From 9a47b67c7b324c1290cfff0c4ed2ce6227eb6006 Mon Sep 17 00:00:00 2001 From: Rotem Herzberg Date: Thu, 11 Jul 2019 16:39:17 +0300 Subject: [PATCH 1/7] New data connector kinds (MicrosoftDefenderAdvancedThreatProtection & AzureAdvancedThreatProtection) and added discovery logs to MicrosoftCloudAppSecurity. --- .../2019-01-01-preview/SecurityInsights.json | 153 +++++++++++++++++- .../GetAmazonWebServicesCloudTrailById.json | 29 ++++ .../GetAzureAdvancedThreatProtectionById.json | 29 ++++ .../dataConnectors/GetDataConnectors.json | 60 ++++++- .../GetMicrosoftCloudAppSecurityById.json | 7 +- ...tDefenderAdvancedThreatProtectionById.json | 29 ++++ 6 files changed, 298 insertions(+), 9 deletions(-) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 10ef339a3725..a96620b9d5c0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -924,6 +924,15 @@ }, "Get an AAD data connector.": { "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" + }, + "Get an AwsCloudTrail data connector.": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an AATP data connector.": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" } }, "tags": [ @@ -2224,7 +2233,10 @@ "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", - "Office365" + "Office365", + "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection" ], "x-ms-enum": { "name": "DataConnectorKind", @@ -2244,6 +2256,15 @@ }, { "value": "Office365" + }, + { + "value": "AmazonWebServicesCloudTrail" + }, + { + "value": "AzureAdvancedThreatProtection" + }, + { + "value": "MicrosoftDefenderAdvancedThreatProtection" } ] } @@ -2363,6 +2384,52 @@ } } }, + "AwsCloudTrailDataConnector": { + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail", + "type": "object", + "description": "Represents Amazon Web Services CloudTrail data connector.", + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Amazon Web Services CloudTrail data connector properties.", + "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties" + } + } + }, + "AwsCloudTrailDataConnectorProperties": { + "type": "object", + "description": "Amazon Web Services CloudTrail data connector properties.", + "properties": { + "awsRoleArn": { + "type": "string", + "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account." + }, + "dataTypes": { + "description": "The available data types for the connector.", + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes" + } + } + }, + "AwsCloudTrailDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Amazon Web Services CloudTrail data connector.", + "properties": { + "logs": { + "type": "object", + "description": "Logs data type.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + } + } + }, "AADDataConnector": { "x-ms-discriminator-value": "AzureActiveDirectory", "type": "object", @@ -2444,6 +2511,90 @@ "MCASDataConnectorProperties": { "type": "object", "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }], + "properties": { + "dataTypes": { + "description": "The available data types for the connector.", + "$ref": "#/definitions/MCASDataConnectorDataTypes" + } + } + }, + "MCASDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "alerts": { + "type": "object", + "description": "Alerts data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "discoveryLogs": { + "type": "object", + "description": "Discovery log data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + } + } + }, + "AATPDataConnector": { + "x-ms-discriminator-value": "AzureAdvancedThreatProtection", + "type": "object", + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "$ref": "#/definitions/AATPDataConnectorProperties" + } + } + }, + "AATPDataConnectorProperties": { + "type": "object", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ] + }, + "MDATPDataConnector": { + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection", + "type": "object", + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "$ref": "#/definitions/MDATPDataConnectorProperties" + } + } + }, + "MDATPDataConnectorProperties": { + "type": "object", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", "allOf": [ { "$ref": "#/definitions/DataConnectorTenantId" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json new file mode 100644 index 000000000000..ce2654d6e4ac --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..642d47eb08d1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json index a60bbb7918a5..443c7a28c8af 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -4,14 +4,14 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights" + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" }, "responses": { "200": { "body": { "value": [ { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "AzureSecurityCenter", @@ -26,7 +26,7 @@ } }, { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "ThreatIntelligence", @@ -41,7 +41,7 @@ } }, { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "AzureActiveDirectory", @@ -56,7 +56,7 @@ } }, { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "Office365", @@ -74,7 +74,7 @@ } }, { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "MicrosoftCloudAppSecurity", @@ -84,10 +84,58 @@ "dataTypes": { "alerts": { "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" } } } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } } + } ] } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json index f5f114c4f687..b95ac0e2a512 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -4,13 +4,13 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" }, "responses": { "200": { "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", "type": "Microsoft.SecurityInsights/dataConnectors", "kind": "MicrosoftCloudAppSecurity", @@ -20,6 +20,9 @@ "dataTypes": { "alerts": { "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..699853dda0f4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} From 32c121f6270b0531f7814e1b498a6b1d5319a352 Mon Sep 17 00:00:00 2001 From: Rotem Herzberg Date: Thu, 11 Jul 2019 17:02:23 +0300 Subject: [PATCH 2/7] Use AlertsDataTypeOfDataConnector --- .../2019-01-01-preview/SecurityInsights.json | 34 ++++++++----------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index a96620b9d5c0..bc81cff629ea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -2525,26 +2525,22 @@ "MCASDataConnectorDataTypes": { "type": "object", "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", - "properties": { - "alerts": { - "type": "object", - "description": "Alerts data type connection.", - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ] - }, - "discoveryLogs": { - "type": "object", - "description": "Discovery log data type connection.", - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ] + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + }], + "properties": + { + "discoveryLogs": { + "type": "object", + "description": "Discovery log data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + } } - } }, "AATPDataConnector": { "x-ms-discriminator-value": "AzureAdvancedThreatProtection", From ca1fbd115689f2f0caa6116bb5a0f0fdcd32f590 Mon Sep 17 00:00:00 2001 From: roherzbe <52486962+roherzbe@users.noreply.github.com> Date: Sun, 14 Jul 2019 13:36:49 +0300 Subject: [PATCH 3/7] Fix spell check errors --- .../2019-01-01-preview/SecurityInsights.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index bc81cff629ea..f7ab2e0be37c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -928,10 +928,10 @@ "Get an AwsCloudTrail data connector.": { "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" }, - "Get an AATP data connector.": { + "Get an AzureAdvancedThreatProtection data connector.": { "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" }, - "Get a MDATP data connector": { + "Get a MicrosoftDefenderAdvancedThreatProtection data connector": { "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" } }, @@ -2542,10 +2542,10 @@ } } }, - "AATPDataConnector": { + "AzureAdvancedThreatProtectionDataConnector": { "x-ms-discriminator-value": "AzureAdvancedThreatProtection", "type": "object", - "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "description": "Represents Azure Advanced Threat Protection data connector.", "allOf": [ { "$ref": "#/definitions/DataConnector" @@ -2554,7 +2554,7 @@ "properties": { "properties": { "x-ms-client-flatten": true, - "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "description": "Azure Advanced Threat Protection data connector properties.", "$ref": "#/definitions/AATPDataConnectorProperties" } } @@ -2571,10 +2571,10 @@ } ] }, - "MDATPDataConnector": { + "MicrosoftDefenderAdvancedThreatProtectionDataConnector": { "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection", "type": "object", - "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "description": "Represents Microsoft Defender Advanced Threat Protection data connector.", "allOf": [ { "$ref": "#/definitions/DataConnector" @@ -2583,7 +2583,7 @@ "properties": { "properties": { "x-ms-client-flatten": true, - "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "description": "Microsoft Defender Advanced Threat Protection data connector properties.", "$ref": "#/definitions/MDATPDataConnectorProperties" } } From 61a6f4931aba21553e051a98fa03b15607f66541 Mon Sep 17 00:00:00 2001 From: roherzbe <52486962+roherzbe@users.noreply.github.com> Date: Sun, 14 Jul 2019 14:07:40 +0300 Subject: [PATCH 4/7] Spell check fixes --- .../preview/2019-01-01-preview/SecurityInsights.