From 636132d71ed892502d95b015745d88741b0e6eff Mon Sep 17 00:00:00 2001 From: Moran Raz Mizrahi Date: Sun, 4 Jul 2021 19:00:39 +0300 Subject: [PATCH 1/9] AlertRules --- .../stable/2020-01-01/AlertRules.json | 804 ++++++++++++++++++ 1 file changed, 804 insertions(+) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json new file mode 100644 index 000000000000..b3308cc626bf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json @@ -0,0 +1,804 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-04-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "x-ms-examples": { + "Get all alert rules.": { + "$ref": "./examples/alertRules/GetAllAlertRules.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "operationId": "AlertRules_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get a Scheduled alert rule.": { + "$ref": "./examples/alertRules/GetScheduledAlertRule.json" + }, + "Get a Fusion alert rule.": { + "$ref": "./examples/alertRules/GetFusionAlertRule.json" + }, + "Get a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets the alert rule.", + "operationId": "AlertRules_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a Scheduled alert rule.": { + "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" + }, + "Creates or updates a Fusion alert rule.": { + "$ref": "./examples/alertRules/CreateFusionAlertRule.json" + }, + "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "operationId": "AlertRules_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AlertRule" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an alert rule.": { + "$ref": "./examples/alertRules/DeleteAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "operationId": "AlertRules_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { + "get": { + "x-ms-examples": { + "Get all actions of alert rule.": { + "$ref": "./examples/actions/GetAllActionsByAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets all actions of alert rule.", + "operationId": "Actions_ListByAlertRule", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/ActionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { + "get": { + "x-ms-examples": { + "Get an action of alert rule.": { + "$ref": "./examples/actions/GetActionOfAlertRuleById.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets the action of alert rule.", + "operationId": "Actions_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an action of alert rule.": { + "$ref": "./examples/actions/CreateActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Creates or updates the action of alert rule.", + "operationId": "Actions_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + }, + { + "$ref": "#/parameters/Action" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an action of alert rule.": { + "$ref": "./examples/actions/DeleteActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Delete the action of alert rule.", + "operationId": "Actions_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { + "get": { + "x-ms-examples": { + "Get all alert rule templates.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets all alert rule templates.", + "operationId": "AlertRuleTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/AlertRuleTemplatesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { + "get": { + "x-ms-examples": { + "Get alert rule template by Id.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets the alert rule template.", + "operationId": "AlertRuleTemplates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AlertRuleTemplateId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "ActionsList": { + "description": "List all the actions.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of actions.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of actions.", + "items": { + "$ref": "#/definitions/ActionResponse" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "ActionRequest": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionRequestProperties", + "description": "Action properties for put request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionRequestProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "triggerUri": { + "description": "Logic App Callback URL for this specific workflow.", + "type": "string" + } + }, + "required": [ + "triggerUri" + ], + "type": "object" + }, + "ActionResponse": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/Resource" + } + ], + "description": "Action for alert rule.", + "properties": { + "etag": { + "description": "Etag of the action.", + "type": "string" + }, + "properties": { + "$ref": "#/definitions/ActionResponseProperties", + "description": "Action properties for get request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionResponseProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "workflowId": { + "description": "The name of the logic app's workflow.", + "type": "string" + } + }, + "type": "object" + }, + "ActionPropertiesBase": { + "description": "Action property bag base.", + "properties": { + "logicAppResourceId": { + "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.", + "type": "string" + } + }, + "required": [ + "logicAppResourceId" + ], + "type": "object" + }, + "AlertRule": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Alert rule.", + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKind", + "description": "The alert rule kind" + } + }, + "type": "object" + }, + "AlertRuleKind": { + "description": "The kind of the alert rule", + "enum": [ + "Scheduled", + "MicrosoftSecurityIncidentCreation", + "Fusion" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertRuleKind", + "values": [ + { + "value": "Scheduled" + }, + { + "value": "MicrosoftSecurityIncidentCreation" + }, + { + "value": "Fusion" + } + ] + } + }, + "AlertRuleTemplate": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/Resource" + } + ], + "description": "Alert rule template.", + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKind", + "description": "The alert rule kind", + "type": "string" + } + }, + "type": "object" + }, + "AlertRulesList": { + "description": "List all the alert rules.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rules.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rules.", + "items": { + "$ref": "#/definitions/AlertRule" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "AlertRuleTemplatesList": { + "description": "List all the alert rule templates.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rule templates.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rule templates.", + "items": { + "$ref": "#/definitions/AlertRuleTemplate" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", + "description": "The error object of the CloudError response" + } + }, + "description": "An error response for a resource management request." + } + }, + "parameters": { + "Action": { + "description": "The action", + "in": "body", + "name": "action", + "required": true, + "schema": { + "$ref": "#/definitions/ActionRequest" + }, + "x-ms-parameter-location": "method" + }, + "ActionId": { + "description": "Action ID", + "in": "path", + "name": "actionId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AlertRule": { + "description": "The alert rule", + "in": "body", + "name": "alertRule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" + }, + "AlertRuleTemplateId": { + "description": "Alert rule template ID", + "in": "path", + "name": "alertRuleTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + } + } +} From 6e805c4c7415a0c36dca65420d6de0c13a772263 Mon Sep 17 00:00:00 2001 From: Moran Raz Mizrahi Date: Sun, 4 Jul 2021 20:23:22 +0300 Subject: [PATCH 2/9] bookmarks --- .../stable/2020-01-01/Bookmarks.json | 489 ++++++++++++++++++ 1 file changed, 489 insertions(+) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json new file mode 100644 index 000000000000..c57e2ae874eb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json @@ -0,0 +1,489 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-04-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { + "get": { + "x-ms-examples": { + "Get all bookmarks.": { + "$ref": "./examples/bookmarks/GetBookmarks.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets all bookmarks.", + "operationId": "Bookmarks_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/BookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}": { + "get": { + "x-ms-examples": { + "Get a bookmark.": { + "$ref": "./examples/bookmarks/GetBookmarkById.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets a bookmark.", + "operationId": "Bookmarks_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a bookmark.": { + "$ref": "./examples/bookmarks/CreateBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Creates or updates the bookmark.", + "operationId": "Bookmarks_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "#/parameters/Bookmark" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a bookmark.": { + "$ref": "./examples/bookmarks/DeleteBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Delete the bookmark.", + "operationId": "Bookmarks_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + }, + "definitions": { + "Bookmark": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a bookmark in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/BookmarkProperties", + "description": "Bookmark properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "BookmarkList": { + "description": "List all the bookmarks.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of cases.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of bookmarks.", + "items": { + "$ref": "#/definitions/Bookmark" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "BookmarkProperties": { + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "#/definitions/Label" + }, + "type": "array" + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "eventTime": { + "description": "The bookmark event time", + "format": "date-time", + "type": "string" + }, + "queryStartTime": { + "description": "The start time for the query", + "format": "date-time", + "type": "string" + }, + "queryEndTime": { + "description": "The end time for the query", + "format": "date-time", + "type": "string" + }, + "incidentInfo": { + "$ref": "#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", + "description": "The error object of the CloudError response" + } + }, + "description": "An error response for a resource management request." + }, + "IncidentInfo": { + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "description": "Incident Id", + "type": "string" + }, + "severity": { + "description": "The severity of the incident", + "enum": [ + "Critical", + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CaseSeverity", + "values": [ + { + "description": "Critical severity", + "value": "Critical" + }, + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "title": { + "description": "The title of the incident", + "type": "string" + }, + "relationName": { + "description": "Relation Name", + "type": "string" + } + }, + "type": "object" + }, + "UserInfo": { + "description": "User information that made some action", + "properties": { + "email": { + "description": "The email of the user.