requirements for MicrosoftThreatIntelligence.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json" + }, + "Check requirements for IoT.": { + "$ref": "./examples/dataConnectors/CheckRequirementsIoT.json" + } + }, + "tags": [ + "Check Data Connector Requirements" + ], + "description": "Get requirements state for a data connector type.", + "operationId": "DataConnectorsCheckRequirements_Post", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorsCheckRequirementsBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/DataConnectorRequirementsState" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "AADCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents AADIP (Azure Active Directory Identity Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/AADCheckRequirementsProperties", + "description": "AADIP (Azure Active Directory Identity Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "AADIP (Azure Active Directory Identity Protection) requirements check properties.", + "type": "object" + }, + "AATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPCheckRequirementsProperties", + "description": "AATP (Azure Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "AATP (Azure Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "ASCCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents ASC (Azure Security Center) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCCheckRequirementsProperties", + "description": "ASC (Azure Security Center) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCCheckRequirementsProperties": { + "description": "ASC (Azure Security Center) requirements check properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AwsCloudTrailCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Amazon Web Services CloudTrail requirements check request.", + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsS3CheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Amazon Web Services S3 requirements check request.", + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesS3" + }, + "DataConnectorsCheckRequirements": { + "description": "Data connector requirements properties.", + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "Describes the kind of connector to be checked.", + "type": "string" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "DataConnectorAuthorizationState": { + "description": "Describes the state of user's authorization for a connector kind.", + "enum": [ + "Valid", + "Invalid" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorAuthorizationState", + "values": [ + { + "value": "Valid" + }, + { + "value": "Invalid" + } + ] + } + }, + "DataConnectorLicenseState": { + "description": "Describes the state of user's license for a connector kind.", + "enum": [ + "Valid", + "Invalid", + "Unknown" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorLicenseState", + "values": [ + { + "value": "Valid" + }, + { + "value": "Invalid" + }, + { + "value": "Unknown" + } + ] + } + }, + "DataConnectorRequirementsState": { + "description": "Data connector requirements status.", + "properties": { + "authorizationState": { + "description": "Authorization state for this connector", + "$ref": "#/definitions/DataConnectorAuthorizationState" + }, + "licenseState": { + "description": "License state for this connector", + "$ref": "#/definitions/DataConnectorLicenseState" + } + }, + "type": "object" + }, + "Dynamics365CheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Dynamics365 requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365CheckRequirementsProperties", + "description": "Dynamics365 requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365CheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Dynamics365 requirements check properties.", + "type": "object" + }, + "MCASCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASCheckRequirementsProperties", + "description": "MCAS (Microsoft Cloud App Security) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MCAS (Microsoft Cloud App Security) requirements check properties.", + "type": "object" + }, + "MDATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPCheckRequirementsProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "MSTICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Microsoft Threat Intelligence requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTICheckRequirementsProperties", + "description": "Microsoft Threat Intelligence requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Threat Intelligence requirements check properties.", + "type": "object" + }, + "MtpCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MTP (Microsoft Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPCheckRequirementsProperties", + "description": "MTP (Microsoft Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MTPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MTP (Microsoft Threat Protection) requirements check properties.", + "type": "object" + }, + "OfficeATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPCheckRequirementsProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "OfficeIRMCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeIRMCheckRequirementsProperties", + "description": "OfficeIRM (Microsoft Insider Risk Management) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeIRM" + }, + "OfficeIRMCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "OfficeIRM (Microsoft Insider Risk Management) requirements check properties.", + "type": "object" + }, + "MicrosoftPurviewInformationProtectionCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MicrosoftPurviewInformationProtection requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionCheckRequirementsProperties", + "description": "MicrosoftPurviewInformationProtection requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftPurviewInformationProtection" + }, + "MicrosoftPurviewInformationProtectionCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MicrosoftPurviewInformationProtection requirements check properties.", + "type": "object" + }, + "Office365ProjectCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Office365 Project requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/Office365ProjectCheckRequirementsProperties", + "description": "Office365 Project requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365Project" + }, + "Office365ProjectCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office365 Project requirements check properties.", + "type": "object" + }, + "OfficePowerBICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Office PowerBI requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficePowerBICheckRequirementsProperties", + "description": "Office Power BI requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficePowerBI" + }, + "OfficePowerBICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office PowerBI requirements check properties.", + "type": "object" + }, + "TICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Threat Intelligence Platforms data connector check requirements", + "properties": { + "properties": { + "$ref": "#/definitions/TICheckRequirementsProperties", + "description": "Threat Intelligence Platforms data connector check required properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence Platforms data connector required properties.", + "properties": {}, + "type": "object" + }, + "TiTaxiiCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Threat Intelligence TAXII data connector check requirements", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiCheckRequirementsProperties", + "description": "Threat Intelligence TAXII check required properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence TAXII data connector required properties.", + "type": "object" + }, + "IoTCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents IoT requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTCheckRequirementsProperties", + "description": "IoT requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IOT" + }, + "IoTCheckRequirementsProperties": { + "description": "IoT requirements check properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AADDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AADIP (Azure Active Directory Identity Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AADDataConnectorProperties", + "description": "AADIP (Azure Active Directory Identity Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "AADIP (Azure Active Directory Identity Protection) data connector properties.", + "type": "object" + }, + "AlertsDataTypeOfDataConnector": { + "description": "Alerts data type for data connectors.", + "properties": { + "alerts": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Alerts data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "alerts" + ] + }, + "MSTIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Microsoft Threat Intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTIDataConnectorProperties", + "description": "Microsoft Threat Intelligence data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTIDataConnectorDataTypes": { + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector.", + "properties": { + "microsoftEmergingThreatFeed": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "properties": { + "lookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "type": "string" + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector.", + "type": "object", + "required": [ + "lookbackPeriod" + ] + } + }, + "type": "object", + "required": [ + "microsoftEmergingThreatFeed" + ] + }, + "MSTIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Threat Intelligence data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MSTIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "MTPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MTP (Microsoft Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPDataConnectorProperties", + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MTPDataConnectorDataTypes": { + "description": "The available data types for Microsoft Threat Protection Platforms data connector.", + "properties": { + "incidents": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Incidents data type for Microsoft Threat Protection Platforms data connector.", + "type": "object" + }, + "alerts": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Alerts data type for Microsoft Threat Protection Platforms data connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "incidents" + ] + }, + "MtpProvider": { + "description": "The available data providers.", + "enum": [ + "microsoftDefenderForCloudApps", + "microsoftDefenderForIdentity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MtpProvider" + } + }, + "MtpFilteredProviders": { + "description": "Represents the connector's Filtered providers", + "properties": { + "alerts": { + "description": "Alerts filtered providers. When filters are not applied, all alerts will stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which are in GA state.", + "items": { + "$ref": "#/definitions/MtpProvider" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "alerts" + ] + }, + "MTPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MTPDataConnectorDataTypes", + "description": "The available data types for the connector." + }, + "filteredProviders": { + "$ref": "#/definitions/MtpFilteredProviders", + "description": "The available filtered providers for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "AATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPDataConnectorProperties", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "ASCDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents ASC (Azure Security Center) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCDataConnectorProperties", + "description": "ASC (Azure Security Center) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "ASC (Azure Security Center) data connector properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AwsCloudTrailDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Amazon Web Services CloudTrail data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", + "description": "Amazon Web Services CloudTrail data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsCloudTrailDataConnectorDataTypes": { + "description": "The available data types for Amazon Web Services CloudTrail data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "AwsCloudTrailDataConnectorProperties": { + "description": "Amazon Web Services CloudTrail data connector properties.", + "properties": { + "awsRoleArn": { + "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "AwsS3DataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Amazon Web Services S3 data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsS3DataConnectorProperties", + "description": "Amazon Web Services S3 data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesS3" + }, + "AwsS3DataConnectorDataTypes": { + "description": "The available data types for Amazon Web Services S3 data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "AwsS3DataConnectorProperties": { + "description": "Amazon Web Services S3 data connector properties.", + "properties": { + "destinationTable": { + "description": "The logs destination table name in LogAnalytics.", + "type": "string" + }, + "sqsUrls": { + "description": "The AWS sqs urls for the connector.", + "x-ms-identifiers": [], + "type": "array", + "items": { + "description": "AWS sqs url.", + "type": "string" + } + }, + "roleArn": { + "description": "The Aws Role Arn that is used to access the Aws account.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AwsS3DataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "destinationTable", + "sqsUrls", + "roleArn", + "dataTypes" + ] + }, + "GCPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Google Cloud Platform data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/GCPDataConnectorProperties", + "description": "Google Cloud Platform data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "GCP" + }, + "GCPDataConnectorProperties": { + "description": "Google Cloud Platform data connector properties.", + "properties": { + "connectorDefinitionName": { + "description": "The name of the connector definition that represents the UI config.", + "type": "string" + }, + "auth": { + "$ref": "#/definitions/GCPAuthProperties", + "description": "The auth section of the connector." + }, + "request": { + "$ref": "#/definitions/GCPRequestProperties", + "description": "The request section of the connector." + }, + "dcrConfig": { + "$ref": "#/definitions/DCRConfiguration", + "description": "The configuration of the destination of the data." + } + }, + "type": "object", + "required": [ + "connectorDefinitionName", + "auth", + "request" + ] + }, + "GCPAuthProperties": { + "description": "Google Cloud Platform auth section properties.", + "properties": { + "serviceAccountEmail": { + "description": "The service account that is used to access the GCP project.", + "type": "string" + }, + "projectNumber": { + "description": "The GCP project number.", + "type": "string" + }, + "workloadIdentityProviderId": { + "description": "The workload identity provider id that is used to gain access to the GCP project.", + "type": "string" + } + }, + "type": "object", + "required": [ + "serviceAccountEmail", + "projectNumber", + "workloadIdentityProviderId" + ] + }, + "GCPRequestProperties": { + "description": "Google Cloud Platform request section properties.", + "properties": { + "projectId": { + "description": "The GCP project id.", + "type": "string" + }, + "subscriptionNames": { + "description": "The GCP pub/sub subscription names.", + "x-ms-identifiers": [], + "type": "array", + "items": { + "description": "GCP pub/sub subscription name.", + "type": "string" + } + } + }, + "type": "object", + "required": [ + "projectId", + "subscriptionNames" + ] + }, + "DCRConfiguration": { + "description": "The configuration of the destination of the data.", + "properties": { + "dataCollectionEndpoint": { + "description": "Represents the data collection ingestion endpoint in log analytics.", + "type": "string" + }, + "dataCollectionRuleImmutableId": { + "description": "The data collection rule immutable id, the rule defines the transformation and data destination.", + "type": "string" + }, + "streamName": { + "description": "The stream we are sending the data to.", + "type": "string" + } + }, + "type": "object", + "required": [ + "dataCollectionEndpoint", + "dataCollectionRuleImmutableId", + "streamName" + ] + }, + "DataConnector": { + "description": "Data connector", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "The data connector kind", + "type": "string" + } + }, + "type": "object" + }, + "DataConnectorDataTypeCommon": { + "description": "Common field for data type in data connectors.", + "properties": { + "state": { + "description": "Describe whether this data type connection is enabled or not.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataTypeState" + } + } + }, + "type": "object", + "required": [ + "state" + ] + }, + "DataConnectorWithAlertsProperties": { + "description": "Data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "DataConnectorKind": { + "description": "The kind of the data connector", + "enum": [ + "AzureActiveDirectory", + "AzureSecurityCenter", + "MicrosoftCloudAppSecurity", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "Office365", + "OfficeATP", + "OfficeIRM", + "Office365Project", + "MicrosoftPurviewInformationProtection", + "OfficePowerBI", + "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", + "Dynamics365", + "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", + "GenericUI", + "APIPolling", + "IOT", + "GCP" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorKind", + "values": [ + { + "value": "AzureActiveDirectory" + }, + { + "value": "AzureSecurityCenter" + }, + { + "value": "MicrosoftCloudAppSecurity" + }, + { + "value": "ThreatIntelligence" + }, + { + "value": "ThreatIntelligenceTaxii" + }, + { + "value": "Office365" + }, + { + "value": "OfficeATP" + }, + { + "value": "OfficeIRM" + }, + { + "value": "Office365Project" + }, + { + "value": "MicrosoftPurviewInformationProtection" + }, + { + "value": "OfficePowerBI" + }, + { + "value": "AmazonWebServicesCloudTrail" + }, + { + "value": "AmazonWebServicesS3" + }, + { + "value": "AzureAdvancedThreatProtection" + }, + { + "value": "MicrosoftDefenderAdvancedThreatProtection" + }, + { + "value": "Dynamics365" + }, + { + "value": "MicrosoftThreatProtection" + }, + { + "value": "MicrosoftThreatIntelligence" + }, + { + "value": "GenericUI" + }, + { + "value": "APIPolling" + }, + { + "value": "IOT" + }, + { + "value": "GCP" + } + ] + } + }, + "DataConnectorList": { + "description": "List all the data connectors.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of data connectors.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of data connectors.", + "items": { + "$ref": "#/definitions/DataConnector" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "DataConnectorTenantId": { + "description": "Properties data connector on tenant level.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object", + "required": [ + "tenantId" + ] + }, + "MCASDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASDataConnectorProperties", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASDataConnectorDataTypes": { + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + } + ], + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "discoveryLogs": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Discovery log data type connection." + } + }, + "type": "object" + }, + "MCASDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MCASDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "Dynamics365DataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Dynamics365 data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365DataConnectorProperties", + "description": "Dynamics365 data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365DataConnectorDataTypes": { + "description": "The available data types for Dynamics365 data connector.", + "properties": { + "dynamics365CdsActivities": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Common Data Service data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "dynamics365CdsActivities" + ] + }, + "Dynamics365DataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Dynamics365 data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/Dynamics365DataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "OfficeATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPDataConnectorProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "MicrosoftPurviewInformationProtectionDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Microsoft Purview Information Protection data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionDataConnectorProperties", + "description": "Microsoft Purview Information Protection data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftPurviewInformationProtection" + }, + "MicrosoftPurviewInformationProtectionConnectorDataTypes": { + "description": "The available data types for Microsoft Purview Information Protection data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "MicrosoftPurviewInformationProtectionDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Purview Information Protection data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "Office365ProjectDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Office Microsoft Project data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/Office365ProjectDataConnectorProperties", + "description": "Office Microsoft Project data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365Project" + }, + "Office365ProjectConnectorDataTypes": { + "description": "The available data types for Office Microsoft Project data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "Office365ProjectDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office Microsoft Project data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/Office365ProjectConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "OfficePowerBIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Office Microsoft PowerBI data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficePowerBIDataConnectorProperties", + "description": "Office Microsoft PowerBI data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficePowerBI" + }, + "OfficePowerBIConnectorDataTypes": { + "description": "The available data types for Office Microsoft PowerBI data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "OfficePowerBIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office Microsoft PowerBI data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficePowerBIConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "OfficeIRMDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents OfficeIRM (Microsoft Insider Risk Management) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeIRMDataConnectorProperties", + "description": "OfficeIRM (Microsoft Insider Risk Management) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeIRM" + }, + "OfficeIRMDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "OfficeIRM (Microsoft Insider Risk Management) data connector properties.", + "type": "object" + }, + "MDATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPDataConnectorProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "OfficeDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents office data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeDataConnectorProperties", + "description": "Office data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365" + }, + "OfficeDataConnectorDataTypes": { + "description": "The available data types for office data connector.", + "properties": { + "exchange": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Exchange data type connection.", + "type": "object" + }, + "sharePoint": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "SharePoint data type connection.", + "type": "object" + }, + "teams": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Teams data type connection.", + "type": "object" + } + }, + "required": [ + "exchange", + "sharePoint", + "teams" + ], + "type": "object" + }, + "OfficeDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficeDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "TIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents threat intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/TIDataConnectorProperties", + "description": "TI (Threat Intelligence) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TIDataConnectorDataTypes": { + "description": "The available data types for TI (Threat Intelligence) data connector.", + "properties": { + "indicators": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for indicators connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "indicators" + ] + }, + "TIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "TI (Threat Intelligence) data connector properties.", + "properties": { + "tipLookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "dataTypes": { + "$ref": "#/definitions/TIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "TiTaxiiDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiDataConnectorProperties", + "description": "Threat intelligence TAXII data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiDataConnectorDataTypes": { + "description": "The available data types for Threat Intelligence TAXII data connector.", + "properties": { + "taxiiClient": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for TAXII connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "taxiiClient" + ] + }, + "TiTaxiiDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence TAXII data connector properties.", + "properties": { + "workspaceId": { + "description": "The workspace id.", + "type": "string" + }, + "friendlyName": { + "description": "The friendly name for the TAXII server.", + "type": "string" + }, + "taxiiServer": { + "description": "The API root for the TAXII server.", + "type": "string" + }, + "collectionId": { + "description": "The collection id of the TAXII server.", + "type": "string" + }, + "userName": { + "description": "The userName for the TAXII server.", + "type": "string" + }, + "password": { + "description": "The password for the TAXII server.", + "type": "string" + }, + "taxiiLookbackPeriod": { + "description": "The lookback period for the TAXII server.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "pollingFrequency": { + "description": "The polling frequency for the TAXII server.", + "type": "string", + "x-nullable": true, + "enum": [ + "OnceAMinute", + "OnceAnHour", + "OnceADay" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "PollingFrequency", + "values": [ + { + "description": "Once a minute", + "value": "OnceAMinute" + }, + { + "description": "Once an hour", + "value": "OnceAnHour" + }, + { + "description": "Once a day", + "value": "OnceADay" + } + ] + } + }, + "dataTypes": { + "$ref": "#/definitions/TiTaxiiDataConnectorDataTypes", + "description": "The available data types for Threat Intelligence TAXII data connector." + } + }, + "required": [ + "dataTypes", + "pollingFrequency" + ], + "type": "object" + }, + "IoTDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents IoT data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDataConnectorProperties", + "description": "IoT data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IOT" + }, + "IoTDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "IoT data connector properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "CodelessUiDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Codeless UI data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/CodelessParameters", + "description": "Codeless UI data connector properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "GenericUI" + }, + "CodelessParameters": { + "description": "Represents Codeless UI data connector", + "type": "object", + "properties": { + "connectorUiConfig": { + "$ref": "#/definitions/CodelessUiConnectorConfigProperties", + "description": "Config to describe the instructions blade" + } + } + }, + "CodelessUiConnectorConfigProperties": { + "description": "Config to describe the instructions blade", + "type": "object", + "properties": { + "title": { + "description": "Connector blade title", + "type": "string" + }, + "publisher": { + "description": "Connector publisher name", + "type": "string" + }, + "descriptionMarkdown": { + "description": "Connector description", + "type": "string" + }, + "customImage": { + "description": "An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery", + "type": "string" + }, + "graphQueriesTableName": { + "description": "Name of the table the connector will insert the data to", + "type": "string" + }, + "graphQueries": { + "description": "The graph query to show the current data status", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/GraphQueries" + } + ] + }, + "type": "array" + }, + "sampleQueries": { + "description": "The sample queries for the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/SampleQueries" + } + ] + }, + "type": "array" + }, + "dataTypes": { + "description": "Data types to check for last data received", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/LastDataReceivedDataType" + } + ] + }, + "type": "array" + }, + "connectivityCriteria": { + "description": "Define the way the connector check connectivity", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/ConnectivityCriteria" + } + ] + }, + "type": "array" + }, + "availability": { + "description": "Connector Availability Status", + "$ref": "#/definitions/Availability" + }, + "permissions": { + "description": "Permissions required for the connector", + "$ref": "#/definitions/Permissions" + }, + "instructionSteps": { + "description": "Instruction steps to enable the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/InstructionSteps" + } + ] + }, + "type": "array" + } + }, + "required": [ + "title", + "publisher", + "descriptionMarkdown", + "graphQueriesTableName", + "graphQueries", + "sampleQueries", + "dataTypes", + "connectivityCriteria", + "availability", + "permissions", + "instructionSteps" + ] + }, + "DataConnectorConnectBody": { + "description": "Represents Codeless API Polling data connector.", + "type": "object", + "x-ms-identifiers": [], + "properties": { + "kind": { + "description": "The authentication kind used to poll the data", + "enum": [ + "Basic", + "OAuth2", + "APIKey" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConnectAuthKind" + } + }, + "apiKey": { + "type": "string", + "description": "The API key of the audit server." + }, + "dataCollectionEndpoint": { + "type": "string", + "description": "Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics." + }, + "dataCollectionRuleImmutableId": { + "type": "string", + "description": "Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination." + }, + "outputStream": { + "type": "string", + "description": "Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in the DCR." + }, + "clientSecret": { + "type": "string", + "description": "The client secret of the OAuth 2.0 application." + }, + "clientId": { + "type": "string", + "description": "The client id of the OAuth 2.0 application." + }, + "authorizationCode": { + "type": "string", + "description": "The authorization code used in OAuth 2.0 code flow to issue a token." + }, + "userName": { + "type": "string", + "description": "The user name in the audit log server." + }, + "password": { + "type": "string", + "description": "The user password in the audit log server.", + "x-ms-secret": true + }, + "requestConfigUserInputValues": { + "type": "array", + "description": "", + "x-ms-identifiers": [], + "items": { + "type": "object" + } + } + } + }, + "CodelessApiPollingDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Codeless API Polling data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ApiPollingParameters", + "description": "Codeless poling data connector properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "APIPolling" + }, + "ApiPollingParameters": { + "description": "Represents Codeless API Polling data connector", + "type": "object", + "properties": { + "connectorUiConfig": { + "$ref": "#/definitions/CodelessUiConnectorConfigProperties", + "description": "Config to describe the instructions blade" + }, + "pollingConfig": { + "$ref": "#/definitions/CodelessConnectorPollingConfigProperties", + "description": "Config to describe the polling instructions" + } + } + }, + "CodelessConnectorPollingConfigProperties": { + "description": "Config to describe the polling config for API poller connector", + "type": "object", + "properties": { + "isActive": { + "description": "The poller active status", + "type": "boolean" + }, + "auth": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingAuthProperties", + "description": "Describe the authentication type of the poller" + }, + "request": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingRequestProperties", + "description": "Describe the poll request config parameters of the poller" + }, + "paging": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingPagingProperties", + "description": "Describe the poll request paging config of the poller" + }, + "response": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingResponseProperties", + "description": "Describe the response config parameters of the poller" + } + }, + "required": [ + "auth", + "request" + ] + }, + "CodelessConnectorPollingResponseProperties": { + "description": "Describes the response from the external server", + "type": "object", + "properties": { + "eventsJsonPaths": { + "description": "Describes the path we should extract the data in the response", + "x-ms-identifiers": [], + "items": { + "type": "string" + }, + "type": "array" + }, + "successStatusJsonPath": { + "description": "Describes the path we should extract the status code in the response", + "type": "string" + }, + "successStatusValue": { + "description": "Describes the path we should extract the status value in the response", + "type": "string" + }, + "isGzipCompressed": { + "description": "Describes if the data in the response is Gzip", + "type": "boolean" + } + }, + "required": [ + "eventsJsonPaths" + ] + }, + "CodelessConnectorPollingPagingProperties": { + "description": "Describe the properties needed to make a pagination call", + "type": "object", + "properties": { + "pagingType": { + "description": "Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'", + "type": "string" + }, + "nextPageParaName": { + "description": "Defines the name of a next page attribute", + "type": "string" + }, + "nextPageTokenJsonPath": { + "description": "Defines the path to a next page token JSON", + "type": "string" + }, + "pageCountAttributePath": { + "description": "Defines the path to a page count attribute", + "type": "string" + }, + "pageTotalCountAttributePath": { + "description": "Defines the path to a page total count attribute", + "type": "string" + }, + "pageTimeStampAttributePath": { + "description": "Defines the path to a paging time stamp attribute", + "type": "string" + }, + "searchTheLatestTimeStampFromEventsList": { + "description": "Determines whether to search for the latest time stamp in the events list", + "type": "string" + }, + "pageSizeParaName": { + "description": "Defines the name of the page size parameter", + "type": "string" + }, + "pageSize": { + "description": "Defines the paging size", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "pagingType" + ] + }, + "CodelessConnectorPollingRequestProperties": { + "description": "Describe the request properties needed to successfully pull from the server", + "type": "object", + "properties": { + "apiEndpoint": { + "description": "Describe the endpoint we should pull the data from", + "type": "string" + }, + "rateLimitQps": { + "description": "Defines the rate limit QPS", + "format": "int32", + "type": "integer" + }, + "queryWindowInMin": { + "description": "The window interval we will use the pull the data", + "format": "int32", + "type": "integer" + }, + "httpMethod": { + "description": "The http method type we will use in the poll request, GET or POST", + "type": "string" + }, + "queryTimeFormat": { + "description": "The time format will be used the query events in a specific window", + "type": "string" + }, + "retryCount": { + "description": "Describe the amount of time we should try and poll the data in case of failure", + "format": "int32", + "type": "integer" + }, + "timeoutInSeconds": { + "description": "The number of seconds we will consider as a request timeout", + "format": "int32", + "type": "integer" + }, + "headers": { + "description": "Describe the headers sent in the poll request", + "type": "object" + }, + "queryParameters": { + "description": "Describe the query parameters sent in the poll request", + "type": "object" + }, + "queryParametersTemplate": { + "description": "For advanced scenarios for example user name/password embedded in nested JSON payload", + "type": "string" + }, + "startTimeAttributeName": { + "description": "This will be used the query events from a start of the time window", + "type": "string" + }, + "endTimeAttributeName": { + "description": "This will be used the query events from the end of the time window", + "type": "string" + } + }, + "required": [ + "apiEndpoint", + "httpMethod", + "queryWindowInMin", + "queryTimeFormat" + ] + }, + "CodelessConnectorPollingAuthProperties": { + "description": "Describe the authentication properties needed to successfully authenticate with the server", + "type": "object", + "properties": { + "authType": { + "description": "The authentication type", + "type": "string" + }, + "apiKeyName": { + "description": "The header name which the token is sent with", + "type": "string" + }, + "apiKeyIdentifier": { + "description": "A prefix send in the header before the actual token", + "type": "string" + }, + "isApiKeyInPostPayload": { + "description": "Marks if the key should sent in header", + "type": "string" + }, + "flowName": { + "description": "Describes the flow name, for example 'AuthCode' for Oauth 2.0", + "type": "string" + }, + "tokenEndpoint": { + "description": "The endpoint used to issue a token, used in Oauth 2.0 flow", + "type": "string" + }, + "authorizationEndpoint": { + "description": "The endpoint used to authorize the user, used in Oauth 2.0 flow", + "type": "string" + }, + "authorizationEndpointQueryParameters": { + "description": "The query parameters used in authorization request, used in Oauth 2.0 flow", + "type": "object" + }, + "redirectionEndpoint": { + "description": "The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow", + "type": "string" + }, + "tokenEndpointHeaders": { + "description": "The query headers used in token request, used in Oauth 2.0 flow", + "type": "object" + }, + "tokenEndpointQueryParameters": { + "description": "The query parameters used in token request, used in Oauth 2.0 flow", + "type": "object" + }, + "isClientSecretInHeader": { + "description": "Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow", + "type": "boolean" + }, + "scope": { + "description": "The OAuth token scope", + "type": "string" + } + }, + "required": [ + "authType" + ] + }, + "LastDataReceivedDataType": { + "description": "Data type for last data received", + "type": "object", + "properties": { + "name": { + "description": "Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder", + "type": "string" + }, + "lastDataReceivedQuery": { + "description": "Query for indicate last data received", + "type": "string" + } + } + }, + "Permissions": { + "description": "Permissions required for the connector", + "x-ms-identifiers": [], + "type": "object", + "properties": { + "resourceProvider": { + "description": "Resource provider permissions required for the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/ResourceProvider" + } + ] + }, + "type": "array" + }, + "customs": { + "description": "Customs permissions required for the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/Customs" + } + ] + }, + "type": "array" + } + } + }, + "Customs": { + "description": "Customs permissions required for the connector", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/CustomsPermission" + } + ] + }, + "CustomsPermission": { + "description": "Customs permissions required for the connector", + "type": "object", + "properties": { + "name": { + "description": "Customs permissions name", + "type": "string" + }, + "description": { + "description": "Customs permissions description", + "type": "string" + } + } + }, + "ResourceProvider": { + "description": "Resource provider permissions required for the connector", + "type": "object", + "properties": { + "provider": { + "description": "Provider name", + "enum": [ + "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", + "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", + "Microsoft.Authorization/policyAssignments" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ProviderName" + } + }, + "permissionsDisplayText": { + "description": "Permission description text", + "type": "string" + }, + "providerDisplayName": { + "description": "Permission provider display name", + "type": "string" + }, + "scope": { + "description": "Permission provider scope", + "enum": [ + "ResourceGroup", + "Subscription", + "Workspace" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "PermissionProviderScope" + } + }, + "requiredPermissions": { + "description": "Required permissions for the connector", + "$ref": "#/definitions/RequiredPermissions" + } + } + }, + "InstructionSteps": { + "description": "Instruction steps to enable the connector", + "type": "object", + "properties": { + "title": { + "description": "Instruction step title", + "type": "string" + }, + "description": { + "description": "Instruction step description", + "type": "string" + }, + "instructions": { + "description": "Instruction step details", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/ConnectorInstructionModelBase" + } + ] + }, + "type": "array" + } + } + }, + "ConnectorInstructionModelBase": { + "description": "Instruction step details", + "type": "object", + "properties": { + "parameters": { + "type": "object", + "description": "The parameters for the setting" + }, + "type": { + "description": "The kind of the setting", + "enum": [ + "CopyableLabel", + "InstructionStepsGroup", + "InfoMessage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SettingType" + } + } + }, + "required": [ + "type" + ] + }, + "RequiredPermissions": { + "description": "Required permissions for the connector", + "type": "object", + "properties": { + "action": { + "description": "action permission", + "type": "boolean" + }, + "write": { + "description": "write permission", + "type": "boolean" + }, + "read": { + "description": "read permission", + "type": "boolean" + }, + "delete": { + "description": "delete permission", + "type": "boolean" + } + } + }, + "Availability": { + "description": "Connector Availability Status", + "type": "object", + "properties": { + "status": { + "description": "The connector Availability Status", + "format": "int32", + "type": "integer", + "enum": [ + 1 + ], + "x-ms-enum": { + "name": "AvailabilityStatus", + "values": [ + { + "value": 1, + "description": "Available" + } + ] + } + }, + "isPreview": { + "description": "Set connector as preview", + "type": "boolean" + } + } + }, + "ConnectivityCriteria": { + "description": "Setting for the connector check connectivity", + "type": "object", + "properties": { + "type": { + "description": "type of connectivity", + "enum": [ + "IsConnectedQuery" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConnectivityType" + } + }, + "value": { + "description": "Queries for checking connectivity", + "x-ms-identifiers": [], + "type": "array", + "items": { + "description": "checking connectivity query", + "type": "string" + } + } + } + }, + "SampleQueries": { + "description": "The sample queries for the connector", + "type": "object", + "properties": { + "description": { + "description": "The sample query description", + "type": "string" + }, + "query": { + "description": "the sample query", + "type": "string" + } + } + }, + "GraphQueries": { + "type": "object", + "description": "The graph query to show the current data status", + "properties": { + "metricName": { + "description": "the metric that the query is checking", + "type": "string" + }, + "legend": { + "description": "The legend for the graph", + "type": "string" + }, + "baseQuery": { + "description": "The base query for the graph", + "type": "string" + } + } + } + }, + "parameters": { + "DataConnector": { + "description": "The data connector", + "in": "body", + "name": "dataConnector", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnector" + }, + "x-ms-parameter-location": "method" + }, + "DataConnectorId": { + "description": "Connector ID", + "in": "path", + "name": "dataConnectorId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "DataConnectorConnectBody": { + "description": "The data connector", + "in": "body", + "name": "connectBody", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorConnectBody" + }, + "x-ms-parameter-location": "method" + }, + "DataConnectorsCheckRequirementsBody": { + "description": "The parameters for requirements check message", + "in": "body", + "name": "DataConnectorsCheckRequirements", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/CreateActionOfAlertRule.json new file mode 100644 index 000000000000..6a8ffcc755bf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/CreateActionOfAlertRule.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "action": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/DeleteActionOfAlertRule.json new file mode 100644 index 000000000000..cb1745e49917 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/DeleteActionOfAlertRule.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetActionOfAlertRuleById.json new file mode 100644 index 000000000000..e8947fbef382 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetActionOfAlertRuleById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetAllActionsByAlertRule.json new file mode 100644 index 000000000000..2377223a01be --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetAllActionsByAlertRule.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json new file mode 100644 index 000000000000..7e57d40e1489 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "version": "1.0.2", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json new file mode 100644 index 000000000000..2604c595cf4c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -0,0 +1,238 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "version": "1.0.1", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", + "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + } + ] + }, + { + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "severityFilter": { + "enabled": false, + "isSupported": false, + "severityFilters": null + } + } + ] + } + ], + "lastUpdatedDateUTC": "2021-06-09T00:00:00Z", + "createdDateUTC": "2019-07-25T00:00:00Z", + "status": "Available", + "severity": "High", + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", + "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "Create incidents based on Microsoft Cloud App Security alerts", + "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-07-16T00:00:00Z", + "status": "Available", + "alertRulesCreatedByTemplateCount": 0 + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRule.json new file mode 100644 index 000000000000..0f3497ae635f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRule.json @@ -0,0 +1,845 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "myFirstFusionRule", + "alertRule": { + "kind": "Fusion", + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "properties": { + "enabled": true, + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "filters": null + } + } + ] + } + ], + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json new file mode 100644 index 000000000000..0875f585d958 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json @@ -0,0 +1,851 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "myFirstFusionRule", + "alertRule": { + "kind": "Fusion", + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "properties": { + "enabled": true, + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "filters": null + } + } + ] + } + ], + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "scenarioExclusionPatterns": [ + { + "exclusionPattern": "Alert providers:Azure Active Directory Identity Protection:Infected Device;Alert providers:Azure Defender:Crypto-mining activity", + "dateAddedInUTC": "2021-10-01T15:26:44.9429806Z" + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..5a3389b73d73 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "alertRule": { + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "testing displayname", + "enabled": true + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateNrtAlertRule.json new file mode 100644 index 000000000000..83a8089fe661 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateNrtAlertRule.json @@ -0,0 +1,136 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json new file mode 100644 index 000000000000..0a1828d1aafc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json @@ -0,0 +1,270 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "sentinelEntitiesMappings": [ + { + "columnName": "Entities" + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDynamicProperties": [ + { + "alertProperty": "ProductComponentName", + "value": "ProductComponentNameCustomColumn" + }, + { + "alertProperty": "ProductName", + "value": "ProductNameCustomColumn" + }, + { + "alertProperty": "AlertLink", + "value": "Link" + } + ] + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:15:30Z", + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/DeleteAlertRule.json new file mode 100644 index 000000000000..dfdad4fc526e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/DeleteAlertRule.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetAllAlertRules.json new file mode 100644 index 000000000000..8159812cf772 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetAllAlertRules.json @@ -0,0 +1,412 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "sourceSubTypeDisplayName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "sourceSubTypeDisplayName": "Microsoft Defender for Cloud", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "sourceSubTypeDisplayName": "Microsoft Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "sourceSubTypeDisplayName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "sourceSubTypeDisplayName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "sourceSubTypeDisplayName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "sourceSubTypeDisplayName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "sourceSubTypeDisplayName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "sourceSubTypeDisplayName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "sourceSubTypeDisplayName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2021-10-22T07:12:34.9065092Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetFusionAlertRule.json new file mode 100644 index 000000000000..63abd1838c02 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetFusionAlertRule.json @@ -0,0 +1,310 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "myFirstFusionRule" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "sourceSubTypeDisplayName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "sourceSubTypeDisplayName": "Microsoft Defender for Cloud", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "sourceSubTypeDisplayName": "Microsoft Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "sourceSubTypeDisplayName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "sourceSubTypeDisplayName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "sourceSubTypeDisplayName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "sourceSubTypeDisplayName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "sourceSubTypeDisplayName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "sourceSubTypeDisplayName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "sourceSubTypeDisplayName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..671a299c0bdd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "microsoftSecurityIncidentCreationRuleExample" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetNrtAlertRule.json new file mode 100644 index 000000000000..645bfc5f57e6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetNrtAlertRule.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetScheduledAlertRule.json new file mode 100644 index 000000000000..28321c9cdbc5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetScheduledAlertRule.json @@ -0,0 +1,95 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json new file mode 100644 index 000000000000..af00b7accd66 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -0,0 +1,171 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "automationRule": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Delete.json new file mode 100644 index 000000000000..72c7564e69bc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": {} + }, + "204": { + "body": {} + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Get.json new file mode 100644 index 000000000000..c7d47782bb3e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Get.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_List.json new file mode 100644 index 000000000000..c46ffa938bdc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_List.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetAllBillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetAllBillingStatistics.json new file mode 100644 index 000000000000..4ce5118264b5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetAllBillingStatistics.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/billingStatistics/sapUsage", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "sapSolutionUsage", + "type": "Microsoft.SecurityInsights/billingStatistics", + "kind": "SapSolutionUsage", + "properties": { + "activeSystemIdCount": 5 + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetBillingStatistic.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetBillingStatistic.json new file mode 100644 index 000000000000..704f8a5a4924 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetBillingStatistic.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "billingStatisticName": "sapSolutionUsage" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/billingStatistics/sapUsage", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "sapSolutionUsage", + "type": "Microsoft.SecurityInsights/billingStatistics", + "kind": "SapSolutionUsage", + "properties": { + "activeSystemIdCount": 5 + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/CreateBookmark.json new file mode 100644 index 000000000000..da224b490e6a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/CreateBookmark.json @@ -0,0 +1,143 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "bookmark": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/DeleteBookmark.json new file mode 100644 index 000000000000..91513ab15067 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/DeleteBookmark.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarkById.json new file mode 100644 index 000000000000..dbdf83056c6c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarkById.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + }, + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarks.json new file mode 100644 index 000000000000..674aa453e01e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarks.json @@ -0,0 +1,67 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + }, + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json new file mode 100644 index 000000000000..720674e041d9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "parameters": { + "expansionId": "27f76e63-c41b-480f-bb18-12ad2e011d49", + "startTime": "2019-12-25T17:21:00.000Z", + "endTime": "2020-01-24T17:21:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "name": "fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain" + } + } + ] + }, + "metaData": { + "aggregations": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json new file mode 100644 index 000000000000..52ac92ca28f8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json new file mode 100644 index 000000000000..f83cd45b628d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json new file mode 100644 index 000000000000..50b06b539c30 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json new file mode 100644 index 000000000000..24096444f81c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackageById.json new file mode 100644 index 000000000000..653196e3886d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackageById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "version": "2.0.0", + "displayName": "str" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackages.json new file mode 100644 index 000000000000..24b108b8cd7b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackages.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "contentSchemaVersion": "3.0.0", + "version": "2.0.0", + "displayName": "str" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackageById.json new file mode 100644 index 000000000000..b232b4ca2984 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackageById.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01", + "packageContent": "JSON string of the package" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackages.json new file mode 100644 index 000000000000..5039238a34f7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackages.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/InstallPackage.json new file mode 100644 index 000000000000..1a5d720792ac --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/InstallPackage.json @@ -0,0 +1,151 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str", + "packageInstallationProperties": { + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "version": "2.0.0", + "displayName": "str" + }, + "tags": { + "tag1": "str" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/UninstallPackage.json new file mode 100644 index 000000000000..6022341d36bd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/UninstallPackage.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/DeleteTemplate.json new file mode 100644 index 000000000000..ebcb6051f25f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/DeleteTemplate.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplateById.json new file mode 100644 index 000000000000..2f5d42aed12b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplateById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "version": "1.0.0", + "packageVersion": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "packageId": "packageId", + "packageKind": "Standalone", + "packageName": "package name", + "source": { + "kind": "Standalone", + "name": "Source name" + }, + "mainTemplate": {} + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplates.json new file mode 100644 index 000000000000..eaf6203176e2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplates.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "version": "1.0.0", + "packageVersion": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "packageId", + "packageKind": "Standalone", + "packageName": "package name", + "source": { + "kind": "Standalone", + "name": "Source name" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplateById.json new file mode 100644 index 000000000000..1160cf036593 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplateById.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "version": "1.0.0", + "packageVersion": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "packageId", + "source": { + "kind": "Standalone", + "name": "Source name" + }, + "mainTemplate": {} + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplates.json new file mode 100644 index 000000000000..aed5306b01ac --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplates.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "packageVersion": "1.0.0", + "version": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "packageId", + "source": { + "kind": "Standalone", + "name": "Source name" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/InstallTemplate.json new file mode 100644 index 000000000000..b4a53a10f5dc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/InstallTemplate.json @@ -0,0 +1,228 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "str.azure-sentinel-solution-str", + "templateInstallationProperties": { + "properties": { + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "displayName": "API Protection workbook template", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "packageVersion": "1.0.0", + "packageId": "str.azure-sentinel-solution-str", + "packageName": "str", + "packageKind": "Solution", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.1", + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user", + "displayName": "Critical or High Severity Detections by User", + "enabled": false, + "query": "...", + "queryFrequency": "PT1H", + "queryPeriod": "PT1H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]", + "properties": { + "description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1", + "parentId": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]", + "contentId": "4465ebde-b381-45f7-ad08-7d818070a11c", + "kind": "AnalyticsRule", + "version": "1.0.0", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + } + } + } + ] + } + }, + "tags": { + "tag1": "str" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "packageKind": "Solution", + "packageId": "str.azure-sentinel-solution-str", + "packageVersion": "1.0.0", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "displayName": "API Protection workbook template", + "source": { + "kind": "Solution", + "name": "CiscoUmbrella", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "packageKind": "Solution", + "packageId": "str.azure-sentinel-solution-str", + "packageVersion": "1.0.0", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "displayName": "API Protection workbook template", + "source": { + "kind": "Solution", + "name": "CiscoUmbrella", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json new file mode 100644 index 000000000000..d6f82fa3edde --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -0,0 +1,264 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "connectorDefinitionInput": { + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json new file mode 100644 index 000000000000..24e253859d80 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json new file mode 100644 index 000000000000..1710da620b9d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + }, + "connectionsConfig": { + "templateSpecName": "templateNameMock", + "templateSpecVersion": "1.0.0" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json new file mode 100644 index 000000000000..3dcf53a96b5a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json new file mode 100644 index 000000000000..da4e7a0eb4e2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json new file mode 100644 index 000000000000..da4e7a0eb4e2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json new file mode 100644 index 000000000000..da4e7a0eb4e2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json new file mode 100644 index 000000000000..23083fd655c7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureSecurityCenter", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json new file mode 100644 index 000000000000..25cce49cfbe6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "Dynamics365", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsIoT.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsIoT.json new file mode 100644 index 000000000000..a094deef8c94 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsIoT.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "IOT", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json new file mode 100644 index 000000000000..cad8c6cd68c8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json new file mode 100644 index 000000000000..cad8c6cd68c8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json new file mode 100644 index 000000000000..1fdaba4134bb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json new file mode 100644 index 000000000000..e570cf8e6948 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json new file mode 100644 index 000000000000..08f38b429782 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json new file mode 100644 index 000000000000..ab6cdbc6b3d1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "Office365Project", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json new file mode 100644 index 000000000000..e0dfbc169c62 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "OfficeATP", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json new file mode 100644 index 000000000000..b30ac167941c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "OfficeIRM", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json new file mode 100644 index 000000000000..bc83f3386323 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "OfficePowerBI", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json new file mode 100644 index 000000000000..f3ecbcee1555 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json new file mode 100644 index 000000000000..37e1a1a92d75 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json new file mode 100644 index 000000000000..5d64190c240e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "connectBody": { + "kind": "APIKey", + "apiKey": "123456789", + "requestConfigUserInputValues": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint" + } + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json new file mode 100644 index 000000000000..a0c596c7d2f3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "connectBody": { + "kind": "APIKey", + "apiKey": "123456789", + "dataCollectionEndpoint": "https://test.eastus.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-34adsj9o7d6f9de204478b9cgb43b631", + "outputStream": "Custom-MyTableRawData", + "requestConfigUserInputValues": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint" + } + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateAPIPolling.json new file mode 100644 index 000000000000..95261a8f591e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateAPIPolling.json @@ -0,0 +1,368 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "dataConnector": { + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json new file mode 100644 index 000000000000..4cc49b5aeac2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "dataConnector": { + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGenericUI.json new file mode 100644 index 000000000000..b6ba8ef6699c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGenericUI.json @@ -0,0 +1,437 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "dataConnector": { + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json new file mode 100644 index 000000000000..d1aa3dda4038 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "dataConnector": { + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json new file mode 100644 index 000000000000..09073750ed03 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..fec7b6e06d43 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "dataConnector": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "1970-01-01T00:00:00.000Z" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "01/01/1970 00:00:00" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "01/01/1970 00:00:00" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json new file mode 100644 index 000000000000..f2519b0dcc25 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "MicrosoftThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "178265c4-3136-4ff6-8ed1-b5b62b4cb5f5", + "dataTypes": { + "incidents": { + "state": "Disabled" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3", + "name": "595c870a-5b74-4a23-984c-9ddba29cefe3", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Disabled55" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3", + "name": "595c870a-5b74-4a23-984c-9ddba29cefe3", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Disabled" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json new file mode 100644 index 000000000000..d49595d802dd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json new file mode 100644 index 000000000000..97534bbd6ead --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json new file mode 100644 index 000000000000..81d870d7e16f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..30843c4a98ae --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json new file mode 100644 index 000000000000..5e7570c5c47c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4", + "friendlyName": "testTaxii", + "userName": "--", + "password": "--", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json new file mode 100644 index 000000000000..916d2ccf59b6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGenericUI.json new file mode 100644 index 000000000000..916d2ccf59b6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGenericUI.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json new file mode 100644 index 000000000000..9274c24e58af --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json new file mode 100644 index 000000000000..bc15b0266776 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..5dfa550aad13 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json new file mode 100644 index 000000000000..bc15b0266776 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json new file mode 100644 index 000000000000..bc15b0266776 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json new file mode 100644 index 000000000000..bc15b0266776 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json new file mode 100644 index 000000000000..b414bc3c7a15 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "disconnectBody": {} + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAPIPolling.json new file mode 100644 index 000000000000..1cb0b6f667e5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAPIPolling.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "customImage": "The image connector content", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json new file mode 100644 index 000000000000..1c1acd07464f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json new file mode 100644 index 000000000000..779d2c62c2bb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "afef3743-0c88-469c-84ff-ca2e87dc1e48" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesS3", + "properties": { + "destinationTable": "AWSVPCFlow", + "roleArn": "arn:aws:iam::072643944673:role/RoleName", + "sqsUrls": [ + "https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName" + ], + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json new file mode 100644 index 000000000000..6de2e94a9c70 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..74e723534d16 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json new file mode 100644 index 000000000000..bdbe7d7166e5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDataConnectors.json new file mode 100644 index 000000000000..843617a4ea3b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -0,0 +1,508 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligenceTaxii", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", + "friendlyName": "My TI Taxii Connector", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "userName": "", + "password": "", + "pollingFrequency": "OnceAMinute", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesS3", + "properties": { + "destinationTable": "AWSVPCFlow", + "roleArn": "arn:aws:iam::072643944673:role/RoleName", + "sqsUrls": [ + "https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName" + ], + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeATP", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "customImage": "The image connector content", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json new file mode 100644 index 000000000000..bca676481359 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGenericUI.json new file mode 100644 index 000000000000..e979d3221a49 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGenericUI.json @@ -0,0 +1,156 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "customImage": "The image connector content", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json new file mode 100644 index 000000000000..858e7132acbb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetIoTById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetIoTById.json new file mode 100644 index 000000000000..47ae342f2ad2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetIoTById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "name": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "IOT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json new file mode 100644 index 000000000000..57f5181ec518 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..29202b598005 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json new file mode 100644 index 000000000000..bf24c778b435 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeIRM", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json new file mode 100644 index 000000000000..02fc3802913e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json new file mode 100644 index 000000000000..c7fbd6376996 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "01/01/1970 00:00:00" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json new file mode 100644 index 000000000000..6268c5cc117d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Enabled" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json new file mode 100644 index 000000000000..5319541ead8c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeATP", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json new file mode 100644 index 000000000000..7fd531307873 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json new file mode 100644 index 000000000000..7c29448f045c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json new file mode 100644 index 000000000000..5613a4249b24 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..f677010ee1fa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json new file mode 100644 index 000000000000..9b9ee3d74728 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligenceTaxii", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", + "friendlyName": "My TI Taxii Connector", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "userName": "", + "password": "", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetGeodataByIp.json new file mode 100644 index 000000000000..ac42c010212e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetGeodataByIp.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "ipAddress": "1.2.3.4" + }, + "responses": { + "200": { + "body": { + "asn": "12345", + "carrier": "Microsoft", + "city": "Redmond", + "cityCf": 90, + "continent": "north america", + "country": "united states", + "countryCf": 99, + "ipAddr": "1.2.3.4", + "ipRoutingType": "fixed", + "latitude": "40.2436", + "longitude": "-100.8891", + "organization": "Microsoft", + "organizationType": "tech", + "region": "western usa", + "state": "washington", + "stateCf": null, + "stateCode": "wa" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetWhoisByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetWhoisByDomainName.json new file mode 100644 index 000000000000..41a6fdd4a423 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetWhoisByDomainName.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "domain": "microsoft.com" + }, + "responses": { + "200": { + "body": { + "domain": "microsoft.com", + "server": null, + "created": "2021-09-01T16:15:01.187045Z", + "updated": "2021-09-01T16:15:01.187045Z", + "expires": null, + "parsedWhois": { + "registrar": { + "name": "MarkMonitor, Inc", + "abuseContactPhone": "12083895770", + "abuseContactEmail": "abuse@microsoft.com", + "url": "http://www.markmonitor.com", + "whoisServer": "whois.markmonitor.com" + }, + "contacts": { + "admin": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "registrant": null, + "billing": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "tech": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + } + }, + "nameServers": [ + "ns1-205.azure-dns.com", + "ns2-205.azure-dns.net", + "ns3-205.azure-dns.org", + "ns4-205.azure-dns.info" + ], + "statuses": [ + "clientUpdateProhibited", + "clientTransferProhibited", + "clientDeleteProhibited", + "serverUpdateProhibited", + "serverTransferProhibited", + "serverDeleteProhibited" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAccountEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAccountEntityById.json new file mode 100644 index 000000000000..ec76a5a0c048 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAccountEntityById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain", + "upnSuffix": "contoso", + "sid": "S-1-5-18", + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "isDomainJoined": true, + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0", + "dnsDomain": "contoso.com" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAzureResourceEntityById.json new file mode 100644 index 000000000000..65f9ac45047a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAzureResourceEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "AzureResource", + "properties": { + "friendlyName": "vm1", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetCloudApplicationEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetCloudApplicationEntityById.json new file mode 100644 index 000000000000..a93f31617fa3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetCloudApplicationEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "CloudApplication", + "properties": { + "friendlyName": "AppName", + "appId": 1, + "appName": "AppName", + "instanceName": "InstanceName" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetDnsEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetDnsEntityById.json new file mode 100644 index 000000000000..2d62afb62b18 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetDnsEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "f4e74920-f2c0-4412-a45f-66d94fdf01f8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "name": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "type": "Microsoft.SecurityInsights/entities", + "kind": "DnsResolution", + "properties": { + "friendlyName": "domain", + "domainName": "domain", + "ipAddressEntityIds": [ + "475d3120-33e0-4841-9f1c-a8f15a801d19" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetEntities.json new file mode 100644 index 000000000000..84ce291f7cc2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetEntities.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain", + "upnSuffix": "contoso", + "sid": "S-1-5-18", + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "isDomainJoined": true, + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "name": "fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Host", + "properties": { + "friendlyName": "vm1", + "dnsDomain": "contoso", + "ntDomain": "domain", + "hostName": "vm1", + "netBiosName": "contoso", + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0", + "isDomainJoined": true + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "File", + "properties": { + "friendlyName": "cmd.exe", + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileEntityById.json new file mode 100644 index 000000000000..16196b7f49c7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "File", + "properties": { + "friendlyName": "cmd.exe", + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileHashEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileHashEntityById.json new file mode 100644 index 000000000000..13c3b8572214 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileHashEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "ea359fa6-c1e5-f878-e105-6344f3e399a1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/ea359fa6-c1e5-f878-e105-6344f3e399a1", + "name": "ea359fa6-c1e5-f878-e105-6344f3e399a1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "FileHash", + "properties": { + "friendlyName": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0(SHA256)", + "hashValue": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0", + "algorithm": "SHA256" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetHostEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetHostEntityById.json new file mode 100644 index 000000000000..9802e347e9ee --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetHostEntityById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Host", + "properties": { + "friendlyName": "vm1", + "dnsDomain": "contoso", + "ntDomain": "domain", + "hostName": "vm1", + "netBiosName": "contoso", + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0", + "isDomainJoined": true + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIoTDeviceEntityById.json new file mode 100644 index 000000000000..44d368694943 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "IoTDevice", + "properties": { + "friendlyName": "device1", + "deviceId": "device1", + "deviceName": "device1", + "iotHubEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c", + "nicEntityIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/6ee379bd-ace8-44cf-ab10-ee669a1b71e2" + ], + "deviceType": "Industrial", + "firmwareVersion": "20.11", + "importance": "Normal", + "isAuthorized": true, + "isProgramming": false, + "isScanner": false, + "model": "demo-model", + "protocols": [ + "CIP", + "EtherNet/IP" + ], + "operatingSystem": "Windows", + "purdueLayer": "ProcessControl", + "sensor": "demo-sensor", + "site": "demo-site", + "vendor": "demo-vendor", + "zone": "zone" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIpEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIpEntityById.json new file mode 100644 index 000000000000..ff996096dece --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIpEntityById.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Ip", + "properties": { + "friendlyName": "10.3.2.8", + "address": "10.3.2.8" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailClusterEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailClusterEntityById.json new file mode 100644 index 000000000000..8cc35485e101 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailClusterEntityById.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "MailCluster", + "properties": { + "friendlyName": "ClusterSourceIdentifier", + "networkMessageIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "countByDeliveryStatus": { + "deliveryStatus": 5 + }, + "countByThreatType": { + "threatType": 6 + }, + "countByProtectionStatus": { + "protectionStatus": 65 + }, + "threats": [ + "thrreat1", + "thread2" + ], + "query": "kqlFilter", + "queryTime": "2021-09-01T01:42:01.6026755Z", + "source": "ClusterSourceIdentifier", + "clusterSourceIdentifier": "cluster source identifier", + "clusterSourceType": "Similarity", + "clusterGroup": "cluster group" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailMessageEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailMessageEntityById.json new file mode 100644 index 000000000000..dbed05cb24f3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailMessageEntityById.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "MailMessage", + "properties": { + "friendlyName": "cmd.exe", + "fileEntityIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "recipient": "recipient", + "urls": [ + "http://moqbrarcwmnk.banxhdcojlg.biz" + ], + "threats": [ + "thrreat1", + "thread2" + ], + "p1Sender": "email@fake.com", + "p1SenderDisplayName": "p1 sender display name", + "p1SenderDomain": "p1 sender domain", + "senderIP": "1.23.34.43", + "p2Sender": "the sender", + "deliveryAction": "Blocked", + "p2SenderDisplayName": "p2 sender display name", + "p2SenderDomain": "p2 Sender Domain", + "internetMessageId": "message id", + "subject": "subject", + "language": "language", + "threatDetectionMethods": [ + "thrreat1", + "thread2" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailboxEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailboxEntityById.json new file mode 100644 index 000000000000..ef4ab0bb8f45 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailboxEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Mailbox", + "properties": { + "friendlyName": "emailAddress1", + "displayName": "display name", + "mailboxPrimaryAddress": "emailAddress1", + "upn": "upn1", + "externalDirectoryObjectId": "18cc8fdc-e169-4451-983a-bd027db286eb" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMalwareEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMalwareEntityById.json new file mode 100644 index 000000000000..858fbc380894 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMalwareEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Malware", + "properties": { + "malwareName": "Win32/Toga!rfn", + "category": "Trojan", + "friendlyName": "Win32/Toga!rfn" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetProcessEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetProcessEntityById.json new file mode 100644 index 000000000000..39826e45126e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetProcessEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "7264685c-038c-42c6-948c-38e14ef1fb98" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/7264685c-038c-42c6-948c-38e14ef1fb98", + "name": "7264685c-038c-42c6-948c-38e14ef1fb98", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Process", + "properties": { + "friendlyName": "cmd.exe", + "processId": "0x2aa48", + "commandLine": "\"cmd\"", + "imageFileEntityId": "bba7b47b-c1c1-4021-b568-5b07b9292f5e" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetQueries.json new file mode 100644 index 000000000000..84b2fbfb527b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetQueries.json @@ -0,0 +1,456 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Insight" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/6db7f5d1-f41e-46c2-b935-230b36a569e6", + "name": "6db7f5d1-f41e-46c2-b935-230b36a569e6", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Actions on account", + "description": "Summary of actions taken on the specified account, grouped by action: password resets and changes, account lockouts (policy or admin), account creation and deletion, account enabled and disabled\n", + "baseQuery": "let GetAccountActions = (v_Account_Name:string, v_Account_NTDomain:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string, v_Account_SID:string){\nAuditLogs\n| where OperationName in~ ('Delete user', 'Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', 'Update user')\n| extend UserPrincipalName = tostring(TargetResources[0].userPrincipalName)\n| extend Account_Name = tostring(split(UserPrincipalName, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserPrincipalName, '@')[1])\n| extend Action = tostring(parse_json(tostring(parse_json(tostring(TargetResources[0].modifiedProperties))[0])))\n| extend ModifiedProperty = parse_json(Action).displayName\n| extend ModifiedValue = parse_json(Action).newValue\n| extend Account_AADUserId = tostring(TargetResources[0].id)\n| extend DisableUser = iif(ModifiedProperty =~ 'AccountEnabled' and ModifiedValue =~ '[false]', 'True', 'False')\n| union isfuzzy=true (\nSecurityEvent\n| where EventID in (4720, 4722, 4723, 4724, 4725, 4726, 4740)\n| extend OperationName = tostring(EventID)\n| where AccountType =~ \"user\" or isempty(AccountType)\n| extend Account_Name = TargetUserName, Account_NTDomain = TargetDomainName, Account_SID = TargetSid\n)\n| where (Account_Name =~ v_Account_Name and (Account_UPNSuffix =~ v_Account_UPNSuffix or Account_NTDomain =~ v_Account_NTDomain)) or Account_AADUserId =~ v_Account_AADUserId or Account_SID =~ v_Account_SID\n};\nGetAccountActions('CTFFUser4', '', 'seccxp.ninja', '', '')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Action", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Most Recent", + "outputType": "Date", + "supportDeepLink": false + }, + { + "header": "Count", + "outputType": "Number", + "supportDeepLink": true + } + ], + "queriesDefinitions": [ + { + "filter": "where OperationName in~ ('Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', '4724', '4723')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Blocked from self-service password reset', '4740')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName == '4725' or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Add user', '4720')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Delete user', '4726')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('4725', 'Blocked from self-service password reset', '4740') or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('4722', '4767') or (OperationName =~ 'Update user' and DisableUser =~ 'False')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Update user','4738')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + } + ] + }, + "chartQuery": { + "title": "Actions by type", + "dataSets": [ + { + "query": "summarize Count = count() by bin(TimeGenerated, 1h), OperationName", + "xColumnName": "TimeGenerated", + "yColumnName": "Count", + "legendColumnName": "OperationName" + } + ], + "type": "BarChart" + }, + "additionalQuery": { + "text": "See all account activity", + "query": "project TimeGenerated, UserPrincipalName, Account_Name, OperationName, Activity, DisableUser, TargetSid, AADUserId, InitiatedBy, AADTenantId, AccountType, Computer, SubjectAccount, SubjectUserSid, EventData" + }, + "defaultTimeRange": { + "beforeRange": "12h", + "afterRange": "12h" + }, + "referenceTimeRange": null, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_NTDomain" + ], + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ], + [ + "Account_SID" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/0a5d7b14-b485-450a-a0ac-4100c860ac32", + "name": "0a5d7b14-b485-450a-a0ac-4100c860ac32", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Anomalously high office operation count", + "description": "Highlight office operations of the user with anomalously high count compared to those observed in the preceding 14 days.", + "baseQuery": "let AScoreThresh = 3; \nlet maxAnomalies = 3;\nlet BeforeRange = 12d; \nlet EndTime = todatetime('{{EndTimeUTC}}'); \nlet StartTime = todatetime('{{StartTimeUTC}}');\nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string) { \n OfficeActivity \n | extend splitUserId=split(UserId, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix }; \nuserData('CTFFUser4', 'seccxp.ninja')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Operation", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "summarize": "take 1", + "project": "project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "linkColumnsDefinitions": [ + { + "projectedName": "Operation", + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where Operation == ''\n" + } + ] + } + ] + }, + "chartQuery": { + "title": "Anomalous operation timeline", + "dataSets": [ + { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project Operation, TimeGenerated, count_\n| mvexpand TimeGenerated, count_ | project todatetime(TimeGenerated), toint(count_), Operation\n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_", + "legendColumnName": "Operation" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "Query all anomalous operations", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh | order by maxAnomalyScorePost desc \n| project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n" + }, + "defaultTimeRange": { + "beforeRange": "1d", + "afterRange": "0d" + }, + "referenceTimeRange": { + "beforeRange": "12d" + }, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "name": "e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Resource access", + "description": "Provides the count and distinct resource accesses by a given user account\n", + "baseQuery": "let Operations = dynamic([\"FileDownloaded\", \"FileUploaded\"]);\nlet UserOperationToSharePoint = (v_Account_Name:string, v_Account_UPNSuffix:string) {\nOfficeActivity\n// Select sharepoint activity that is relevant\n| where RecordType in~ ('SharePointFileOperation')\n| where Operation in~ (Operations)\n| extend Account_Name = tostring(split(UserId, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserId, '@')[1])\n| where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix\n| project TimeGenerated, Account_Name, Account_UPNSuffix, UserId, OfficeId, RecordType, Operation, OrganizationId, UserType, UserKey, OfficeWorkload, OfficeObjectId, ClientIP, ItemType, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension , Start_Time , ElevationTime , TenantId, SourceSystem , Type\n};\nUserOperationToSharePoint ('CTFFUser4','seccxp.ninja')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Resource Type", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Distinct Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "Total Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "IPAddress(es)", + "outputType": "String", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "where Operation =~ 'FileUploaded'", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation", + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "linkColumnsDefinitions": [ + { + "projectedName": "DistinctResources", + "Query": "{{BaseQuery}} | " + }, + { + "projectedName": "TotalResources", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where Operation =~ 'FileDownloaded'", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation", + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "linkColumnsDefinitions": [ + { + "projectedName": "DistinctResources", + "Query": "{{BaseQuery}} | " + }, + { + "projectedName": "TotalResources", + "Query": "{{BaseQuery}} | " + } + ] + } + ] + }, + "chartQuery": { + "title": "Resource access over time", + "dataSets": [ + { + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileUploaded'), TotalResources = countif(Operation =~ 'FileUploaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Uploads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources", + "legendColumnName": "Legend" + }, + { + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileDownloaded'), TotalResources = countif(Operation =~ 'FileDownloaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Downloads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources", + "legendColumnName": "Legend" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "See all resource activity", + "query": "where Operation in~ (Operations)" + }, + "defaultTimeRange": { + "beforeRange": "12h", + "afterRange": "12h" + }, + "referenceTimeRange": null, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "name": "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Anomalously high Azure sign-in result count", + "description": "Highlight Azure sign-in results by the user principal with anomalously high count compared to those observed in the preceding 14 days.", + "baseQuery": "let AScoreThresh=3; \nlet maxAnomalies=3; \nlet BeforeRange = 12d; \nlet EndTime=todatetime('{{EndTimeUTC}}');\nlet StartTime = todatetime('{{StartTimeUTC}}'); \nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string) { \n SigninLogs \n | where TimeGenerated between ((StartTime-BeforeRange) .. EndTime)\n | extend splitUserId=split(UserPrincipalName, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where (Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix) or UserId =~ v_Account_AADUserId };\nuserData('CTFFUser4', 'seccxp.ninja', '')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Result Description", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "summarize": "take 1", + "project": "project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "linkColumnsDefinitions": [ + { + "projectedName": "ResultDescription", + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where ResultDescription == ''\n" + } + ] + } + ] + }, + "chartQuery": { + "title": "Anomalous sign-in result timeline", + "dataSets": [ + { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project ResultDescription, TimeGenerated, count_ \n| mvexpand TimeGenerated, count_ \n| project todatetime(TimeGenerated), toint(count_), ResultDescription \n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_", + "legendColumnName": "ResultDescription" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "Query all anomalous sign-in results", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n" + }, + "defaultTimeRange": { + "beforeRange": "1d", + "afterRange": "0d" + }, + "referenceTimeRange": { + "beforeRange": "12d" + }, + "dataTypes": [ + { + "dataType": "SigninLogs" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "entitiesFilter": {} + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryKeyEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryKeyEntityById.json new file mode 100644 index 000000000000..34abe940d878 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryKeyEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "RegistryKey", + "properties": { + "friendlyName": "SOFTWARE", + "hive": "HKEY_LOCAL_MACHINE", + "key": "SOFTWARE" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryValueEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryValueEntityById.json new file mode 100644 index 000000000000..86f9151ca18a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryValueEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "dc44bd11-b348-4d76-ad29-37bf7aa41356" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/dc44bd11-b348-4d76-ad29-37bf7aa41356", + "name": "dc44bd11-b348-4d76-ad29-37bf7aa41356", + "type": "Microsoft.SecurityInsights/entities", + "kind": "RegistryValue", + "properties": { + "friendlyName": "Data", + "valueName": "Name", + "valueData": "Data", + "valueType": "String", + "keyEntityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityAlertEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityAlertEntityById.json new file mode 100644 index 000000000000..a747a060bc1f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityAlertEntityById.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "intent": "Unknown", + "alertDisplayName": "Suspicious account detected", + "description": "", + "confidenceLevel": "Unknown", + "severity": "Medium", + "vendorName": "Microsoft", + "productName": "Azure Sentinel", + "productComponentName": "Scheduled Alerts", + "alertType": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b_46c7b6c0-ff43-44dd-8b4d-ceffff7aa7df", + "providerAlertId": "c2bafff9-fb31-41d0-a177-ecbff7a02ffe", + "processingEndTime": "2019-07-06T13:56:53.5392366Z", + "status": "New", + "endTimeUtc": "2021-09-01T13:21:45.926185Z", + "startTimeUtc": "2021-09-01T08:21:45.926185Z", + "timeGenerated": "2021-09-01T13:56:53.5392366Z", + "tactics": [ + "Persistence", + "LateralMovement" + ], + "additionalData": { + "Query": "Heartbeat \n| extend AccountCustomEntity = \"administrator\"", + "Query Period": "05:00:00", + "Trigger Operator": "GreaterThan", + "Trigger Threshold": "200", + "Search Query Results Overall Count": "203", + "Total Account Entities": "1" + }, + "friendlyName": "Suspicious account detected", + "alertLink": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518119885989999999_4aa486e0-6f85-41af-99ea-7acdce7be6c8/subscriptionId/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/myRg/myWorkspace/referencedFrom/alertDeepLink/location/centralus" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityGroupEntityById.json new file mode 100644 index 000000000000..466c8b6e9493 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityGroupEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SecurityGroup", + "properties": { + "friendlyName": "Name", + "distinguishedName": "Name", + "sid": "Sid", + "objectGuid": "fb1b8e04-d944-4986-b39a-1ce9adedcd98" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSubmissionMailEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSubmissionMailEntityById.json new file mode 100644 index 000000000000..7d89c1ddf93a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSubmissionMailEntityById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SubmissionMail", + "properties": { + "friendlyName": "recipient", + "submissionId": "5bb3d8fe-54bc-499c-bc21-86fe8df2a184", + "submitter": "submitter", + "recipient": "recipient", + "sender": "sender", + "senderIp": "1.4.35.34", + "subject": "subject", + "reportType": "report type" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetUrlEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetUrlEntityById.json new file mode 100644 index 000000000000..2af10388dcfd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetUrlEntityById.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Url", + "properties": { + "friendlyName": "https://bing.com", + "url": "https://bing.com" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/expand/PostExpandEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/expand/PostExpandEntity.json new file mode 100644 index 000000000000..7f14a22d226f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/expand/PostExpandEntity.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "expansionId": "a77992f3-25e9-4d01-99a4-5ff606cc410a", + "startTime": "2019-04-25T00:00:00.000Z", + "endTime": "2019-05-26T00:00:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Ip", + "properties": { + "address": "13.89.108.248", + "friendlyName": "13.89.108.248" + } + } + ], + "edges": [ + { + "targetEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/c1d60d86-5988-11eb-ae93-0242ac130002", + "additionalData": { + "EpochTimestamp": "1608289949", + "FirstSeen": "2021-09-01T11:12:29.597Z", + "Source": "Heartbeat" + } + } + ] + }, + "metaData": { + "aggregations": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/insights/PostGetInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/insights/PostGetInsights.json new file mode 100644 index 000000000000..262c1487a6b1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/insights/PostGetInsights.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "addDefaultExtendedTimeRange": false, + "startTime": "2021-09-01T00:00:00.000Z", + "endTime": "2021-10-01T00:00:00.000Z", + "insightQueryIds": [ + "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4" + ] + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "tableQueryResults": { + "columns": [ + { + "name": "Title", + "type": "string" + }, + { + "name": "NameCount", + "type": "long" + }, + { + "name": "SIDCount", + "type": "long" + }, + { + "name": "InternalOrder", + "type": "long" + }, + { + "name": "Index", + "type": "long" + } + ], + "rows": [ + [ + "MyTitle", + "15", + "SID", + "1", + "1" + ] + ] + }, + "chartQueryResults": [ + { + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime" + }, + { + "name": "Count", + "type": "long" + }, + { + "name": "Legend", + "type": "string" + } + ], + "rows": [ + [ + "2021-09-01T00:00:00.000Z", + "55", + "SomeLegend" + ] + ] + } + ], + "queryTimeInterval": { + "startTime": "2021-09-01T23:35:20Z", + "endTime": "2021-09-01T23:35:20Z" + }, + "queryId": "e29ee1ef-7445-455e-85f1-269f2d536d61" + } + ], + "metaData": { + "totalCount": 7, + "errors": [ + { + "kind": "Insight", + "queryId": "4a70a63d-25c4-6312-b73e-4f302a90c06a", + "errorMessage": "Internal server error" + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetAllEntityRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetAllEntityRelations.json new file mode 100644 index 000000000000..09686d206a0b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetAllEntityRelations.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetEntityRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetEntityRelationByName.json new file mode 100644 index 000000000000..d58e62668067 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetEntityRelationByName.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/timeline/PostTimelineEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/timeline/PostTimelineEntity.json new file mode 100644 index 000000000000..e598d975f87d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/timeline/PostTimelineEntity.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "numberOfBucket": 4, + "startTime": "2021-09-01T00:00:00.000Z", + "endTime": "2021-10-01T00:00:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "kind": "SecurityAlert", + "description": "The alert description", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_bf7c3a2f-b743-6410-3ff0-ec64b5995d50", + "productName": "Azure Sentinel", + "displayName": "Alert display name", + "severity": "Medium", + "endTimeUtc": "2021-09-01T23:31:28.02Z", + "startTimeUtc": "2021-09-01T23:32:28.01Z", + "timeGenerated": "2021-09-01T23:37:25.8136594Z", + "alertType": "4467341f-fb73-4f99-a9b3-29473532cf5a_c93bf33e-055e-4972-9e7d-f84fe3fb61ae", + "Intent": "Discovery" + }, + { + "kind": "Activity", + "queryId": "e0459780-ac9d-4b72-8bd4-fecf6b46a0a1", + "bucketStartTimeUTC": "2021-09-01T21:31:28.02Z", + "bucketEndTimeUTC": "2021-09-01T23:31:28.02Z", + "firstActivityTimeUTC": "2021-09-01T21:35:28.02Z", + "lastActivityTimeUTC": "2021-09-01T21:35:28.02Z", + "content": "he user has deleted the account 3 time(s)", + "title": "The user has deleted an account" + }, + { + "kind": "Anomaly", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_d56430ef-f421-2c9c-0b7d-d082285843c6", + "description": "Anomalous private to public port scanning activity with high destination port count along with low port ratio. The ratios are normalized by multiplying them by 10,000 to get them to a more usable value between 0.0 and 1.0.", + "productName": "Azure Sentinel", + "displayName": "(Preview) Anomalous scanning activity", + "endTimeUtc": "2021-09-01T23:31:28.02Z", + "startTimeUtc": "2021-09-01T23:32:28.01Z", + "timeGenerated": "2021-09-01T23:37:25.8136594Z", + "vendor": "Microsoft", + "intent": "Discovery", + "techniques": [ + "T1046" + ], + "reasons": [ + "High destination port count", + "Low port ratio" + ] + } + ], + "metaData": { + "totalCount": 6, + "aggregations": [ + { + "count": 4, + "kind": "Activity" + }, + { + "count": 2, + "kind": "SecurityAlert" + }, + { + "count": 1, + "kind": "Anomaly" + } + ], + "errors": [ + { + "kind": "Activity", + "queryId": "11067f9f-d6a7-4488-887f-0ba564268879", + "errorMessage": "syntax error" + }, + { + "kind": "SecurityAlert", + "errorMessage": "internal server error" + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json new file mode 100644 index 000000000000..d5fcbd8016a7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "entityQuery": { + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/DeleteEntityQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/DeleteEntityQuery.json new file mode 100644 index 000000000000..c9e99753437e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/DeleteEntityQuery.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json new file mode 100644 index 000000000000..d518b50bbc5d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetEntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetEntityQueries.json new file mode 100644 index 000000000000..cd12753ae4a8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetEntityQueries.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "kind": "Expansion", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count asc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "dataSources": [ + "AzureActivity" + ], + "inputEntityType": "IP", + "displayName": "Least active accounts on Azure from this IP" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91", + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count desc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "dataSources": [ + "AzureActivity" + ], + "inputEntityType": "IP", + "displayName": "Most active accounts on Azure from this IP" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json new file mode 100644 index 000000000000..e81889ef443f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n SecurityEvent \r\n | where EventID == 4688 \r\n | where isnotempty(ParentProcessName)\r\n | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n | top 10 by min_TimeGenerated asc};\r\n GetParentProcessesOnHost(toupper(''))", + "inputFields": [ + "hostName" + ], + "outputEntityTypes": [ + "Process" + ], + "dataSources": [ + "SecurityEvent" + ], + "inputEntityType": "Host", + "displayName": "Parent processes running on host" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json new file mode 100644 index 000000000000..3370a3d53286 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryTemplateId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueryTemplate", + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json new file mode 100644 index 000000000000..59139282f7ed --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json @@ -0,0 +1,105 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "kind": "Activity", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueryTemplates", + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ] + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/97a1d515-abf2-4231-9a35-985f9de0bb91", + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueryTemplates", + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/CreateFileImport.json new file mode 100644 index 000000000000..164c37b1a9d5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/CreateFileImport.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "fileImport": { + "properties": { + "source": "mySource", + "importFile": { + "fileName": "myFile.json", + "fileSize": 4653, + "fileFormat": "JSON" + }, + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 4653, + "fileFormat": "JSON", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/fileName.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "deleteStatus": "NotDeleted" + }, + "state": "WaitingForUpload", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": null, + "validRecordCount": null, + "ingestedRecordCount": null, + "createdTimeUTC": "2022-04-04T20:05:59.847136Z", + "filesValidUntilTimeUTC": "2022-04-05T20:05:59.8471361Z", + "importValidUntilTimeUTC": "2022-05-04T20:05:59.8471366Z", + "source": "mySource" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/DeleteFileImport.json new file mode 100644 index 000000000000..3540b6685ef2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/DeleteFileImport.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "202": { + "headers": { + "location": "https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": null, + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + }, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImportById.json new file mode 100644 index 000000000000..e06a4856aa29 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImportById.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/myFile.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImports.json new file mode 100644 index 000000000000..d94f9e2d2462 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImports.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "fileName.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": null, + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHunt.json new file mode 100644 index 000000000000..bfd92ebb0c92 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHunt.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "hunt": { + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "huntSequenceNumber": 0, + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntComment.json new file mode 100644 index 000000000000..7e1ae5ac5d27 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntComment.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntComment": { + "properties": { + "message": "This is a test comment." + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a test comment." + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a test comment." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntRelation.json new file mode 100644 index 000000000000..94f85df65ca1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntRelation.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntRelation": { + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "labels": [ + "Test Label" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "Test Label" + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "Test Label" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHunt.json new file mode 100644 index 000000000000..55e17b6ae4fc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHunt.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntComment.json new file mode 100644 index 000000000000..0a134e4582ed --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntComment.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c123456" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntRelation.json new file mode 100644 index 000000000000..e869b63a6da8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntRelation.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntById.json new file mode 100644 index 000000000000..feaeba7cef27 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt ", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntCommentById.json new file mode 100644 index 000000000000..e8ed12d0e827 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntCommentById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a comment." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntComments.json new file mode 100644 index 000000000000..1c23af972fbf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntComments.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "properties": { + "message": "This is a test comment." + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelationById.json new file mode 100644 index 000000000000..6e4f219028e4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelationById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "label1" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelations.json new file mode 100644 index 000000000000..e774d2dfac4c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelations.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "label1" + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHunts.json new file mode 100644 index 000000000000..b0e15e7cd5de --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHunts.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/b372ee75-2cad-4b71-8917-d5d5df9315b5", + "name": "b372ee75-2cad-4b71-8917-d5d5df9315b5", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json new file mode 100644 index 000000000000..7f43934af733 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "tactics": [], + "alertDisplayName": "myAlert", + "confidenceLevel": "Unknown", + "severity": "Low", + "vendorName": "Microsoft", + "productName": "Azure Security Center", + "alertType": "myAlert", + "processingEndTime": "2020-07-20T18:21:53.615Z", + "status": "New", + "endTimeUtc": "2020-07-20T18:21:53.615Z", + "startTimeUtc": "2020-07-20T18:21:53.615Z", + "timeGenerated": "2020-07-20T18:21:53.615Z", + "resourceIdentifiers": [ + { + "type": "LogAnalytics", + "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroup": "myRG" + } + ], + "additionalData": { + "alertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" + }, + "friendlyName": "myAlert" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json new file mode 100644 index 000000000000..a4949bffbff5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.426+00:00", + "updated": "2020-06-17T15:34:01.426+00:00", + "createdBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@contoso.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@contoso.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.426+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "eTag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json new file mode 100644 index 000000000000..2d48a5026824 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentComment": { + "properties": { + "message": "Some message" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json new file mode 100644 index 000000000000..05a421f08f12 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json new file mode 100644 index 000000000000..f8ec4dfd066f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json new file mode 100644 index 000000000000..b34176b658c0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json new file mode 100644 index 000000000000..b6c167ce6d3c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600" + }, + "responses": { + "200": { + "body": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Account", + "properties": { + "accountName": "administrator", + "ntDomain": "domain", + "friendlyName": "administrator" + } + } + ], + "metaData": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json new file mode 100644 index 000000000000..1ef36fd6cf7d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json @@ -0,0 +1,73 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentTask": { + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json new file mode 100644 index 000000000000..639caba3a8bf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json new file mode 100644 index 000000000000..f61497e52893 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json new file mode 100644 index 000000000000..0e72c0afd6d0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json new file mode 100644 index 000000000000..1d603067ddec --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", + "teamProperties": { + "teamName": "Team name", + "teamDescription": "Team description", + "groupIds": null, + "memberIds": null + } + }, + "responses": { + "200": { + "body": { + "teamId": "99978838-9bda-4ad4-8f93-4cf7ebc50ca5", + "primaryChannelUrl": "https://teams.microsoft.com/l/team/19:80bf3b25485b4067b7d2dc4eec9e1578%40thread.tacv2/conversations?groupId=99978838-9bda-4ad4-8f93-4cf7ebc50ca5&tenantId=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "teamCreationTimeUtc": "2021-03-15T17:08:21.995Z", + "name": "Team name", + "description": "Team description" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_CreateOrUpdate.json new file mode 100644 index 000000000000..0f85d70fdac1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_CreateOrUpdate.json @@ -0,0 +1,136 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incident": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": null, + "assignedTo": null, + "userPrincipalName": null, + "ownerType": null + }, + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Delete.json new file mode 100644 index 000000000000..40e6a77ecda7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Delete.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Get.json new file mode 100644 index 000000000000..9369fd35ed53 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Get.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_List.json new file mode 100644 index 000000000000..d6e455d4865b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_List.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json new file mode 100644 index 000000000000..f642ccfe72b5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json new file mode 100644 index 000000000000..6d71495c719f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json new file mode 100644 index 000000000000..66f00dbcb91f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceType": "Microsoft.SecurityInsights/entities", + "relatedResourceKind": "SecurityAlert" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json new file mode 100644 index 000000000000..4eb856e18423 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Entities_RunPlaybook.json new file mode 100644 index 000000000000..bd710bcd9573 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Entities_RunPlaybook.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityIdentifier": "72e01a22-5cd2-4139-a149-9f2736ff2ar2", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd", + "incidentArmId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5" + } + }, + "responses": { + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json new file mode 100644 index 000000000000..ad0cea37664b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentIdentifier": "73e01a99-5cd7-4139-a149-9f2736ff2ar4", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" + } + }, + "responses": { + "204": { + "body": {} + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/DeleteMetadata.json new file mode 100644 index 000000000000..2636023ef7a3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/DeleteMetadata.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadata.json new file mode 100644 index 000000000000..a1bb87858ae3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadata.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName3", + "name": "metadataName3", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f593501d-ec01-4057-8146-a1de35c461ef", + "version": "1.0.0.0", + "kind": "Workbook", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/workbookName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadataOData.json new file mode 100644 index 000000000000..635542c29f7c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadataOData.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ODataFilter": "properties/kind eq 'AnalyticsRule'", + "ODataOrderBy": "properties/parentId desc", + "ODataSkip": "2", + "ODataTop": "2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName1", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetMetadata.json new file mode 100644 index 000000000000..1918ebe9605b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetMetadata.json @@ -0,0 +1,104 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PatchMetadata.json new file mode 100644 index 000000000000..2aca900eaa53 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PatchMetadata.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadataPatch": { + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadata.json new file mode 100644 index 000000000000..07d22616ffa7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadata.json @@ -0,0 +1,286 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector", + "name": "Microsoft Defender for Endpoint" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + }, + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadataMinimal.json new file mode 100644 index 000000000000..41ab51ce6b12 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadataMinimal.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json new file mode 100644 index 000000000000..68172c2b7239 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsents.json new file mode 100644 index 000000000000..1f882f131594 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsents.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "properties": { + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json new file mode 100644 index 000000000000..e837992a102c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "properties": { + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json new file mode 100644 index 000000000000..478ff35389d7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sentinelOnboardingStateName": "default", + "sentinelOnboardingStateParameter": { + "properties": { + "customerManagedKey": false + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json new file mode 100644 index 000000000000..1ad72e5e5817 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sentinelOnboardingStateName": "default" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json new file mode 100644 index 000000000000..14a94aaacbfc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json new file mode 100644 index 000000000000..63b06b21a1a7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json @@ -0,0 +1,21 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sentinelOnboardingStateName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/operations/ListOperations.json new file mode 100644 index 000000000000..af58cccc075a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/operations/ListOperations.json @@ -0,0 +1,563 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "Microsoft.SecurityInsights/operations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Operations", + "operation": "Get Operations", + "description": "Gets operations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Get Automation Rules", + "description": "Gets an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Update Automation Rules", + "description": "Updates an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Delete Automation Rules", + "description": "Deletes an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Get Bookmarks", + "description": "Gets bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Update Bookmarks", + "description": "Updates bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Delete Bookmarks", + "description": "Deletes bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/expand/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Expand on entity", + "description": "Gets related entities of an entity by a specific expansion" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Get Bookmark Relations", + "description": "Gets a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Update Bookmark Relations", + "description": "Updates a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Delete Bookmark Relations", + "description": "Deletes a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Get Alert Rules", + "description": "Gets the alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Update Alert Rules", + "description": "Updates alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Delete Alert Rules", + "description": "Deletes alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Get Alert Rule Response Actions", + "description": "Gets the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Update Alert Rule Response Actions", + "description": "Updates the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Delete Alert Rule Response Actions", + "description": "Deletes the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Get Data Connectors", + "description": "Gets the data connectors" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Update Data Connectors", + "description": "Updates a data connector" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Delete a Data Connector", + "description": "Deletes a data connector" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectorsCheckRequirements", + "operation": "Check user authorization and license", + "description": "Check user authorization and license" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Get Incidents", + "description": "Gets an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Update Incidents", + "description": "Updates an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Delete Incidents", + "description": "Deletes an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Get Incident Comments", + "description": "Gets the incident comments" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Create Incident Comments", + "description": "Creates a comment on the incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Delete Incident Comment", + "description": "Deletes a comment on the incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Get Incident Relations", + "description": "Gets a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Update Incident Relations", + "description": "Updates a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Delete Incident Relations", + "description": "Deletes a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence", + "description": "Gets Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Update Threat Intelligence", + "description": "Updates Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Delete Threat Intelligence", + "description": "Deletes Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/query/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence", + "description": "Query Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Collect Threat Intelligence Metrics", + "description": "Collect Threat Intelligence Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkDelete/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Delete Threat Intelligence", + "description": "Bulk Delete Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkTag/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Tags Threat Intelligence", + "description": "Bulk Tags Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Update Threat Intelligence Indicators", + "description": "Updates Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Delete Threat Intelligence Indicators", + "description": "Deletes Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/query/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence Indicators", + "description": "Query Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence Indicator Metrics", + "description": "Get Threat Intelligence Indicator Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Delete Threat Intelligence Indicators", + "description": "Bulk Delete Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Tags Threat Intelligence Indicators", + "description": "Bulk Tags Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence Indicators", + "description": "Gets Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Collect Threat Intelligence Metrics", + "description": "Collect Threat Intelligence Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/createIndicator/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Create Threat Intelligence Indicator", + "description": "Create Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Append tags to Threat Intelligence Indicator", + "description": "Append tags to Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Replace Tags of Threat Intelligence Indicator", + "description": "Replace Tags of Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/queryIndicators/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence Indicators", + "description": "Query Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Get Watchlists", + "description": "Gets Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Create Watchlists", + "description": "Create Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Delete Watchlists", + "description": "Deletes Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Get Onboarding States", + "description": "Gets an onboarding state" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Update Onboarding States", + "description": "Updates an onboarding state" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Delete Onboarding States", + "description": "Deletes an onboarding state" + }, + "origin": "user" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendation.json new file mode 100644 index 000000000000..cf61b186bb05 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendation.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc" + }, + "responses": { + "200": { + "body": { + "recommendationTypeId": "Swagger_Example", + "id": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "priority": "Medium", + "category": "Onboarding", + "context": "None", + "content": { + "title": "someText", + "description": "someText" + }, + "resourceId": "someId", + "recommendationTypeTitle": "someText", + "recommendationTypeDescription": "someText", + "instructions": { + "actionsToBePerformed": "someText", + "recommendationImportance": "someText" + }, + "additionalProperties": { + "someKey": "someValue" + }, + "title": "someText", + "description": "someText", + "workspaceId": "9a7711dc-40de-43b5-bf7e-ba25ec4592f3", + "actions": [ + { + "linkText": "someText", + "linkUrl": "https://www.someuri.com", + "state": "Active" + } + ], + "state": "CompletedByAction", + "hideUntilTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "displayUntilTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendations.json new file mode 100644 index 000000000000..c199966a01c4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendations.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "recommendationTypeId": "ThreatIntelligence_Example", + "id": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "priority": "Medium", + "category": "Onboarding", + "context": "None", + "content": { + "title": "someText", + "description": "someText" + }, + "resourceId": "someId", + "recommendationTypeTitle": "someText", + "recommendationTypeDescription": "someText", + "instructions": { + "actionsToBePerformed": "someText", + "recommendationImportance": "someText" + }, + "additionalProperties": { + "someKey": "someValue" + }, + "title": "someText", + "description": "someText", + "workspaceId": "9a7711dc-40de-43b5-bf7e-ba25ec4592f3", + "actions": [ + { + "linkText": "someText", + "linkUrl": "https://www.someuri.com", + "state": "Active" + } + ], + "state": "CompletedByAction", + "hideUntilTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "displayUntilTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/PatchRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/PatchRecommendation.json new file mode 100644 index 000000000000..0afaf2d76759 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/PatchRecommendation.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "recommendationPatch": [ + { + "state": "Active" + } + ] + }, + "responses": { + "202": { + "headers": { + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/recommendations/6d4b54eb-8684-4aa3-a156-3aa37b8014bc?api-version=2023-08-01-preview" + }, + "body": { + "recommendationTypeId": "ThreatIntelligence_Example", + "id": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "priority": "Medium", + "category": "Onboarding", + "context": "None", + "content": { + "title": "someText", + "description": "someText" + }, + "resourceId": "someId", + "recommendationTypeTitle": "someText", + "recommendationTypeDescription": "someText", + "instructions": { + "actionsToBePerformed": "someText", + "recommendationImportance": "someText" + }, + "additionalProperties": { + "someKey": "someValue" + }, + "title": "someText", + "description": "someText", + "workspaceId": "9a7711dc-40de-43b5-bf7e-ba25ec4592f3", + "actions": [ + { + "linkText": "someText", + "linkUrl": "https://www.someuri.com", + "state": "Active" + } + ], + "state": "CompletedByUser", + "hideUntilTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "displayUntilTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/repositories/GetRepositories.json new file mode 100644 index 000000000000..82dfc973f2cb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/repositories/GetRepositories.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "repoType": "Github", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "url": "https://api.github.com/repos/user/reponame", + "fullName": "reponame", + "branches": [ + "master", + "develop" + ] + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..9787f9d43a14 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,245 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db", + "securityMLAnalyticsSetting": { + "kind": "Anomaly", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "kind": "Anomaly", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "kind": "Anomaly", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..dd169bed2a64 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json new file mode 100644 index 000000000000..6c703b52d5ec --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "kind": "Anomaly", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..0b86d85c7116 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,91 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "myFirstAnomalySettings" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "kind": "Anomaly", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/DeleteEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/DeleteEyesOnSetting.json new file mode 100644 index 000000000000..c0499262937e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/DeleteEyesOnSetting.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsName": "EyesOn" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetAllSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetAllSettings.json new file mode 100644 index 000000000000..6bc3c6c8e9c7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetAllSettings.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetEyesOnSetting.json new file mode 100644 index 000000000000..b6b3f4977815 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetEyesOnSetting.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsName": "EyesOn" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/UpdateEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/UpdateEyesOnSetting.json new file mode 100644 index 000000000000..f4a2ce002653 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/UpdateEyesOnSetting.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsName": "EyesOn", + "settings": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": {} + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/CreateSourceControl.json new file mode 100644 index 000000000000..e224c7e72352 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/CreateSourceControl.json @@ -0,0 +1,162 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "sourceControl": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My Source Control", + "description": "This is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo" + }, + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json new file mode 100644 index 000000000000..5c02bc30b494 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "repositoryAccess": { + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } + } + }, + "responses": { + "200": { + "body": { + "warning": { + "code": "SourceControlWarning_DeleteServicePrincipal", + "message": "ServicePrincipal has not been removed due to insufficient permissions." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControlById.json new file mode 100644 index 000000000000..80ed9f71117a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControlById.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControls.json new file mode 100644 index 000000000000..343db3e243ec --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControls.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json new file mode 100644 index 000000000000..1b47703871bb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceAppendTags": { + "threatIntelligenceTags": [ + "tag1", + "tag2" + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json new file mode 100644 index 000000000000..3e576123a81f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "lastUpdatedTimeUtc": "2021-09-01T19:44:44.117403Z", + "threatTypeMetrics": [ + { + "metricName": "compromised", + "metricValue": 20 + } + ], + "patternTypeMetrics": [ + { + "metricName": "url", + "metricValue": 20 + } + ], + "sourceMetrics": [ + { + "metricName": "Azure Sentinel", + "metricValue": 10315 + }, + { + "metricName": "zinga", + "metricValue": 2 + } + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json new file mode 100644 index 000000000000..2d8fc2ee4d53 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2021-09-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-09-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-09-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-09-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-09-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-09-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json new file mode 100644 index 000000000000..05fa7c80a91e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json new file mode 100644 index 000000000000..b8577ce5ceba --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2021-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..78ad95e681e6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:18:49.2259902Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json new file mode 100644 index 000000000000..8207a16fe351 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json @@ -0,0 +1,107 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ThreatIntelligenceFilteringCriteria": { + "pageSize": 100, + "minConfidence": 25, + "maxConfidence": 80, + "minValidUntil": "2021-04-05T17:44:00.114052Z", + "maxValidUntil": "2021-04-25T17:44:00.114052Z", + "sources": [ + "Azure Sentinel" + ], + "sortBy": [ + { + "itemKey": "lastUpdatedTimeUtc", + "sortOrder": "descending" + } + ] + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2021-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators 2", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z", + "parsedPattern": [ + { + "patternTypeKey": "network-traffic", + "patternTypeValues": [ + { + "valueType": "0", + "value": "SSH-2.0-PuTTY_Release_0.64" + }, + { + "valueType": "1", + "value": "194.88.106.146" + } + ] + } + ] + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json new file mode 100644 index 000000000000..b7d7381e90aa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceReplaceTags": { + "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", + "kind": "indicator", + "properties": { + "threatIntelligenceTags": [ + "patching tags" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T19:56:08.828946Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json new file mode 100644 index 000000000000..a7a53d425005 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json new file mode 100644 index 000000000000..ed3660873405 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "analyticsRuleRunTriggerParameter": { + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z" + } + } + }, + "responses": { + "202": { + "headers": { + "Code": "202", + "Message": "Accepted", + "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2023-08-01-preview" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json new file mode 100644 index 000000000000..aa6edbcdd745 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "triggeredAnalyticsRuleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "provisioningState": "InProgress", + "ruleRunAdditionalData": { + "auditCorrelationId": "b8540a76-cb05-4a9b-8d52-9959b509e4ad", + "createdBy": "user@microsoft.com", + "healthCorrelationId": "dadd8fdc-fc7a-4005-a289-4e164cb75093" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json new file mode 100644 index 000000000000..17b455253864 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "triggeredAnalyticsRuleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "provisioningState": "InProgress", + "ruleRunAdditionalData": { + "auditCorrelationId": "b8540a76-cb05-4a9b-8d52-9959b509e4ad", + "createdBy": "user@microsoft.com", + "healthCorrelationId": "dadd8fdc-fc7a-4005-a289-4e164cb75093" + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "name": "1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "properties": { + "executionTimeUtc": "2022-12-20T15:37:03.074Z", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "triggeredAnalyticsRuleRunId": "1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "provisioningState": "Succeeded", + "ruleRunAdditionalData": { + "auditCorrelationId": "763f9dae-1027-44b9-a34a-589404693670", + "createdBy": "user2@microsoft.com", + "healthCorrelationId": "b3c165ec-f53e-48c1-9677-216d9e930912" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlist.json new file mode 100644 index 000000000000..df593390b215 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlist.json @@ -0,0 +1,88 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "watchlist.csv", + "sourceType": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "itemsSearchKey": "header1" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json new file mode 100644 index 000000000000..8b45f97eda71 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "watchlist.csv", + "sourceType": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "numberOfLinesToSkip": 1, + "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", + "itemsSearchKey": "header1", + "contentType": "text/csv" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistItem.json new file mode 100644 index 000000000000..337d06d48206 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItem": { + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlist.json new file mode 100644 index 000000000000..a2387e1b8271 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlist.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "headers": { + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2023-08-01-preview" + } + }, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlistItem.json new file mode 100644 index 000000000000..fdcd035c0765 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistByAlias.json new file mode 100644 index 000000000000..7acc168cbd9c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistByAlias.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItemById.json new file mode 100644 index 000000000000..aebdffd2aa03 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItemById.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItems.json new file mode 100644 index 000000000000..eb9df1b2c33a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItems.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlists.json new file mode 100644 index 000000000000..0151335e5644 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlists.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateJob.json new file mode 100644 index 000000000000..332563db8e0b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateJob.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "properties": { + "startTime": "2022-06-14T04:47:52.9614956Z", + "provisioningState": "InProgress" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..69183e366ff5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceManagerAssignment": { + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteJob.json new file mode 100644 index 000000000000..3eed8e514dfb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteJob.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..0c1d895733e6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json new file mode 100644 index 000000000000..6f88c8c0da71 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "properties": { + "endTime": "2022-06-14T04:52:52.9614956Z", + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne", + "status": "Succeeded", + "executionTime": "2022-06-14T04:49:52.9614956Z" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo", + "status": "Failed", + "executionTime": "2022-06-14T04:50:52.9614956Z", + "errors": [ + { + "memberResourceName": "f5fa104e-c0e3-4747-9182-d342dc048a9e", + "errorMessage": "Failed to write. Status code: Forbidden." + } + ] + } + ], + "startTime": "2022-06-14T04:47:52.9614956Z", + "provisioningState": "Failed" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json new file mode 100644 index 000000000000..a9020e1a03a6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "lastJobEndTime": "2022-06-14T04:52:52.9614956Z", + "lastJobProvisioningState": "Failed" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetJob.json new file mode 100644 index 000000000000..79f417a2fed4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetJob.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "properties": { + "endTime": "2022-06-14T04:52:52.9614956Z", + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne", + "status": "Succeeded", + "executionTime": "2022-06-14T04:49:52.9614956Z" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo", + "status": "Failed", + "executionTime": "2022-06-14T04:50:52.9614956Z", + "errors": [ + { + "memberResourceName": "f5fa104e-c0e3-4747-9182-d342dc048a9e", + "errorMessage": "Failed to write. Status code: Forbidden." + } + ] + } + ], + "startTime": "2022-06-14T04:47:52.9614956Z", + "provisioningState": "Failed" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..2fc2663161dc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "lastJobEndTime": "2022-06-14T04:52:52.9614956Z", + "lastJobProvisioningState": "Failed" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..41bc71735e2b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerConfigurationName": "default", + "workspaceManagerConfiguration": { + "properties": { + "mode": "Enabled" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..ca8d2d3089c0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerConfigurationName": "default" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json new file mode 100644 index 000000000000..e994520ea300 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..d3634df943ba --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerConfigurationName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json new file mode 100644 index 000000000000..3e4dce3adcef --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "workspaceManagerGroup": { + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json new file mode 100644 index 000000000000..f5a54dff69c6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json new file mode 100644 index 000000000000..f752660deedc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json new file mode 100644 index 000000000000..e0603dfe2547 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json new file mode 100644 index 000000000000..14b5f69b4d50 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "workspaceManagerMember": { + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json new file mode 100644 index 000000000000..508c53deb7ac --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json new file mode 100644 index 000000000000..38b805ae086c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json new file mode 100644 index 000000000000..30757367552f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-08-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/operations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/operations.json new file mode 100644 index 000000000000..fc967c4e5df5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/operations.json @@ -0,0 +1,138 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-08-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "x-ms-examples": { + "Get all operations.": { + "$ref": "./examples/operations/ListOperations.json" + } + }, + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/OperationsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "OperationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of operations.", + "type": "string", + "readOnly": true + }, + "value": { + "description": "Array of operations", + "items": { + "$ref": "#/definitions/Operation" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "Operation": { + "description": "Operation provided by provider", + "properties": { + "display": { + "description": "Properties of the operation", + "properties": { + "description": { + "description": "Description of the operation", + "type": "string" + }, + "operation": { + "description": "Operation name", + "type": "string" + }, + "provider": { + "description": "Provider name", + "type": "string" + }, + "resource": { + "description": "Resource name", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the operation", + "type": "string" + }, + "origin": { + "description": "The origin of the operation", + "type": "string" + }, + "isDataAction": { + "description": "Indicates whether the operation is a data action", + "type": "boolean" + } + }, + "type": "object" + } + }, + "parameters": {} +} From 2c67bfc97b286cc040b9a1bc7990aeb4f15b7077 Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Mon, 18 Sep 2023 13:59:37 -0700 Subject: [PATCH 2/3] Updates readme --- .../resource-manager/readme.md | 44 ++++++++++++++++++- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/readme.md b/specification/securityinsights/resource-manager/readme.md index c139b26296e8..f2be4041a53a 100644 --- a/specification/securityinsights/resource-manager/readme.md +++ b/specification/securityinsights/resource-manager/readme.md @@ -26,17 +26,56 @@ These are the global settings for the SecurityInsights API. ``` yaml openapi-type: arm -tag: package-preview-2023-08 +tag: package-preview-2023-09 ``` --- +### Tag: package-preview-2023-09 + +These settings apply only when `--tag=package-preview-2023-09` is specified on the command line. + +```yaml $(tag) == 'package-preview-2023-09' +input-file: + - Microsoft.SecurityInsights/preview/2023-09-01-preview/AlertRules.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/AutomationRules.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/BillingStatistics.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/Bookmarks.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentPackages.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductPackages.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductTemplates.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentTemplates.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/Enrichment.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/Entities.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueries.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueryTemplates.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/FileImports.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/Hunts.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/Incidents.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/Metadata.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/OfficeConsents.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/OnboardingStates.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/Recommendations.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/SecurityMLAnalyticsSettings.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/Settings.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/SourceControls.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/ThreatIntelligence.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/TriggeredAnalyticsRuleRuns.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/Watchlists.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerAssignments.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerConfigurations.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerGroups.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerMembers.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectorDefinitions.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectors.json + - Microsoft.SecurityInsights/preview/2023-09-01-preview/operations.json +``` ### Tag: package-preview-2023-08 These settings apply only when `--tag=package-preview-2023-08` is specified on the command line. -```yaml $(tag) == 'package-preview-2023-08' +``` yaml $(tag) == 'package-preview-2023-08' input-file: - Microsoft.SecurityInsights/preview/2023-08-01-preview/AlertRules.json - Microsoft.SecurityInsights/preview/2023-08-01-preview/AutomationRules.json @@ -71,6 +110,7 @@ input-file: - Microsoft.SecurityInsights/preview/2023-08-01-preview/dataConnectors.json - Microsoft.SecurityInsights/preview/2023-08-01-preview/operations.json ``` + ### Tag: package-preview-2023-07 These settings apply only when `--tag=package-preview-2023-07` is specified on the command line. From b90857ced9ea1d2e194597106233e3e1ccb2b50f Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Mon, 18 Sep 2023 13:59:43 -0700 Subject: [PATCH 3/3] Updates API version in new specs and examples --- .../preview/2023-09-01-preview/AlertRules.json | 2 +- .../preview/2023-09-01-preview/AutomationRules.json | 2 +- .../preview/2023-09-01-preview/BillingStatistics.json | 2 +- .../preview/2023-09-01-preview/Bookmarks.json | 2 +- .../preview/2023-09-01-preview/ContentPackages.json | 2 +- .../preview/2023-09-01-preview/ContentProductPackages.json | 2 +- .../preview/2023-09-01-preview/ContentProductTemplates.json | 2 +- .../preview/2023-09-01-preview/ContentTemplates.json | 2 +- .../preview/2023-09-01-preview/Enrichment.json | 2 +- .../preview/2023-09-01-preview/Entities.json | 2 +- .../preview/2023-09-01-preview/EntityQueries.json | 2 +- .../preview/2023-09-01-preview/EntityQueryTemplates.json | 2 +- .../preview/2023-09-01-preview/FileImports.json | 2 +- .../preview/2023-09-01-preview/Hunts.json | 2 +- .../preview/2023-09-01-preview/Incidents.json | 2 +- .../preview/2023-09-01-preview/Metadata.json | 2 +- .../preview/2023-09-01-preview/OfficeConsents.json | 2 +- .../preview/2023-09-01-preview/OnboardingStates.json | 2 +- .../preview/2023-09-01-preview/Recommendations.json | 2 +- .../2023-09-01-preview/SecurityMLAnalyticsSettings.json | 2 +- .../preview/2023-09-01-preview/Settings.json | 2 +- .../preview/2023-09-01-preview/SourceControls.json | 2 +- .../preview/2023-09-01-preview/ThreatIntelligence.json | 2 +- .../2023-09-01-preview/TriggeredAnalyticsRuleRuns.json | 2 +- .../preview/2023-09-01-preview/Watchlists.json | 2 +- .../2023-09-01-preview/WorkspaceManagerAssignments.json | 2 +- .../2023-09-01-preview/WorkspaceManagerConfigurations.json | 2 +- .../preview/2023-09-01-preview/WorkspaceManagerGroups.json | 2 +- .../preview/2023-09-01-preview/WorkspaceManagerMembers.json | 2 +- .../preview/2023-09-01-preview/common/AlertTypes.json | 2 +- .../preview/2023-09-01-preview/common/ContentCommonTypes.json | 2 +- .../preview/2023-09-01-preview/common/EntityTypes.json | 2 +- .../preview/2023-09-01-preview/common/IncidentTypes.json | 2 +- .../preview/2023-09-01-preview/common/RelationTypes.json | 2 +- .../2023-09-01-preview/common/ThreatIntelligenceTypes.json | 2 +- .../preview/2023-09-01-preview/dataConnectorDefinitions.json | 2 +- .../preview/2023-09-01-preview/dataConnectors.json | 2 +- .../examples/actions/CreateActionOfAlertRule.json | 2 +- .../examples/actions/DeleteActionOfAlertRule.json | 2 +- .../examples/actions/GetActionOfAlertRuleById.json | 2 +- .../examples/actions/GetAllActionsByAlertRule.json | 2 +- .../examples/alertRuleTemplates/GetAlertRuleTemplateById.json | 2 +- .../examples/alertRuleTemplates/GetAlertRuleTemplates.json | 2 +- .../examples/alertRules/CreateFusionAlertRule.json | 2 +- .../CreateFusionAlertRuleWithFusionScenarioExclusion.json | 2 +- .../CreateMicrosoftSecurityIncidentCreationAlertRule.json | 2 +- .../examples/alertRules/CreateNrtAlertRule.json | 2 +- .../examples/alertRules/CreateScheduledAlertRule.json | 2 +- .../examples/alertRules/DeleteAlertRule.json | 2 +- .../examples/alertRules/GetAllAlertRules.json | 2 +- .../examples/alertRules/GetFusionAlertRule.json | 2 +- .../GetMicrosoftSecurityIncidentCreationAlertRule.json | 2 +- .../examples/alertRules/GetNrtAlertRule.json | 2 +- .../examples/alertRules/GetScheduledAlertRule.json | 2 +- .../automationRules/AutomationRules_CreateOrUpdate.json | 2 +- .../examples/automationRules/AutomationRules_Delete.json | 2 +- .../examples/automationRules/AutomationRules_Get.json | 2 +- .../examples/automationRules/AutomationRules_List.json | 2 +- .../examples/billingStatistics/GetAllBillingStatistics.json | 2 +- .../examples/billingStatistics/GetBillingStatistic.json | 2 +- .../2023-09-01-preview/examples/bookmarks/CreateBookmark.json | 2 +- .../2023-09-01-preview/examples/bookmarks/DeleteBookmark.json | 2 +- .../examples/bookmarks/GetBookmarkById.json | 2 +- .../2023-09-01-preview/examples/bookmarks/GetBookmarks.json | 2 +- .../examples/bookmarks/expand/PostExpandBookmark.json | 2 +- .../examples/bookmarks/relations/CreateBookmarkRelation.json | 2 +- .../examples/bookmarks/relations/DeleteBookmarkRelation.json | 2 +- .../examples/bookmarks/relations/GetAllBookmarkRelations.json | 2 +- .../bookmarks/relations/GetBookmarkRelationByName.json | 2 +- .../examples/contentPackages/GetPackageById.json | 2 +- .../examples/contentPackages/GetPackages.json | 2 +- .../examples/contentPackages/GetProductPackageById.json | 2 +- .../examples/contentPackages/GetProductPackages.json | 2 +- .../examples/contentPackages/InstallPackage.json | 2 +- .../examples/contentPackages/UninstallPackage.json | 2 +- .../examples/contentTemplates/DeleteTemplate.json | 2 +- .../examples/contentTemplates/GetProductTemplateById.json | 2 +- .../examples/contentTemplates/GetProductTemplates.json | 2 +- .../examples/contentTemplates/GetTemplateById.json | 2 +- .../examples/contentTemplates/GetTemplates.json | 2 +- .../examples/contentTemplates/InstallTemplate.json | 2 +- .../CreateCustomizableDataConnectorDefinition.json | 2 +- .../DeleteDataConnectorDefinitionById.json | 2 +- .../GetCustomizableDataConnectoeDefinitionById.json | 2 +- .../dataConnectorDefinitions/GetDataConnectorDefinitions.json | 2 +- .../dataConnectors/CheckRequirementsAzureActiveDirectory.json | 2 +- .../CheckRequirementsAzureActiveDirectoryNoAuthorization.json | 2 +- .../CheckRequirementsAzureActiveDirectoryNoLicense.json | 2 +- .../dataConnectors/CheckRequirementsAzureSecurityCenter.json | 2 +- .../examples/dataConnectors/CheckRequirementsDynamics365.json | 2 +- .../examples/dataConnectors/CheckRequirementsIoT.json | 2 +- .../examples/dataConnectors/CheckRequirementsMdatp.json | 2 +- .../CheckRequirementsMicrosoftCloudAppSecurity.json | 2 +- ...heckRequirementsMicrosoftPurviewInformationProtection.json | 2 +- .../CheckRequirementsMicrosoftThreatIntelligence.json | 2 +- .../CheckRequirementsMicrosoftThreatProtection.json | 2 +- .../dataConnectors/CheckRequirementsOffice365Project.json | 2 +- .../examples/dataConnectors/CheckRequirementsOfficeATP.json | 2 +- .../examples/dataConnectors/CheckRequirementsOfficeIRM.json | 2 +- .../dataConnectors/CheckRequirementsOfficePowerBI.json | 2 +- .../dataConnectors/CheckRequirementsThreatIntelligence.json | 2 +- .../CheckRequirementsThreatIntelligenceTaxii.json | 2 +- .../examples/dataConnectors/ConnectAPIPolling.json | 2 +- .../examples/dataConnectors/ConnectAPIPollingV2Logs.json | 2 +- .../examples/dataConnectors/CreateAPIPolling.json | 2 +- .../dataConnectors/CreateDynamics365DataConnetor.json | 2 +- .../examples/dataConnectors/CreateGenericUI.json | 2 +- .../examples/dataConnectors/CreateGoogleCloudPlatform.json | 2 +- ...eateMicrosoftPurviewInformationProtectionDataConnetor.json | 2 +- .../CreateMicrosoftThreatIntelligenceDataConnector.json | 2 +- .../CreateMicrosoftThreatProtectionDataConnetor.json | 2 +- .../dataConnectors/CreateOffice365ProjectDataConnetor.json | 2 +- .../examples/dataConnectors/CreateOfficeDataConnetor.json | 2 +- .../dataConnectors/CreateOfficePowerBIDataConnector.json | 2 +- .../dataConnectors/CreateThreatIntelligenceDataConnector.json | 2 +- .../CreateThreatIntelligenceTaxiiDataConnector.json | 2 +- .../examples/dataConnectors/DeleteAPIPolling.json | 2 +- .../examples/dataConnectors/DeleteGenericUI.json | 2 +- .../examples/dataConnectors/DeleteGoogleCloudPlatform.json | 2 +- ...leteMicrosoftPurviewInformationProtectionDataConnetor.json | 2 +- .../DeleteMicrosoftThreatIntelligenceDataConnector.json | 2 +- .../dataConnectors/DeleteOffice365ProjectDataConnetor.json | 2 +- .../examples/dataConnectors/DeleteOfficeDataConnetor.json | 2 +- .../dataConnectors/DeleteOfficePowerBIDataConnetor.json | 2 +- .../examples/dataConnectors/DisconnectAPIPolling.json | 2 +- .../examples/dataConnectors/GetAPIPolling.json | 2 +- .../dataConnectors/GetAmazonWebServicesCloudTrailById.json | 2 +- .../examples/dataConnectors/GetAmazonWebServicesS3ById.json | 2 +- .../examples/dataConnectors/GetAzureActiveDirectoryById.json | 2 +- .../dataConnectors/GetAzureAdvancedThreatProtectionById.json | 2 +- .../examples/dataConnectors/GetAzureSecurityCenterById.json | 2 +- .../examples/dataConnectors/GetDataConnectors.json | 2 +- .../dataConnectors/GetDynamics365DataConnectorById.json | 2 +- .../examples/dataConnectors/GetGenericUI.json | 2 +- .../examples/dataConnectors/GetGoogleCloudPlatformById.json | 2 +- .../examples/dataConnectors/GetIoTById.json | 2 +- .../dataConnectors/GetMicrosoftCloudAppSecurityById.json | 2 +- .../GetMicrosoftDefenderAdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetMicrosoftInsiderRiskManagementById.json | 2 +- ...MicrosoftPurviewInformationProtectionDataConnetorById.json | 2 +- .../dataConnectors/GetMicrosoftThreatIntelligenceById.json | 2 +- .../dataConnectors/GetMicrosoftThreatProtectionById.json | 2 +- .../GetOffice365AdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetOffice365ProjectDataConnetorById.json | 2 +- .../examples/dataConnectors/GetOfficeDataConnetorById.json | 2 +- .../dataConnectors/GetOfficePowerBIDataConnetorById.json | 2 +- .../examples/dataConnectors/GetThreatIntelligenceById.json | 2 +- .../dataConnectors/GetThreatIntelligenceTaxiiById.json | 2 +- .../examples/enrichment/GetGeodataByIp.json | 2 +- .../examples/enrichment/GetWhoisByDomainName.json | 2 +- .../examples/entities/GetAccountEntityById.json | 2 +- .../examples/entities/GetAzureResourceEntityById.json | 2 +- .../examples/entities/GetCloudApplicationEntityById.json | 2 +- .../examples/entities/GetDnsEntityById.json | 2 +- .../2023-09-01-preview/examples/entities/GetEntities.json | 2 +- .../examples/entities/GetFileEntityById.json | 2 +- .../examples/entities/GetFileHashEntityById.json | 2 +- .../examples/entities/GetHostEntityById.json | 2 +- .../examples/entities/GetIoTDeviceEntityById.json | 2 +- .../2023-09-01-preview/examples/entities/GetIpEntityById.json | 2 +- .../examples/entities/GetMailClusterEntityById.json | 2 +- .../examples/entities/GetMailMessageEntityById.json | 2 +- .../examples/entities/GetMailboxEntityById.json | 2 +- .../examples/entities/GetMalwareEntityById.json | 2 +- .../examples/entities/GetProcessEntityById.json | 2 +- .../2023-09-01-preview/examples/entities/GetQueries.json | 2 +- .../examples/entities/GetRegistryKeyEntityById.json | 2 +- .../examples/entities/GetRegistryValueEntityById.json | 2 +- .../examples/entities/GetSecurityAlertEntityById.json | 2 +- .../examples/entities/GetSecurityGroupEntityById.json | 2 +- .../examples/entities/GetSubmissionMailEntityById.json | 2 +- .../examples/entities/GetUrlEntityById.json | 2 +- .../examples/entities/expand/PostExpandEntity.json | 2 +- .../examples/entities/insights/PostGetInsights.json | 2 +- .../examples/entities/relations/GetAllEntityRelations.json | 2 +- .../examples/entities/relations/GetEntityRelationByName.json | 2 +- .../examples/entities/timeline/PostTimelineEntity.json | 2 +- .../examples/entityQueries/CreateEntityQueryActivity.json | 2 +- .../examples/entityQueries/DeleteEntityQuery.json | 2 +- .../examples/entityQueries/GetActivityEntityQueryById.json | 2 +- .../examples/entityQueries/GetEntityQueries.json | 2 +- .../examples/entityQueries/GetExpansionEntityQueryById.json | 2 +- .../GetActivityEntityQueryTemplateById.json | 2 +- .../entityQueryTemplates/GetEntityQueryTemplates.json | 2 +- .../examples/fileImports/CreateFileImport.json | 2 +- .../examples/fileImports/DeleteFileImport.json | 2 +- .../examples/fileImports/GetFileImportById.json | 2 +- .../examples/fileImports/GetFileImports.json | 2 +- .../preview/2023-09-01-preview/examples/hunts/CreateHunt.json | 2 +- .../2023-09-01-preview/examples/hunts/CreateHuntComment.json | 2 +- .../2023-09-01-preview/examples/hunts/CreateHuntRelation.json | 2 +- .../preview/2023-09-01-preview/examples/hunts/DeleteHunt.json | 2 +- .../2023-09-01-preview/examples/hunts/DeleteHuntComment.json | 2 +- .../2023-09-01-preview/examples/hunts/DeleteHuntRelation.json | 2 +- .../2023-09-01-preview/examples/hunts/GetHuntById.json | 2 +- .../2023-09-01-preview/examples/hunts/GetHuntCommentById.json | 2 +- .../2023-09-01-preview/examples/hunts/GetHuntComments.json | 2 +- .../examples/hunts/GetHuntRelationById.json | 2 +- .../2023-09-01-preview/examples/hunts/GetHuntRelations.json | 2 +- .../preview/2023-09-01-preview/examples/hunts/GetHunts.json | 2 +- .../incidents/IncidentAlerts/Incidents_ListAlerts.json | 2 +- .../incidents/IncidentBookmarks/Incidents_ListBookmarks.json | 2 +- .../IncidentComments/IncidentComments_CreateOrUpdate.json | 2 +- .../incidents/IncidentComments/IncidentComments_Delete.json | 2 +- .../incidents/IncidentComments/IncidentComments_Get.json | 2 +- .../incidents/IncidentComments/IncidentComments_List.json | 2 +- .../incidents/IncidentEntities/Incidents_ListEntities.