[Hub Generated] Review request for Microsoft.SecurityInsights to add version preview/2021-10-01-preview (#17837)

laithhisham · web-flow · commit 3a1da75f85a7 · 2022-02-21T08:52:53.000+08:00
* extract MicrosoftSecurityProductName to enum

* extract AlertRuleTemplateStatus to enum

* define FusionAlertRuleTemplateProperties

* add back nested properties

* add flatten to mitre and fusion properties objects

* change position of required

* define MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties

* align required + add flatten

* fix AlertSeverity ref

* align type to avoid breaking change

* add type for MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties
diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AlertRules.json
@@ -705,35 +705,39 @@
           "type": "array"
         },
         "status": {
-          "description": "The alert rule template status.",
-          "enum": [
-            "Installed",
-            "Available",
-            "NotAvailable"
-          ],
-          "type": "string",
-          "x-ms-enum": {
-            "modelAsString": true,
-            "name": "TemplateStatus",
-            "values": [
-              {
-                "description": "Alert rule template installed. and can not use more then once",
-                "value": "Installed"
-              },
-              {
-                "description": "Alert rule template is available.",
-                "value": "Available"
-              },
-              {
-                "description": "Alert rule template is not available",
-                "value": "NotAvailable"
-              }
-            ]
-          }
+          "$ref": "#/definitions/AlertRuleTemplateStatus",
+          "description": "The alert rule template status."
         }
       },
       "type": "object"
     },
+    "AlertRuleTemplateStatus": {
+      "description": "The alert rule template status.",
+      "enum": [
+        "Installed",
+        "Available",
+        "NotAvailable"
+      ],
+      "type": "string",
+      "x-ms-enum": {
+        "modelAsString": true,
+        "name": "TemplateStatus",
+        "values": [
+          {
+            "description": "Alert rule template installed. and can not use more then once",
+            "value": "Installed"
+          },
+          {
+            "description": "Alert rule template is available.",
+            "value": "Available"
+          },
+          {
+            "description": "Alert rule template is not available",
+            "value": "NotAvailable"
+          }
+        ]
+      }
+    },
     "AlertRuleTemplateWithMitreProperties": {
       "allOf": [
         {
@@ -1164,26 +1168,8 @@
       "description": "Represents Fusion alert rule template.",
       "properties": {
         "properties": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties"
-            }
-          ],
+          "$ref": "#/definitions/FusionAlertRuleTemplateProperties",
           "description": "Fusion alert rule template properties",
-          "properties": {
-            "severity": {
-              "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum",
-              "description": "The severity for alerts created by this alert rule."
-            },
-            "sourceSettings": {
-              "description": "All supported source signal configurations consumed in fusion detection.",
-              "items": {
-                "$ref": "#/definitions/FusionTemplateSourceSetting"
-              },
-              "x-ms-identifiers": [],
-              "type": "array"
-            }
-          },
           "required": [
             "displayName",
             "description",
@@ -1192,13 +1178,36 @@
             "sourceSettings",
             "alertRulesCreatedByTemplateCount"
           ],
-          "type": "object",
           "x-ms-client-flatten": true
         }
       },
       "type": "object",
       "x-ms-discriminator-value": "Fusion"
     },
+    "FusionAlertRuleTemplateProperties": {
+      "allOf": [
+        {
+          "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties"
+        }
+      ],
+      "description": "Fusion alert rule template properties",
+      "properties": {
+        "severity": {
+          "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum",
+          "description": "The severity for alerts created by this alert rule."
+        },
+        "sourceSettings": {
+          "description": "All supported source signal configurations consumed in fusion detection.",
+          "items": {
+            "$ref": "#/definitions/FusionTemplateSourceSetting"
+          },
+          "x-ms-identifiers": [],
+          "type": "array"
+        }
+      },
+      "type": "object",
+      "x-ms-client-flatten": true
+    },
     "FusionTemplateSourceSetting": {
       "description": "Represents a source signal consumed in Fusion detection.",
       "properties": {
@@ -1407,21 +1416,8 @@
           "type": "array"
         },
         "productFilter": {
-          "description": "The alerts' productName on which the cases will be generated",
-          "enum": [
-            "Microsoft Cloud App Security",
-            "Azure Security Center",
-            "Azure Advanced Threat Protection",
-            "Azure Active Directory Identity Protection",
-            "Azure Security Center for IoT",
-            "Office 365 Advanced Threat Protection",
-            "Microsoft Defender Advanced Threat Protection"
-          ],
-          "type": "string",
-          "x-ms-enum": {
-            "modelAsString": true,
-            "name": "MicrosoftSecurityProductName"
-          }
+          "$ref": "#/definitions/MicrosoftSecurityProductName",
+          "description": "The alerts' productName on which the cases will be generated"
         },
         "severitiesFilter": {
           "description": "the alerts' severities on which the cases will be generated",
@@ -1436,6 +1432,23 @@
       ],
       "type": "object"
     },
+    "MicrosoftSecurityProductName": {
+      "description": "The alerts' productName on which the cases will be generated",
+      "enum": [
+        "Microsoft Cloud App Security",
+        "Azure Security Center",
+        "Azure Advanced Threat Protection",
+        "Azure Active Directory Identity Protection",
+        "Azure Security Center for IoT",
+        "Office 365 Advanced Threat Protection",
+        "Microsoft Defender Advanced Threat Protection"
+      ],
+      "type": "string",
+      "x-ms-enum": {
+        "modelAsString": true,
+        "name": "MicrosoftSecurityProductName"
+      }
+    },
     "MicrosoftSecurityIncidentCreationAlertRuleProperties": {
       "allOf": [
         {
@@ -1483,14 +1496,7 @@
       "description": "Represents MicrosoftSecurityIncidentCreation rule template.",
       "properties": {
         "properties": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AlertRuleTemplatePropertiesBase"
-            },
-            {
-              "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties"
-            }
-          ],
+          "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties",
           "description": "MicrosoftSecurityIncidentCreation rule template properties",
           "required": [
             "displayName",
@@ -1506,6 +1512,43 @@
       "type": "object",
       "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation"
     },
+    "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": {
+      "allOf": [
+        {
+          "$ref": "#/definitions/AlertRuleTemplatePropertiesBase"
+        }
+      ],
+      "description": "MicrosoftSecurityIncidentCreation rule template properties",
+      "properties": {
+        "displayNamesFilter": {
+          "description": "the alerts' displayNames on which the cases will be generated",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "displayNamesExcludeFilter": {
+          "description": "the alerts' displayNames on which the cases will not be generated",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "productFilter": {
+          "$ref": "#/definitions/MicrosoftSecurityProductName",
+          "description": "The alerts' productName on which the cases will be generated"
+        },
+        "severitiesFilter": {
+          "description": "the alerts' severities on which the cases will be generated",
+          "items": {
+            "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object",
+      "x-ms-client-flatten": true
+    },
     "QueryBasedAlertRuleProperties": {
       "description": "Query based alert rule base property bag.",
       "properties": {