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the user.", + "readOnly": true, + "type": "string" + }, + "objectId": { + "description": "The object id of the user.", + "format": "uuid", + "type": "string", + "x-nullable": true + } + }, + "required": [ + "objectId" + ], + "type": "object" + } + }, + "parameters": { + "Action": { + "description": "The action", + "in": "body", + "name": "action", + "required": true, + "schema": { + "$ref": "#/definitions/ActionRequest" + }, + "x-ms-parameter-location": "method" + }, + "ActionId": { + "description": "Action ID", + "in": "path", + "name": "actionId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AlertRule": { + "description": "The alert rule", + "in": "body", + "name": "alertRule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" + }, + "AlertRuleTemplateId": { + "description": "Alert rule template ID", + "in": "path", + "name": "alertRuleTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + } + } +} From 7645b90a872ce3e80b7fcc6fb5586e5bd41547d0 Mon Sep 17 00:00:00 2001 From: Moran Raz Mizrahi Date: Sun, 4 Jul 2021 21:30:40 +0300 Subject: [PATCH 3/9] dataConnectors --- .../stable/2020-01-01/Bookmarks.json | 50 +- .../stable/2020-01-01/DataConnectors.json | 391 +++++ .../stable/2020-01-01/SecurityInsights.json | 1365 +---------------- 3 files changed, 448 insertions(+), 1358 deletions(-) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json index c57e2ae874eb..b1dcea38fe71 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json @@ -422,38 +422,20 @@ } }, "parameters": { - "Action": { - "description": "The action", - "in": "body", - "name": "action", - "required": true, - "schema": { - "$ref": "#/definitions/ActionRequest" - }, - "x-ms-parameter-location": "method" - }, - "ActionId": { - "description": "Action ID", - "in": "path", - "name": "actionId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "AlertRule": { - "description": "The alert rule", + "Bookmark": { + "description": "The bookmark", "in": "body", - "name": "alertRule", + "name": "bookmark", "required": true, "schema": { - "$ref": "#/definitions/AlertRule" + "$ref": "#/definitions/Bookmark" }, "x-ms-parameter-location": "method" }, - "AlertRuleTemplateId": { - "description": "Alert rule template ID", + "BookmarkId": { + "description": "Bookmark ID", "in": "path", - "name": "alertRuleTemplateId", + "name": "bookmarkId", "required": true, "type": "string", "x-ms-parameter-location": "method" @@ -469,14 +451,6 @@ "type": "string", "x-ms-parameter-location": "method" }, - "RuleId": { - "description": "Alert rule ID", - "in": "path", - "name": "ruleId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, "SubscriptionId": { "description": "Azure subscription ID", "in": "path", @@ -484,6 +458,16 @@ "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", "required": true, "type": "string" + }, + "WorkspaceName": { + "description": "The name of the workspace.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "workspaceName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json new file mode 100644 index 000000000000..8c6cf2f31f75 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json @@ -0,0 +1,391 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-04-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { + "get": { + "x-ms-examples": { + "Get all data connectors.": { + "$ref": "./examples/dataConnectors/GetDataConnectors.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets all data connectors.", + "operationId": "DataConnectors_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnectorList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { + "get": { + "x-ms-examples": { + "Get an Office365 data connector.": { + "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" + }, + "Get a TI data connector.": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" + }, + "Get a MCAS data connector.": { + "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" + }, + "Get a ASC data connector.": { + "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" + }, + "Get an AAD data connector.": { + "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" + }, + "Get an AwsCloudTrail data connector.": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an AATP data connector.": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets a data connector.", + "operationId": "DataConnectors_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Office365 data connector.": { + "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" + }, + "Creates or updates an Threat Intelligence Platform data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Creates or updates the data connector.", + "operationId": "DataConnectors_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + }, + { + "$ref": "#/parameters/DataConnector" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an Office365 data connector.": { + "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Delete the data connector.", + "operationId": "DataConnectors_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", + "description": "The error object of the CloudError response" + } + }, + "description": "An error response for a resource management