diff --git a/custom-words.txt b/custom-words.txt index 563283df46c7..06c5116f6d2e 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -1524,3 +1524,5 @@ Turbonomic Zerto Corent Carbonite +AATP +MDATP diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index a8ac7197c422..bc81cff629ea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -927,6 +927,12 @@ }, "Get an AwsCloudTrail data connector.": { "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an AATP data connector.": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" } }, "tags": [ @@ -2228,7 +2234,9 @@ "MicrosoftCloudAppSecurity", "ThreatIntelligence", "Office365", - "AmazonWebServicesCloudTrail" + "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection" ], "x-ms-enum": { "name": "DataConnectorKind", @@ -2251,6 +2259,12 @@ }, { "value": "AmazonWebServicesCloudTrail" + }, + { + "value": "AzureAdvancedThreatProtection" + }, + { + "value": "MicrosoftDefenderAdvancedThreatProtection" } ] } @@ -2497,6 +2511,86 @@ "MCASDataConnectorProperties": { "type": "object", "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }], + "properties": { + "dataTypes": { + "description": "The available data types for the connector.", + "$ref": "#/definitions/MCASDataConnectorDataTypes" + } + } + }, + "MCASDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + }], + "properties": + { + "discoveryLogs": { + "type": "object", + "description": "Discovery log data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + } + } + }, + "AATPDataConnector": { + "x-ms-discriminator-value": "AzureAdvancedThreatProtection", + "type": "object", + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "$ref": "#/definitions/AATPDataConnectorProperties" + } + } + }, + "AATPDataConnectorProperties": { + "type": "object", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ] + }, + "MDATPDataConnector": { + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection", + "type": "object", + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "$ref": "#/definitions/MDATPDataConnectorProperties" + } + } + }, + "MDATPDataConnectorProperties": { + "type": "object", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", "allOf": [ { "$ref": "#/definitions/DataConnectorTenantId" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json index b8153e3fe5bb..75f4881d320e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -4,7 +4,7 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" }, "responses": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..642d47eb08d1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json index a60bbb7918a5..443c7a28c8af 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -4,14 +4,14 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights" + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" }, "responses": { "200": { "body": { "value": [ { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "AzureSecurityCenter", @@ -26,7 +26,7 @@ } }, { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "ThreatIntelligence", @@ -41,7 +41,7 @@ } }, { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "AzureActiveDirectory", @@ -56,7 +56,7 @@ } }, { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "Office365", @@ -74,7 +74,7 @@ } }, { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "MicrosoftCloudAppSecurity", @@ -84,10 +84,58 @@ "dataTypes": { "alerts": { "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" } } } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } } + } ] } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json index f5f114c4f687..b95ac0e2a512 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -4,13 +4,13 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" }, "responses": { "200": { "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "MicrosoftCloudAppSecurity", @@ -20,6 +20,9 @@ "dataTypes": { "alerts": { "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..699853dda0f4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +}