From 51eb6d1130549b8d3877d2af3662e1df28ff19b4 Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Tue, 26 Jan 2021 21:10:14 +0000 Subject: [PATCH] CodeGen from PR 12557 in Azure/azure-rest-api-specs Merge 298da25de832da75dbe5dcb456ecf7fcf1637570 into 825cc5cfa5fc3581a7b405cb7063282e8651ea76 --- .../Microsoft.SecurityInsights.json | 140 +++++++++++++++++- .../Microsoft.SecurityInsights.json | 2 +- 2 files changed, 138 insertions(+), 4 deletions(-) diff --git a/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json b/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json index 98443f8f11..aa6dc64f26 100644 --- a/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json +++ b/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json @@ -11,6 +11,9 @@ { "$ref": "#/definitions/FusionAlertRule" }, + { + "$ref": "#/definitions/ThreatIntelligenceAlertRule" + }, { "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRule" }, @@ -2756,6 +2759,57 @@ ], "description": "Scheduled alert rule base property bag." }, + "ThreatIntelligenceAlertRule": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "ThreatIntelligence" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceAlertRuleProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Threat Intelligence alert rule base property bag." + } + }, + "required": [ + "kind" + ], + "description": "Represents Threat Intelligence alert rule." + }, + "ThreatIntelligenceAlertRuleProperties": { + "type": "object", + "properties": { + "alertRuleTemplateName": { + "type": "string", + "description": "The Name of the alert rule template used to create this rule." + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether this alert rule is enabled or disabled." + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "description": "Threat Intelligence alert rule base property bag." + }, "ThreatIntelligenceGranularMarkingModel": { "type": "object", "properties": { @@ -2821,6 +2875,22 @@ "type": "string", "description": "Display name of a threat intelligence entity" }, + "extensions": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "object", + "properties": {} + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Extensions map" + }, "externalId": { "type": "string", "description": "External ID of threat intelligence entity" @@ -2895,6 +2965,10 @@ ], "description": "Labels of threat intelligence entity" }, + "language": { + "type": "string", + "description": "Language of threat intelligence entity" + }, "lastUpdatedTimeUtc": { "type": "string", "description": "Last updated time in UTC" @@ -2903,6 +2977,20 @@ "type": "string", "description": "Modified by" }, + "parsedPattern": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ThreatIntelligenceParsedPattern" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Parsed patterns" + }, "pattern": { "type": "string", "description": "Pattern of a threat intelligence entity" @@ -2973,15 +3061,46 @@ "description": "Kill chainName name" }, "phaseName": { + "type": "string", + "description": "Phase name" + } + }, + "description": "Describes threat kill chain phase entity" + }, + "ThreatIntelligenceParsedPattern": { + "type": "object", + "properties": { + "patternTypeKey": { + "type": "string", + "description": "Pattern type key" + }, + "patternTypeValues": { "oneOf": [ { - "type": "integer" + "type": "array", + "items": { + "$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue" + } }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Phase name" + "description": "Pattern type keys" + } + }, + "description": "Describes parsed pattern entity" + }, + "ThreatIntelligenceParsedPatternTypeValue": { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "Value of parsed pattern" + }, + "valueType": { + "type": "string", + "description": "Type of the value" } }, "description": "Describes threat kill chain phase entity" @@ -3439,6 +3558,10 @@ ], "description": "User information that made some action" }, + "uploadStatus": { + "type": "string", + "description": "The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted" + }, "watchlistAlias": { "type": "string", "description": "The alias of the watchlist" @@ -3447,6 +3570,17 @@ "type": "string", "description": "The id (a Guid) of the watchlist" }, + "watchlistItemsCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The number of Watchlist Items in the Watchlist" + }, "watchlistType": { "type": "string", "description": "The type of the watchlist" @@ -3503,4 +3637,4 @@ "description": "Microsoft.SecurityInsights/watchlists/watchlistItems" } } -} \ No newline at end of file +} diff --git a/schemas/2020-01-01/Microsoft.SecurityInsights.json b/schemas/2020-01-01/Microsoft.SecurityInsights.json index 9adc8e1848..b2b2bc0c34 100644 --- a/schemas/2020-01-01/Microsoft.SecurityInsights.json +++ b/schemas/2020-01-01/Microsoft.SecurityInsights.json @@ -1682,4 +1682,4 @@ "description": "User information that made some action" } } -} \ No newline at end of file +}