request." + }, + "DataConnector": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Data connector.", + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "The data connector kind" + } + }, + "type": "object" + }, + "DataConnectorKind": { + "description": "The kind of the data connector", + "enum": [ + "AzureActiveDirectory", + "AzureSecurityCenter", + "MicrosoftCloudAppSecurity", + "ThreatIntelligence", + "Office365", + "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorKind", + "values": [ + { + "value": "AzureActiveDirectory" + }, + { + "value": "AzureSecurityCenter" + }, + { + "value": "MicrosoftCloudAppSecurity" + }, + { + "value": "ThreatIntelligence" + }, + { + "value": "Office365" + }, + { + "value": "AmazonWebServicesCloudTrail" + }, + { + "value": "AzureAdvancedThreatProtection" + }, + { + "value": "MicrosoftDefenderAdvancedThreatProtection" + } + ] + } + }, + "DataConnectorList": { + "description": "List all the data connectors.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of data connectors.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of data connectors.", + "items": { + "$ref": "#/definitions/DataConnector" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "DataConnector": { + "description": "The data connector", + "in": "body", + "name": "dataConnector", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnector" + }, + "x-ms-parameter-location": "method" + }, + "DataConnectorId": { + "description": "Connector ID", + "in": "path", + "name": "dataConnectorId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + }, + "WorkspaceName": { + "description": "The name of the workspace.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "workspaceName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json index 9285c576a626..b66a0a3dbbe3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json @@ -65,884 +65,6 @@ } } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { - "get": { - "x-ms-examples": { - "Get all alert rules.": { - "$ref": "./examples/alertRules/GetAllAlertRules.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Gets all alert rules.", - "operationId": "AlertRules_List", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/AlertRulesList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { - "get": { - "x-ms-examples": { - "Get a Scheduled alert rule.": { - "$ref": "./examples/alertRules/GetScheduledAlertRule.json" - }, - "Get a Fusion alert rule.": { - "$ref": "./examples/alertRules/GetFusionAlertRule.json" - }, - "Get a MicrosoftSecurityIncidentCreation rule.": { - "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Gets the alert rule.", - "operationId": "AlertRules_Get", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/AlertRule" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates a Scheduled alert rule.": { - "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" - }, - "Creates or updates a Fusion alert rule.": { - "$ref": "./examples/alertRules/CreateFusionAlertRule.json" - }, - "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { - "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Creates or updates the alert rule.", - "operationId": "AlertRules_CreateOrUpdate", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - }, - { - "$ref": "#/parameters/AlertRule" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/AlertRule" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/AlertRule" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete an alert rule.": { - "$ref": "./examples/alertRules/DeleteAlertRule.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Delete the alert rule.", - "operationId": "AlertRules_Delete", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { - "get": { - "x-ms-examples": { - "Get all actions of alert rule.": { - "$ref": "./examples/actions/GetAllActionsByAlertRule.json" - } - }, - "tags": [ - "Actions" - ], - "description": "Gets all actions of alert rule.", - "operationId": "Actions_ListByAlertRule", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/ActionsList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { - "get": { - "x-ms-examples": { - "Get an action of alert rule.": { - "$ref": "./examples/actions/GetActionOfAlertRuleById.json" - } - }, - "tags": [ - "Actions" - ], - "description": "Gets the action of alert rule.", - "operationId": "Actions_Get", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - }, - { - "$ref": "#/parameters/ActionId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/ActionResponse" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates an action of alert rule.": { - "$ref": "./examples/actions/CreateActionOfAlertRule.json" - } - }, - "tags": [ - "Actions" - ], - "description": "Creates or updates the action of alert rule.", - "operationId": "Actions_CreateOrUpdate", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - }, - { - "$ref": "#/parameters/ActionId" - }, - { - "$ref": "#/parameters/Action" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/ActionResponse" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/ActionResponse" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete an action of alert rule.": { - "$ref": "./examples/actions/DeleteActionOfAlertRule.json" - } - }, - "tags": [ - "Actions" - ], - "description": "Delete the action of alert rule.", - "operationId": "Actions_Delete", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - }, - { - "$ref": "#/parameters/ActionId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { - "get": { - "x-ms-examples": { - "Get