Skip to content

Commit

Permalink
Fix Swagger Correctness for Threat Intelligence APIs (Azure#12557)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hunngu-ms @mkarmark
hunngu-ms authored and mkarmark committed Jul 20, 2021
1 parent 9e59f42 commit efb6376
Show file tree
Hide file tree
Showing 2 changed files with 171 additions and 3 deletions.
157 changes: 155 additions & 2 deletions ...ource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7718,6 +7718,111 @@
"type": "object",
"x-ms-discriminator-value": "Fusion"
},
"ThreatIntelligenceAlertRule": {
"allOf": [
{
"$ref": "#/definitions/AlertRule"
}
],
"description": "Represents Threat Intelligence alert rule.",
"properties": {
"properties": {
"$ref": "#/definitions/ThreatIntelligenceAlertRuleProperties",
"description": "Threat Intelligence alert rule properties",
"x-ms-client-flatten": true
}
},
"type": "object",
"x-ms-discriminator-value": "ThreatIntelligence"
},
"ThreatIntelligenceAlertRuleProperties": {
"description": "Threat Intelligence alert rule base property bag.",
"properties": {
"alertRuleTemplateName": {
"description": "The Name of the alert rule template used to create this rule.",
"type": "string"
},
"description": {
"description": "The description of the alert rule.",
"readOnly": true,
"type": "string"
},
"displayName": {
"description": "The display name for alerts created by this alert rule.",
"readOnly": true,
"type": "string"
},
"enabled": {
"description": "Determines whether this alert rule is enabled or disabled.",
"type": "boolean"
},
"lastModifiedUtc": {
"description": "The last time that this alert has been modified.",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"severity": {
"$ref": "#/definitions/AlertSeverity",
"description": "The severity for alerts created by this alert rule.",
"readOnly": true
},
"tactics": {
"description": "The tactics of the alert rule",
"items": {
"$ref": "#/definitions/AttackTactic"
},
"readOnly": true,
"type": "array"
}
},
"required": [
"alertRuleTemplateName",
"enabled"
],
"type": "object"
},
"ThreatIntelligenceAlertRuleTemplate": {
"allOf": [
{
"$ref": "#/definitions/AlertRuleTemplate"
}
],
"description": "Represents Threat Intelligence alert rule template.",
"properties": {
"properties": {
"allOf": [
{
"$ref": "#/definitions/AlertRuleTemplatePropertiesBase"
}
],
"description": "Threat Intelligence alert rule template properties",
"properties": {
"severity": {
"$ref": "#/definitions/AlertSeverity",
"description": "The severity for alerts created by this alert rule."
},
"tactics": {
"description": "The tactics of the alert rule template",
"items": {
"$ref": "#/definitions/AttackTactic"
},
"type": "array"
}
},
"required": [
"displayName",
"description",
"status",
"severity",
"alertRulesCreatedByTemplateCount"
],
"x-ms-client-flatten": true
}
},
"type": "object",
"x-ms-discriminator-value": "ThreatIntelligence"
},
"GeoLocation": {
"description": "The geo-location context attached to the ip entity",
"properties": {
Expand Down Expand Up @@ -11584,6 +11689,14 @@
},
"type": "array"
},
"parsedPattern": {
"description": "Parsed patterns",
"items": {
"description": "Parsed pattern",
"$ref": "#/definitions/ThreatIntelligenceParsedPattern"
},
"type": "array"
},
"externalId": {
"description": "External ID of threat intelligence entity",
"type": "string"
Expand Down Expand Up @@ -11625,6 +11738,10 @@
},
"type": "array"
},
"language": {
"description": "Language of threat intelligence entity",
"type": "string"
},
"threatTypes": {
"description": "Threat types",
"items": {
Expand All @@ -11648,6 +11765,11 @@
"modified": {
"description": "Modified by",
"type": "string"
},
"extensions": {
"description": "Extensions map",
"type": "object",
"additionalProperties": {}
}
},
"type": "object"
Expand All @@ -11661,8 +11783,39 @@
},
"phaseName": {
"description": "Phase name",
"type": "integer",
"format": "int32"
"type": "string"
}
},
"type": "object"
},
"ThreatIntelligenceParsedPattern": {
"description": "Describes parsed pattern entity",
"properties": {
"patternTypeKey": {
"description": "Pattern type key",
"type": "string"
},
"patternTypeValues": {
"description": "Pattern type keys",
"items": {
"description": "Pattern type key",
"$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue"
},
"type": "array"
}
},
"type": "object"
},
"ThreatIntelligenceParsedPatternTypeValue": {
"description": "Describes threat kill chain phase entity",
"properties": {
"valueType": {
"description": "Type of the value",
"type": "string"
},
"value": {
"description": "Value of parsed pattern",
"type": "string"
}
},
"type": "object"
Expand Down
17 changes: 16 additions & 1 deletion ...ights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,22 @@
"killChainPhases": [],
"pattern": "[url:value = 'https://www.contoso.com']",
"patternType": "url",
"validFrom": "2020-04-15T17:44:00.114052Z"
"validFrom": "2020-04-15T17:44:00.114052Z",
"parsedPattern": [
{
"patternTypeKey": "network-traffic",
"patternTypeValues": [
{
"valueType": "0",
"value": "SSH-2.0-PuTTY_Release_0.64"
},
{
"valueType": "1",
"value": "194.88.106.146"
}
]
}
]
}
},
{
Expand Down

0 comments on commit efb6376

Please sign in to comment.