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_Delete.json | 2 +- .../examples/incidents/IncidentTasks/IncidentTasks_Get.json | 2 +- .../examples/incidents/IncidentTasks/IncidentTasks_List.json | 2 +- .../examples/incidents/IncidentTeam/Incidents_CreateTeam.json | 2 +- .../examples/incidents/Incidents_CreateOrUpdate.json | 2 +- .../examples/incidents/Incidents_Delete.json | 2 +- .../2023-09-01-preview/examples/incidents/Incidents_Get.json | 2 +- .../2023-09-01-preview/examples/incidents/Incidents_List.json | 2 +- .../examples/incidents/relations/CreateIncidentRelation.json | 2 +- .../examples/incidents/relations/DeleteIncidentRelation.json | 2 +- .../examples/incidents/relations/GetAllIncidentRelations.json | 2 +- .../incidents/relations/GetIncidentRelationByName.json | 2 +- .../examples/manualTrigger/Entities_RunPlaybook.json | 2 +- .../examples/manualTrigger/Incidents_RunPlaybook.json | 2 +- .../2023-09-01-preview/examples/metadata/DeleteMetadata.json | 2 +- .../2023-09-01-preview/examples/metadata/GetAllMetadata.json | 2 +- .../examples/metadata/GetAllMetadataOData.json | 2 +- .../2023-09-01-preview/examples/metadata/GetMetadata.json | 2 +- .../2023-09-01-preview/examples/metadata/PatchMetadata.json | 2 +- .../2023-09-01-preview/examples/metadata/PutMetadata.json | 2 +- .../examples/metadata/PutMetadataMinimal.json | 2 +- .../examples/officeConsents/DeleteOfficeConsents.json | 2 +- .../examples/officeConsents/GetOfficeConsents.json | 2 +- .../examples/officeConsents/GetOfficeConsentsById.json | 2 +- .../onboardingStates/CreateSentinelOnboardingState.json | 2 +- .../onboardingStates/DeleteSentinelOnboardingState.json | 2 +- .../onboardingStates/GetAllSentinelOnboardingStates.json | 2 +- .../examples/onboardingStates/GetSentinelOnboardingState.json | 2 +- .../examples/operations/ListOperations.json | 2 +- .../examples/recommendations/GetRecommendation.json | 2 +- .../examples/recommendations/GetRecommendations.json | 2 +- .../examples/recommendations/PatchRecommendation.json | 4 ++-- .../examples/repositories/GetRepositories.json | 2 +- .../CreateAnomalySecurityMLAnalyticsSetting.json | 2 +- .../DeleteSecurityMLAnalyticsSetting.json | 2 +- .../GetAllSecurityMLAnalyticsSettings.json | 2 +- .../GetAnomalySecurityMLAnalyticsSetting.json | 2 +- .../examples/settings/DeleteEyesOnSetting.json | 2 +- .../2023-09-01-preview/examples/settings/GetAllSettings.json | 2 +- .../examples/settings/GetEyesOnSetting.json | 2 +- .../examples/settings/UpdateEyesOnSetting.json | 2 +- .../examples/sourcecontrols/CreateSourceControl.json | 2 +- .../examples/sourcecontrols/DeleteSourceControl.json | 2 +- .../examples/sourcecontrols/GetSourceControlById.json | 2 +- .../examples/sourcecontrols/GetSourceControls.json | 2 +- .../threatintelligence/AppendTagsThreatIntelligence.json | 2 +- .../threatintelligence/CollectThreatIntelligenceMetrics.json | 2 +- .../examples/threatintelligence/CreateThreatIntelligence.json | 2 +- .../examples/threatintelligence/DeleteThreatIntelligence.json | 2 +- .../examples/threatintelligence/GetThreatIntelligence.json | 2 +- .../threatintelligence/GetThreatIntelligenceById.json | 2 +- .../examples/threatintelligence/QueryThreatIntelligence.json | 2 +- .../threatintelligence/ReplaceTagsThreatIntelligence.json | 2 +- .../examples/threatintelligence/UpdateThreatIntelligence.json | 2 +- .../triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json | 4 ++-- .../triggeredAnalyticsRuleRun_Get.json | 2 +- .../triggeredAnalyticsRuleRuns_Get.json | 2 +- .../examples/watchlists/CreateWatchlist.json | 2 +- .../examples/watchlists/CreateWatchlistAndWatchlistItems.json | 2 +- .../examples/watchlists/CreateWatchlistItem.json | 2 +- .../examples/watchlists/DeleteWatchlist.json | 4 ++-- .../examples/watchlists/DeleteWatchlistItem.json | 2 +- .../examples/watchlists/GetWatchlistByAlias.json | 2 +- .../examples/watchlists/GetWatchlistItemById.json | 2 +- .../examples/watchlists/GetWatchlistItems.json | 2 +- .../2023-09-01-preview/examples/watchlists/GetWatchlists.json | 2 +- .../examples/workspaceManagerAssignments/CreateJob.json | 2 +- .../CreateOrUpdateWorkspaceManagerAssignment.json | 2 +- .../examples/workspaceManagerAssignments/DeleteJob.json | 2 +- .../DeleteWorkspaceManagerAssignment.json | 2 +- .../examples/workspaceManagerAssignments/GetAllJobs.json | 2 +- .../GetAllWorkspaceManagerAssignments.json | 2 +- .../examples/workspaceManagerAssignments/GetJob.json | 2 +- .../GetWorkspaceManagerAssignment.json | 2 +- .../CreateOrUpdateWorkspaceManagerConfiguration.json | 2 +- .../DeleteWorkspaceManagerConfiguration.json | 2 +- .../GetAllWorkspaceManagerConfigurations.json | 2 +- .../GetWorkspaceManagerConfiguration.json | 2 +- .../CreateOrUpdateWorkspaceManagerGroup.json | 2 +- .../workspaceManagerGroups/DeleteWorkspaceManagerGroup.json | 2 +- .../workspaceManagerGroups/GetAllWorkspaceManagerGroups.json | 2 +- .../workspaceManagerGroups/GetWorkspaceManagerGroup.json | 2 +- .../CreateOrUpdateWorkspaceManagerMember.json | 2 +- .../workspaceManagerMembers/DeleteWorkspaceManagerMember.json | 2 +- .../GetAllWorkspaceManagerMembers.json | 2 +- .../workspaceManagerMembers/GetWorkspaceManagerMember.json | 2 +- .../preview/2023-09-01-preview/operations.json | 2 +- 295 files changed, 298 insertions(+), 298 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AlertRules.json index 02c8027cd949..5d799b33f638 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AlertRules.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AutomationRules.json index 83979c6e249d..2138ecb7e7c7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/AutomationRules.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/BillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/BillingStatistics.json index 5a8b33780072..46c9c60cf1a5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/BillingStatistics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/BillingStatistics.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Bookmarks.json index 65437ece6726..2531ac3a24de 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Bookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Bookmarks.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentPackages.json index 1338ba30ed12..1d4f1088115e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentPackages.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductPackages.json index 8fcfc2ecd4f8..f018cc9afba5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductPackages.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductTemplates.json index 03b04dee41e3..8bd9b377413d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentProductTemplates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentTemplates.json index 25b755bb3b2e..87478176d40e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ContentTemplates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Enrichment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Enrichment.json index 884ec500cb6d..fbf609562792 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Enrichment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Enrichment.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Entities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Entities.json index 66d96f6bff0a..44c884f4c857 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Entities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Entities.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueries.json index 0af3d5760fc8..b8b91863a1af 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueries.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueryTemplates.json index 2f9e51947faa..04c35e21d6f6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueryTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/EntityQueryTemplates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/FileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/FileImports.json index 2a970b073439..f4e1755ea170 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/FileImports.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/FileImports.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Hunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Hunts.json index 56c25483a2fe..adfa82494451 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Hunts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Hunts.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Incidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Incidents.json index 85fdc88aae83..15d817a6ab87 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Incidents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Incidents.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Metadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Metadata.json index 104c95c2f64f..58de0c2f543a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Metadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Metadata.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OfficeConsents.json index d61b94f5a6db..60970af40708 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OfficeConsents.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OnboardingStates.json index b6e9d528ed9d..d175c1545be5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OnboardingStates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/OnboardingStates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Recommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Recommendations.json index 38df528e8619..2664cd8b4d21 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Recommendations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Recommendations.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SecurityMLAnalyticsSettings.json index e7649b5e7202..efdb93aa4f09 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SecurityMLAnalyticsSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SecurityMLAnalyticsSettings.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Settings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Settings.json index 306672b77c78..8556d1e67785 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Settings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Settings.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SourceControls.json index 0e9b63882cb1..af73eeedee24 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/SourceControls.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ThreatIntelligence.json index f1235eabb35b..8c8dfeacd197 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/ThreatIntelligence.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/TriggeredAnalyticsRuleRuns.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/TriggeredAnalyticsRuleRuns.json index 17062f0f2d2c..857932779c69 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/TriggeredAnalyticsRuleRuns.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/TriggeredAnalyticsRuleRuns.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Watchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Watchlists.json index 38dd5f14db96..d8dcd21f4fb4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Watchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/Watchlists.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerAssignments.json index fde484db8625..4584e1c4b44b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerAssignments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerAssignments.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerConfigurations.json index ab8b91b6b747..c5b86f43a85f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerConfigurations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerConfigurations.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerGroups.json index 1045b0baad5f..7dcb020f4bad 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerGroups.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerGroups.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerMembers.json index a31d5ac0d0e1..42e2c5fb4c9c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerMembers.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/WorkspaceManagerMembers.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/AlertTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/AlertTypes.json index 559735ed160f..3cb89778380f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/AlertTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/AlertTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-08-01-preview", + "version": "2023-09-01-preview", "title": "Common Alert types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ContentCommonTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ContentCommonTypes.json index 5b4aa02c1ede..1b56607ea476 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ContentCommonTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ContentCommonTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-08-01-preview", + "version": "2023-09-01-preview", "title": "Common content metadata types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/EntityTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/EntityTypes.json index 0832016148ca..29c02cd5503d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/EntityTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/EntityTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-08-01-preview", + "version": "2023-09-01-preview", "title": "Common Entity types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/IncidentTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/IncidentTypes.json index 14a806c690eb..5daa844dcd81 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/IncidentTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/IncidentTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-08-01-preview", + "version": "2023-09-01-preview", "title": "Common Incident types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/RelationTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/RelationTypes.json index 89961de0855f..9ace459c99f3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/RelationTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/RelationTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-08-01-preview", + "version": "2023-09-01-preview", "title": "Common Relation types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ThreatIntelligenceTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ThreatIntelligenceTypes.json index ddb2849a0d38..832f9b943f6c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ThreatIntelligenceTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/common/ThreatIntelligenceTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-08-01-preview", + "version": "2023-09-01-preview", "title": "Common Relation types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectorDefinitions.json index ee95e9c2f4ba..094bcead32fb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectorDefinitions.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectors.json index 8ec92c639d81..52fb37bdac01 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectors.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/CreateActionOfAlertRule.json index 6a8ffcc755bf..5755265bdc00 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/CreateActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/CreateActionOfAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/DeleteActionOfAlertRule.json index cb1745e49917..63cd57207758 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/DeleteActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/DeleteActionOfAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetActionOfAlertRuleById.json index e8947fbef382..437df43477f0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetActionOfAlertRuleById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetActionOfAlertRuleById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetAllActionsByAlertRule.json index 2377223a01be..9119826114b3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetAllActionsByAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/actions/GetAllActionsByAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json index 7e57d40e1489..fe9a9569e00c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json index 2604c595cf4c..25af577a0cea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRule.json index 0f3497ae635f..a464d77ef862 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json index 0875f585d958..be8c8ad7a23c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json index 5a3389b73d73..6b51eaa0b3f4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateNrtAlertRule.json index 83a8089fe661..d6b02c03ed09 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateNrtAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json index 0a1828d1aafc..e5576f7edbb3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/DeleteAlertRule.json index dfdad4fc526e..f057cefab2e1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/DeleteAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/DeleteAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetAllAlertRules.json index 8159812cf772..8ab228dbdbf4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetAllAlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetAllAlertRules.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetFusionAlertRule.json index 63abd1838c02..6a442cc680f7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetFusionAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json index 671a299c0bdd..e4c0c6ca72ee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetNrtAlertRule.json index 645bfc5f57e6..85b9857624ed 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetNrtAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetScheduledAlertRule.json index 28321c9cdbc5..6a2333afb809 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/alertRules/GetScheduledAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index af00b7accd66..dd65dcb46af5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Delete.json index 72c7564e69bc..78b480b1601b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Get.json index c7d47782bb3e..7b8803c70cb2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_List.json index c46ffa938bdc..0c7ddbcf4415 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/automationRules/AutomationRules_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetAllBillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetAllBillingStatistics.json index 4ce5118264b5..260fde7db92c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetAllBillingStatistics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetAllBillingStatistics.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetBillingStatistic.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetBillingStatistic.json index 704f8a5a4924..07189a3aaec2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetBillingStatistic.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/billingStatistics/GetBillingStatistic.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/CreateBookmark.json index da224b490e6a..91f903df4698 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/CreateBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/CreateBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/DeleteBookmark.json index 91513ab15067..34665d114dab 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/DeleteBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/DeleteBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarkById.json index dbdf83056c6c..03fa481946e5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarkById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarkById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarks.json index 674aa453e01e..65e54d684be1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/GetBookmarks.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json index 720674e041d9..4b3dcfbf9f4e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json index 52ac92ca28f8..30ac3b3efa2a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json index f83cd45b628d..b8df22782d74 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json index 50b06b539c30..ae80cc8c49d1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json index 24096444f81c..9b7a808341dd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackageById.json index 653196e3886d..784acabe6c36 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackageById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackages.json index 24b108b8cd7b..8cc2453668ef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetPackages.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackageById.json index b232b4ca2984..c862f21c7523 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackageById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackages.json index 5039238a34f7..029f47e71415 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/GetProductPackages.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/InstallPackage.json index 1a5d720792ac..66a12239b696 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/InstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/InstallPackage.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/UninstallPackage.json index 6022341d36bd..ce69839dca66 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/UninstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentPackages/UninstallPackage.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/DeleteTemplate.json index ebcb6051f25f..4db18824c70f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/DeleteTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/DeleteTemplate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplateById.json index 2f5d42aed12b..4abb6c8091f9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplates.json index eaf6203176e2..491a10276933 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetProductTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplateById.json index 1160cf036593..2ba98409e06f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplates.json index aed5306b01ac..3d90ba97e2f0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/GetTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/InstallTemplate.json index b4a53a10f5dc..a349d6c39baf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/InstallTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/contentTemplates/InstallTemplate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json index d6f82fa3edde..4a7e55e819ac 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json index 24e253859d80..df6440f04add 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json index 1710da620b9d..8e8b01267d91 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json index 3dcf53a96b5a..341d6199a191 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json index da4e7a0eb4e2..e437ec72711a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json index da4e7a0eb4e2..e437ec72711a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json index da4e7a0eb4e2..e437ec72711a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json index 23083fd655c7..a31e2954d481 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json index 25cce49cfbe6..94aa9bb5b60b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsIoT.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsIoT.json index a094deef8c94..031a0a971807 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsIoT.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsIoT.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json index cad8c6cd68c8..99bb030c0f2b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json index cad8c6cd68c8..99bb030c0f2b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json index 1fdaba4134bb..2bd286ba9f38 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json index e570cf8e6948..b375ff4d6483 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json index 08f38b429782..4480e2a1244b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json index ab6cdbc6b3d1..9b07d71235ab 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json index e0dfbc169c62..e4d73014eb00 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json index b30ac167941c..7897957eb054 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json index bc83f3386323..69d4924d1203 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json index f3ecbcee1555..c500738d8702 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json index 37e1a1a92d75..d145e31d70a1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json index 5d64190c240e..3e7833cf7c5f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json index a0c596c7d2f3..30de8cf68731 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateAPIPolling.json index 95261a8f591e..2546ea7ce5f8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json index 4cc49b5aeac2..5e81d260c748 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGenericUI.json index b6ba8ef6699c..e372faf6112b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json index d1aa3dda4038..55b2179ae246 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json index 09073750ed03..714a0da42f7a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json index fec7b6e06d43..f01b8ba00364 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json index f2519b0dcc25..27a99a85f339 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json index d49595d802dd..e2b1824e2d16 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json index 97534bbd6ead..c094b22fdda2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json index 81d870d7e16f..d6af2cc42cc4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json index 30843c4a98ae..18ede124a18f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json index 5e7570c5c47c..2b7fca9c209c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json index 916d2ccf59b6..65f335a62a70 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGenericUI.json index 916d2ccf59b6..65f335a62a70 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json index 9274c24e58af..e0dac8c7208d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json index bc15b0266776..672bb19ccc85 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json index 5dfa550aad13..816039e5fc1e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json index bc15b0266776..672bb19ccc85 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json index bc15b0266776..672bb19ccc85 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json index bc15b0266776..672bb19ccc85 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json index b414bc3c7a15..45fb56fbff09 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAPIPolling.json index 1cb0b6f667e5..286ce67b25a7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json index 1c1acd07464f..09d3303a3d8d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json index 779d2c62c2bb..a45891d5f9a7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json index 6de2e94a9c70..29524857db48 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json index 74e723534d16..eb3ec118d451 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json index bdbe7d7166e5..570a660e4643 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDataConnectors.json index 843617a4ea3b..b81f08c8c6d2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json index bca676481359..2d03315f2bd7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGenericUI.json index e979d3221a49..12f09116c32b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json index 858e7132acbb..5fad300dcd5b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetIoTById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetIoTById.json index 47ae342f2ad2..f9ddbf056bb6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetIoTById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetIoTById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json index 57f5181ec518..ee57e4c6638a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json index 29202b598005..b2f6d80a470f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json index bf24c778b435..fd9e6037cddb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json index 02fc3802913e..acc90145655c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json index c7fbd6376996..a43f8abe72bb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json index 6268c5cc117d..2c0d3e5e3993 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json index 5319541ead8c..a19eefa3cc8e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json index 7fd531307873..38c68297b014 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json index 7c29448f045c..702b147fe1ff 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json index 5613a4249b24..63363ade4040 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json index f677010ee1fa..6143e53a26b1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json index 9b9ee3d74728..1f68b44f110b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetGeodataByIp.json index ac42c010212e..ea71a73024a9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetGeodataByIp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetGeodataByIp.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "ipAddress": "1.2.3.4" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetWhoisByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetWhoisByDomainName.json index 41a6fdd4a423..b69065caf7c3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetWhoisByDomainName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/enrichment/GetWhoisByDomainName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "domain": "microsoft.com" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAccountEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAccountEntityById.json index ec76a5a0c048..9bf1fffb9e01 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAccountEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAccountEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAzureResourceEntityById.json index 65f9ac45047a..008ec3393fdc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAzureResourceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetAzureResourceEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetCloudApplicationEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetCloudApplicationEntityById.json index a93f31617fa3..967fdad88aa1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetCloudApplicationEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetCloudApplicationEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetDnsEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetDnsEntityById.json index 2d62afb62b18..e8ee4514c86a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetDnsEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetDnsEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetEntities.json index 84ce291f7cc2..f7be93c235ce 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetEntities.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileEntityById.json index 16196b7f49c7..115390796311 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileHashEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileHashEntityById.json index 13c3b8572214..8181ac42612c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileHashEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetFileHashEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetHostEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetHostEntityById.json index 9802e347e9ee..c4ae39a1e4bf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetHostEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetHostEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIoTDeviceEntityById.json index 44d368694943..4afa77f0ec85 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIoTDeviceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIpEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIpEntityById.json index ff996096dece..5377e956aca9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIpEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetIpEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailClusterEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailClusterEntityById.json index 8cc35485e101..646d7933a2b2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailClusterEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailClusterEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailMessageEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailMessageEntityById.json index dbed05cb24f3..221a39b6a9d4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailMessageEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailMessageEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailboxEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailboxEntityById.json index ef4ab0bb8f45..fb7571d1ae64 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailboxEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMailboxEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMalwareEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMalwareEntityById.json index 858fbc380894..7ba56c65732b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMalwareEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetMalwareEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetProcessEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetProcessEntityById.json index 39826e45126e..90c3ebb9395e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetProcessEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetProcessEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetQueries.json index 84b2fbfb527b..c7c4d24bef2c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetQueries.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryKeyEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryKeyEntityById.json index 34abe940d878..fe91c373405d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryKeyEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryKeyEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryValueEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryValueEntityById.json index 86f9151ca18a..f4f0a18feeea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryValueEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetRegistryValueEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityAlertEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityAlertEntityById.json index a747a060bc1f..3a02825cc871 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityAlertEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityAlertEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityGroupEntityById.json index 466c8b6e9493..3f3588dcbd0c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityGroupEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSecurityGroupEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSubmissionMailEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSubmissionMailEntityById.json index 7d89c1ddf93a..448f083ab7f8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSubmissionMailEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetSubmissionMailEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetUrlEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetUrlEntityById.json index 2af10388dcfd..6894cdbdf3fe 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetUrlEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/GetUrlEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/expand/PostExpandEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/expand/PostExpandEntity.json index 7f14a22d226f..176f826bd618 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/expand/PostExpandEntity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/expand/PostExpandEntity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/insights/PostGetInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/insights/PostGetInsights.json index 262c1487a6b1..2391078ee5d5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/insights/PostGetInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/insights/PostGetInsights.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetAllEntityRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetAllEntityRelations.json index 09686d206a0b..35ed9c59cddd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetAllEntityRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetAllEntityRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetEntityRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetEntityRelationByName.json index d58e62668067..9ed4cb00fa52 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetEntityRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/relations/GetEntityRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/timeline/PostTimelineEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/timeline/PostTimelineEntity.json index e598d975f87d..b88e4c341dd5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/timeline/PostTimelineEntity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entities/timeline/PostTimelineEntity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json index d5fcbd8016a7..d2b3be91a31b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/DeleteEntityQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/DeleteEntityQuery.json index c9e99753437e..af9fa196b779 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/DeleteEntityQuery.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/DeleteEntityQuery.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json index d518b50bbc5d..e7962e195637 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetEntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetEntityQueries.json index cd12753ae4a8..528f8bde47c0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetEntityQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetEntityQueries.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "kind": "Expansion", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json index e81889ef443f..555bb7f02956 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json index 3370a3d53286..24c328c2ac40 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json index 59139282f7ed..656a9c7402d4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "kind": "Activity", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/CreateFileImport.json index 164c37b1a9d5..b069066bdfb2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/CreateFileImport.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/CreateFileImport.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/DeleteFileImport.json index 3540b6685ef2..e0a002c8157a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/DeleteFileImport.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/DeleteFileImport.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImportById.json index e06a4856aa29..dce50a8217ef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImportById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImportById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImports.json index d94f9e2d2462..9fb527bcf1fc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImports.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/fileImports/GetFileImports.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHunt.json index bfd92ebb0c92..e126108dab62 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHunt.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHunt.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntComment.json index 7e1ae5ac5d27..7b7365912e83 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntComment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntRelation.json index 94f85df65ca1..ebed3f4998f7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/CreateHuntRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHunt.json index 55e17b6ae4fc..ba810d97f01e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHunt.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHunt.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntComment.json index 0a134e4582ed..e86c41d6735f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntComment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntRelation.json index e869b63a6da8..cb756b7c48b7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/DeleteHuntRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntById.json index feaeba7cef27..bf701358cba5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntCommentById.json index e8ed12d0e827..e08fd61811da 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntCommentById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntCommentById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntComments.json index 1c23af972fbf..ed0001a27b9c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntComments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntComments.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelationById.json index 6e4f219028e4..b93617eb2015 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelationById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelationById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelations.json index e774d2dfac4c..65bd29d6f1b9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHuntRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHunts.json index b0e15e7cd5de..412f930a8389 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHunts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/hunts/GetHunts.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json index 7f43934af733..9b876581eed2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json index a4949bffbff5..5184d084d200 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json index 2d48a5026824..2ff578f0e927 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json index 05a421f08f12..bd9381743344 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json index f8ec4dfd066f..b71c53efff48 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json index b34176b658c0..edee5ca7da05 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json index b6c167ce6d3c..68e9efa1f352 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json index 1ef36fd6cf7d..e68ddb21e747 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json index 639caba3a8bf..a8cc8df2b4fa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json index f61497e52893..f74e3738c85b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json index 0e72c0afd6d0..02847f210386 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json index 1d603067ddec..743b9e2969d2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_CreateOrUpdate.json index 0f85d70fdac1..beb1ab946244 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Delete.json index 40e6a77ecda7..2338dbf49145 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Get.json index 9369fd35ed53..4ea889657c26 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_List.json index d6e455d4865b..57f0056ef6bf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/Incidents_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json index f642ccfe72b5..7fdbd49095cb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json index 6d71495c719f..f68796779584 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json index 66f00dbcb91f..2ee77562bfef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json index 4eb856e18423..dc22c32aaa48 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Entities_RunPlaybook.json index bd710bcd9573..35e1dd7b820d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Entities_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Entities_RunPlaybook.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json index ad0cea37664b..f049caf64cf6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/DeleteMetadata.json index 2636023ef7a3..4b644adc53a5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/DeleteMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/DeleteMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadata.json index a1bb87858ae3..997e43f2ec09 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadataOData.json index 635542c29f7c..386fac473ac1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadataOData.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetAllMetadataOData.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetMetadata.json index 1918ebe9605b..f69f98b36b12 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/GetMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PatchMetadata.json index 2aca900eaa53..cf5451b34e51 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PatchMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PatchMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadata.json index 07d22616ffa7..7d907ee6a9ee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadataMinimal.json index 41ab51ce6b12..bdf1d5a812b5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadataMinimal.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/metadata/PutMetadataMinimal.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json index 68172c2b7239..715e1e5a9401 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsents.json index 1f882f131594..ec71401cf002 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsents.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json index e837992a102c..81267254cda2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json index 478ff35389d7..14a72a0c1dbb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json index 1ad72e5e5817..55386e46d5d6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json index 14a94aaacbfc..86a13e3c7392 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json index 63b06b21a1a7..66acb61726e1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/operations/ListOperations.json index af58cccc075a..2f258376212e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/operations/ListOperations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/operations/ListOperations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview" + "api-version": "2023-09-01-preview" }, "responses": { "200": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendation.json index cf61b186bb05..1b7331c896ce 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendations.json index c199966a01c4..0b0107f1e892 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/GetRecommendations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/PatchRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/PatchRecommendation.json index 0afaf2d76759..3a662647dfea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/PatchRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/recommendations/PatchRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -14,7 +14,7 @@ "responses": { "202": { "headers": { - "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/recommendations/6d4b54eb-8684-4aa3-a156-3aa37b8014bc?api-version=2023-08-01-preview" + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/recommendations/6d4b54eb-8684-4aa3-a156-3aa37b8014bc?api-version=2023-09-01-preview" }, "body": { "recommendationTypeId": "ThreatIntelligence_Example", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/repositories/GetRepositories.json index 82dfc973f2cb..dfb6ea193d65 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/repositories/GetRepositories.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/repositories/GetRepositories.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "repoType": "Github", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json index 9787f9d43a14..9d54c0d72979 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json index dd169bed2a64..4d500a46d332 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json index 6c703b52d5ec..be754f138f11 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json index 0b86d85c7116..9947ab322e92 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/DeleteEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/DeleteEyesOnSetting.json index c0499262937e..1e1ad703ba0e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/DeleteEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/DeleteEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetAllSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetAllSettings.json index 6bc3c6c8e9c7..0e6a3ed3b949 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetAllSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetAllSettings.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetEyesOnSetting.json index b6b3f4977815..4e4c3a845802 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/GetEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/UpdateEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/UpdateEyesOnSetting.json index f4a2ce002653..918eab1a3889 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/UpdateEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/settings/UpdateEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/CreateSourceControl.json index e224c7e72352..cd259c94d4aa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/CreateSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/CreateSourceControl.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json index 5c02bc30b494..64ec9fceb7bc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControlById.json index 80ed9f71117a..44d49fcff02d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControlById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControlById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControls.json index 343db3e243ec..53f76d0f5d12 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/sourcecontrols/GetSourceControls.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json index 1b47703871bb..9abf2fd1c457 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json index 3e576123a81f..9790f2c9706f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json index 2d8fc2ee4d53..56036a78c3a2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json index 05fa7c80a91e..fe486f3bf753 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json index b8577ce5ceba..44ddd2f05d6e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json index 78ad95e681e6..6588c46cf29c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json index 8207a16fe351..eb8aaaef66dc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json index b7d7381e90aa..971f239ad6cd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json index a7a53d425005..a246a817a015 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json index ed3660873405..6c23f2648a9e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -16,7 +16,7 @@ "headers": { "Code": "202", "Message": "Accepted", - "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2023-08-01-preview" + "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2023-09-01-preview" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json index aa6edbcdd745..8386f8f0e561 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json index 17b455253864..42f9fa3c39b6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlist.json index df593390b215..88cceddd72f3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlist.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json index 8b45f97eda71..5a2c538821be 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistItem.json index 337d06d48206..3b609218a339 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlist.json index a2387e1b8271..c982fb11f18e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlist.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -10,7 +10,7 @@ "responses": { "200": { "headers": { - "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2023-08-01-preview" + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2023-09-01-preview" } }, "204": {} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlistItem.json index fdcd035c0765..72c338aaba2d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistByAlias.json index 7acc168cbd9c..7dc93bb4270d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistByAlias.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistByAlias.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItemById.json index aebdffd2aa03..02d17be8cec5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItemById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItemById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItems.json index eb9df1b2c33a..b70d29f863f9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlistItems.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlists.json index 0151335e5644..7a86e436df28 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/watchlists/GetWatchlists.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateJob.json index 332563db8e0b..de3a361b1af8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json index 69183e366ff5..3ae27a29b5e1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteJob.json index 3eed8e514dfb..f7549fb4c9e1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json index 0c1d895733e6..20b1f118e3e7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json index 6f88c8c0da71..a37b79483e4d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json index a9020e1a03a6..0bbaa4c91c72 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetJob.json index 79f417a2fed4..781549669253 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json index 2fc2663161dc..2875b7b24cdb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json index 41bc71735e2b..90c53fa17add 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json index ca8d2d3089c0..4b6146a762e1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json index e994520ea300..ebdb93c67d28 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json index d3634df943ba..e9952d7f412c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json index 3e4dce3adcef..55bd8ddaa0af 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json index f5a54dff69c6..2d427d690d86 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json index f752660deedc..6f2cfd7cabd1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json index e0603dfe2547..2ee9d7d37bac 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json index 14b5f69b4d50..d40f9960f7f4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json index 508c53deb7ac..3b84f7007dcf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json index 38b805ae086c..7da889d7123f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json index 30757367552f..7daf0a35b448 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-08-01-preview", + "api-version": "2023-09-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/operations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/operations.json index fc967c4e5df5..fcac6b8cef26 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/operations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-09-01-preview/operations.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-08-01-preview" + "version": "2023-09-01-preview" }, "host": "management.azure.com", "schemes": [