all alert rule templates.": { - "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" - } - }, - "tags": [ - "Alert Rule Templates" - ], - "description": "Gets all alert rule templates.", - "operationId": "AlertRuleTemplates_List", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/AlertRuleTemplatesList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { - "get": { - "x-ms-examples": { - "Get alert rule template by Id.": { - "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" - } - }, - "tags": [ - "Alert Rule Templates" - ], - "description": "Gets the alert rule template.", - "operationId": "AlertRuleTemplates_Get", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/AlertRuleTemplateId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/AlertRuleTemplate" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { - "get": { - "x-ms-examples": { - "Get all bookmarks.": { - "$ref": "./examples/bookmarks/GetBookmarks.json" - } - }, - "tags": [ - "Bookmarks" - ], - "description": "Gets all bookmarks.", - "operationId": "Bookmarks_List", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/BookmarkList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}": { - "get": { - "x-ms-examples": { - "Get a bookmark.": { - "$ref": "./examples/bookmarks/GetBookmarkById.json" - } - }, - "tags": [ - "Bookmarks" - ], - "description": "Gets a bookmark.", - "operationId": "Bookmarks_Get", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/BookmarkId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/Bookmark" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates a bookmark.": { - "$ref": "./examples/bookmarks/CreateBookmark.json" - } - }, - "tags": [ - "Bookmarks" - ], - "description": "Creates or updates the bookmark.", - "operationId": "Bookmarks_CreateOrUpdate", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/BookmarkId" - }, - { - "$ref": "#/parameters/Bookmark" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/Bookmark" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/Bookmark" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete a bookmark.": { - "$ref": "./examples/bookmarks/DeleteBookmark.json" - } - }, - "tags": [ - "Bookmarks" - ], - "description": "Delete the bookmark.", - "operationId": "Bookmarks_Delete", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/BookmarkId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { - "get": { - "x-ms-examples": { - "Get all data connectors.": { - "$ref": "./examples/dataConnectors/GetDataConnectors.json" - } - }, - "tags": [ - "Data Connectors" - ], - "description": "Gets all data connectors.", - "operationId": "DataConnectors_List", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/DataConnectorList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { - "get": { - "x-ms-examples": { - "Get an Office365 data connector.": { - "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" - }, - "Get a TI data connector.": { - "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" - }, - "Get a MCAS data connector.": { - "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" - }, - "Get a ASC data connector.": { - "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" - }, - "Get an AAD data connector.": { - "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" - }, - "Get an AwsCloudTrail data connector.": { - "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" - }, - "Get an AATP data connector.": { - "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" - }, - "Get a MDATP data connector": { - "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" - } - }, - "tags": [ - "Data Connectors" - ], - "description": "Gets a data connector.", - "operationId": "DataConnectors_Get", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/DataConnectorId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/DataConnector" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates an Office365 data connector.": { - "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" - }, - "Creates or updates an Threat Intelligence Platform data connector.": { - "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" - } - }, - "tags": [ - "Data Connectors" - ], - "description": "Creates or updates the data connector.", - "operationId": "DataConnectors_CreateOrUpdate", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/DataConnectorId" - }, - { - "$ref": "#/parameters/DataConnector" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/DataConnector" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/DataConnector" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete an Office365 data connector.": { - "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" - } - }, - "tags": [ - "Data Connectors" - ], - "description": "Delete the data connector.", - "operationId": "DataConnectors_Delete", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/DataConnectorId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - } - }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { "get": { "x-ms-examples": { @@ -1415,240 +537,79 @@ "properties": { "logicAppResourceId": { "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.", - "type": "string" - } - }, - "required": [ - "logicAppResourceId" - ], - "type": "object" - }, - "ActionRequestProperties": { - "allOf": [ - { - "$ref": "#/definitions/ActionPropertiesBase" - } - ], - "description": "Action property bag.", - "properties": { - "triggerUri": { - "description": "Logic App