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index f7ab2e0be37c..9bb99aafdcd4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -2555,13 +2555,13 @@ "properties": { "x-ms-client-flatten": true, "description": "Azure Advanced Threat Protection data connector properties.", - "$ref": "#/definitions/AATPDataConnectorProperties" + "$ref": "#/definitions/AzureAdvancedThreatProtectionDataConnectorProperties" } } }, - "AATPDataConnectorProperties": { + "AzureAdvancedThreatProtectionDataConnectorProperties": { "type": "object", - "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "description": "Azure Advanced Threat Protection data connector properties.", "allOf": [ { "$ref": "#/definitions/DataConnectorTenantId" @@ -2584,13 +2584,13 @@ "properties": { "x-ms-client-flatten": true, "description": "Microsoft Defender Advanced Threat Protection data connector properties.", - "$ref": "#/definitions/MDATPDataConnectorProperties" + "$ref": "#/definitions/MicrosoftDefenderAdvancedThreatProtectionDataConnectorProperties" } } }, - "MDATPDataConnectorProperties": { + "MicrosoftDefenderAdvancedThreatProtectionDataConnectorProperties": { "type": "object", - "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "description": "Microsoft Defender Advanced Threat Protection data connector properties.", "allOf": [ { "$ref": "#/definitions/DataConnectorTenantId" From ae29c3d8b5bc58cbee083b73fec429e2f7662ee9 Mon Sep 17 00:00:00 2001 From: roherzbe <52486962+roherzbe@users.noreply.github.com> Date: Mon, 15 Jul 2019 09:16:38 +0300 Subject: [PATCH 5/7] Add AATP and MDATP to custom-words --- custom-words.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/custom-words.txt b/custom-words.txt index 43854b816d59..b07f637211e5 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -1521,3 +1521,5 @@ Turbonomic Zerto Corent Carbonite +AATP +MDATP From 98954229135876de3eb4b6a2a1a8609515b66d79 Mon Sep 17 00:00:00 2001 From: roherzbe <52486962+roherzbe@users.noreply.github.com> Date: Mon, 15 Jul 2019 09:25:12 +0300 Subject: [PATCH 6/7] Using AATP & MDATP after updated custom-words --- .../2019-01-01-preview/SecurityInsights.json | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 9bb99aafdcd4..bc81cff629ea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -928,10 +928,10 @@ "Get an AwsCloudTrail data connector.": { "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" }, - "Get an AzureAdvancedThreatProtection data connector.": { + "Get an AATP data connector.": { "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" }, - "Get a MicrosoftDefenderAdvancedThreatProtection data connector": { + "Get a MDATP data connector": { "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" } }, @@ -2542,10 +2542,10 @@ } } }, - "AzureAdvancedThreatProtectionDataConnector": { + "AATPDataConnector": { "x-ms-discriminator-value": "AzureAdvancedThreatProtection", "type": "object", - "description": "Represents Azure Advanced Threat Protection data connector.", + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", "allOf": [ { "$ref": "#/definitions/DataConnector" @@ -2554,14 +2554,14 @@ "properties": { "properties": { "x-ms-client-flatten": true, - "description": "Azure Advanced Threat Protection data connector properties.", - "$ref": "#/definitions/AzureAdvancedThreatProtectionDataConnectorProperties" + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "$ref": "#/definitions/AATPDataConnectorProperties" } } }, - "AzureAdvancedThreatProtectionDataConnectorProperties": { + "AATPDataConnectorProperties": { "type": "object", - "description": "Azure Advanced Threat Protection data connector properties.", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", "allOf": [ { "$ref": "#/definitions/DataConnectorTenantId" @@ -2571,10 +2571,10 @@ } ] }, - "MicrosoftDefenderAdvancedThreatProtectionDataConnector": { + "MDATPDataConnector": { "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection", "type": "object", - "description": "Represents Microsoft Defender Advanced Threat Protection data connector.", + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", "allOf": [ { "$ref": "#/definitions/DataConnector" @@ -2583,14 +2583,14 @@ "properties": { "properties": { "x-ms-client-flatten": true, - "description": "Microsoft Defender Advanced Threat Protection data connector properties.", - "$ref": "#/definitions/MicrosoftDefenderAdvancedThreatProtectionDataConnectorProperties" + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "$ref": "#/definitions/MDATPDataConnectorProperties" } } }, - "MicrosoftDefenderAdvancedThreatProtectionDataConnectorProperties": { + "MDATPDataConnectorProperties": { "type": "object", - "description": "Microsoft Defender Advanced Threat Protection data connector properties.", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", "allOf": [ { "$ref": "#/definitions/DataConnectorTenantId" From 878390cbb0806c9194cc9ceaed923284d2d8f2ac Mon Sep 17 00:00:00 2001 From: roherzbe <52486962+roherzbe@users.noreply.github.com> Date: Tue, 16 Jul 2019 15:55:19 +0300 Subject: [PATCH 7/7] Fix mistake --- .../preview/2019-01-01-preview/SecurityInsights.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 4642b5e8d714..bc81cff629ea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -925,8 +925,7 @@ "Get an AAD data connector.": { "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" }, - "Get an - CloudTrail data connector.": { + "Get an AwsCloudTrail data connector.": { "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" }, "Get an AATP data connector.": {