Callback URL for this specific workflow.", - "type": "string" - } - }, - "required": [ - "triggerUri" - ], - "type": "object" - }, - "ActionResponse": { - "allOf": [ - { - "$ref": "#/definitions/Resource" - } - ], - "description": "Action for alert rule.", - "properties": { - "etag": { - "description": "Etag of the action.", - "type": "string" - }, - "properties": { - "$ref": "#/definitions/ActionResponseProperties", - "description": "Action properties for get request", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "ActionResponseProperties": { - "allOf": [ - { - "$ref": "#/definitions/ActionPropertiesBase" - } - ], - "description": "Action property bag.", - "properties": { - "workflowId": { - "description": "The name of the logic app's workflow.", - "type": "string" - } - }, - "type": "object" - }, - "ActionsList": { - "description": "List all the actions.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of actions.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of actions.", - "items": { - "$ref": "#/definitions/ActionResponse" - }, - "type": "array" - } - }, - "required": [ - "value" - ] - }, - "AlertRule": { - "allOf": [ - { - "$ref": "#/definitions/ResourceWithEtag" - } - ], - "description": "Alert rule.", - "discriminator": "kind", - "required": [ - "kind" - ], - "properties": { - "kind": { - "$ref": "#/definitions/AlertRuleKind", - "description": "The alert rule kind" + "type": "string" } }, - "type": "object" - }, - "AlertRuleKind": { - "description": "The kind of the alert rule", - "enum": [ - "Scheduled", - "MicrosoftSecurityIncidentCreation", - "Fusion" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AlertRuleKind", - "values": [ - { - "value": "Scheduled" - }, - { - "value": "MicrosoftSecurityIncidentCreation" - }, - { - "value": "Fusion" - } - ] - } - }, - "AlertRuleTemplateStatus": { - "description": "The alert rule template status.", - "enum": [ - "Installed", - "Available", - "NotAvailable" + "required": [ + "logicAppResourceId" ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "TemplateStatus", - "values": [ - { - "description": "Alert rule template installed. and can not use more then once", - "value": "Installed" - }, - { - "description": "Alert rule template is available.", - "value": "Available" - }, - { - "description": "Alert rule template is not available", - "value": "NotAvailable" - } - ] - } + "type": "object" }, - "AlertRuleTemplate": { + "ActionRequestProperties": { "allOf": [ { - "$ref": "#/definitions/Resource" + "$ref": "#/definitions/ActionPropertiesBase" } ], - "description": "Alert rule template.", - "discriminator": "kind", - "required": [ - "kind" - ], + "description": "Action property bag.", "properties": { - "kind": { - "$ref": "#/definitions/AlertRuleKind", - "description": "The alert rule kind", + "triggerUri": { + "description": "Logic App Callback URL for this specific workflow.", "type": "string" } }, + "required": [ + "triggerUri" + ], "type": "object" }, - "AlertRuleTemplateDataSource": { - "description": "alert rule template data sources", + "ActionResponse": { + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "description": "Action for alert rule.", "properties": { - "connectorId": { - "description": "The connector id that provides the following data types", + "etag": { + "description": "Etag of the action.", "type": "string" }, - "dataTypes": { - "description": "The data types used by the alert rule template", - "items": { - "type": "string" - }, - "type": "array" + "properties": { + "$ref": "#/definitions/ActionResponseProperties", + "description": "Action properties for get request", + "x-ms-client-flatten": true } }, "type": "object" }, - "AlertRuleTemplatesList": { - "description": "List all the alert rule templates.", + "ActionResponseProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", "properties": { - "nextLink": { - "description": "URL to fetch the next set of alert rule templates.", - "readOnly": true, + "workflowId": { + "description": "The name of the logic app's workflow.", "type": "string" - }, - "value": { - "description": "Array of alert rule templates.", - "items": { - "$ref": "#/definitions/AlertRuleTemplate" - }, - "type": "array" } }, - "required": [ - "value" - ] - }, - "AlertRuleTriggerOperator": { - "description": "The operation against the threshold that triggers alert rule.", - "enum": [ - "GreaterThan", - "LessThan", - "Equal", - "NotEqual" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": false, - "name": "TriggerOperator" - } + "type": "object" }, - "AlertRulesList": { - "description": "List all the alert rules.", + "ActionsList": { + "description": "List all the actions.", "properties": { "nextLink": { - "description": "URL to fetch the next set of alert rules.", + "description": "URL to fetch the next set of actions.", "readOnly": true, "type": "string" }, "value": { - "description": "Array of alert rules.", + "description": "Array of actions.", "items": { - "$ref": "#/definitions/AlertRule" + "$ref": "#/definitions/ActionResponse" }, "type": "array" } @@ -1783,115 +744,6 @@ }, "type": "object" }, - "Bookmark": { - "allOf": [ - { - "$ref": "#/definitions/ResourceWithEtag" - } - ], - "description": "Represents a bookmark in Azure Security Insights.", - "properties": { - "properties": { - "$ref": "#/definitions/BookmarkProperties", - "description": "Bookmark properties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "BookmarkList": { - "description": "List all the bookmarks.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of cases.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of bookmarks.", - "items": { - "$ref": "#/definitions/Bookmark" - }, - "type": "array" - } - }, - "required": [ - "value" - ] - }, - "BookmarkProperties": { - "description": "Describes bookmark properties", - "properties": { - "created": { - "description": "The time the bookmark was created", - "format": "date-time", - "type": "string" - }, - "createdBy": { - "$ref": "#/definitions/UserInfo", - "description": "Describes a user that created the bookmark", - "type": "object" - }, - "displayName": { - "description": "The display name of the bookmark", - "type": "string" - }, - "labels": { - "description": "List of labels relevant to this bookmark", - "items": { - "$ref": "#/definitions/Label" - }, - "type": "array" - }, - "notes": { - "description": "The notes of the bookmark", - "type": "string" - }, - "query": { - "description": "The query of the bookmark.", - "type": "string" - }, - "queryResult": { - "description": "The query result of the bookmark.", - "type": "string" - }, - "updated": { - "description": "The last time the bookmark was updated", - "format": "date-time", - "type": "string" - }, - "updatedBy": { - "$ref": "#/definitions/UserInfo", - "description": "Describes a user that updated the bookmark", - "type": "object" - }, - "eventTime": { - "description": "The bookmark event time", - "format": "date-time", - "type": "string" - }, - "queryStartTime": { - "description": "The start time for the query", - "format": "date-time", - "type": "string" - }, - "queryEndTime": { - "description": "The end time for the query", - "format": "date-time", - "type": "string" - }, - "incidentInfo": { - "$ref": "#/definitions/IncidentInfo", - "description": "Describes an incident that relates to bookmark", - "type": "object" - } - }, - "required": [ - "displayName", - "query" - ], - "type": "object" - }, "ClientInfo": { "description": "Information on the client (user or application) that made some action", "properties": { @@ -1925,25 +777,6 @@ }, "description": "An error response for a resource management request." }, - "DataConnector": { - "allOf": [ - { - "$ref": "#/definitions/ResourceWithEtag" - } - ], - "description": "Data connector.", - "discriminator": "kind", - "required": [ - "kind" - ], - "properties": { - "kind": { - "$ref": "#/definitions/DataConnectorKind", - "description": "The data connector kind" - } - }, - "type": "object" - }, "DataConnectorDataTypeCommon": { "description": "Common field for data type in data connectors.", "properties": { @@ -1962,70 +795,6 @@ }, "type": "object" }, - "DataConnectorKind": { - "description": "The kind of the data connector", - "enum": [ - "AzureActiveDirectory", - "AzureSecurityCenter", - "MicrosoftCloudAppSecurity", - "ThreatIntelligence", - "Office365", - "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", - "MicrosoftDefenderAdvancedThreatProtection" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "DataConnectorKind", - "values": [ - { - "value": "AzureActiveDirectory" - }, - { - "value": "AzureSecurityCenter" - }, - { - "value": "MicrosoftCloudAppSecurity" - }, - { - "value": "ThreatIntelligence" - }, - { - "value": "Office365" - }, - { - "value": "AmazonWebServicesCloudTrail" - }, - { - "value": "AzureAdvancedThreatProtection" - }, - { - "value": "MicrosoftDefenderAdvancedThreatProtection" - } - ] - } - }, - "DataConnectorList": { - "description": "List all the data connectors.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of data connectors.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of data connectors.", - "items": { - "$ref": "#/definitions/DataConnector" - }, - "type": "array" - } - }, - "required": [ - "value" - ] - }, "DataConnectorTenantId": { "description": "Properties data connector on tenant level.", "properties": { @@ -3583,24 +2352,6 @@ "type": "string", "x-ms-parameter-location": "method" }, - "AlertRule": { - "description": "The alert rule", - "in": "body", - "name": "alertRule", - "required": true, - "schema": { - "$ref": "#/definitions/AlertRule" - }, - "x-ms-parameter-location": "method" - }, - "AlertRuleTemplateId": { - "description": "Alert rule template ID", - "in": "path", - "name": "alertRuleTemplateId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, "ApiVersion": { "description": "API version for the operation", "enum": [ @@ -3611,24 +2362,6 @@ "required": true, "type": "string" }, - "Bookmark": { - "description": "The bookmark", - "in": "body", - "name": "bookmark", - "required": true, - "schema": { - "$ref": "#/definitions/Bookmark" - }, - "x-ms-parameter-location": "method" - }, - "BookmarkId": { - "description": "Bookmark ID", - "in": "path", - "name": "bookmarkId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, "ConsentId": { "description": "consent ID", "in": "path", @@ -3637,24 +2370,6 @@ "type": "string", "x-ms-parameter-location": "method" }, - "DataConnector": { - "description": "The data connector", - "in": "body", - "name": "dataConnector", - "required": true, - "schema": { - "$ref": "#/definitions/DataConnector" - }, - "x-ms-parameter-location": "method" - }, - "DataConnectorId": { - "description": "Connector ID", - "in": "path", - "name": "dataConnectorId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, "EntityId": { "description": "entity ID", "in": "path", From 14f816f9c80b197a5713e5634daf299db642a513 Mon Sep 17 00:00:00 2001 From: Moran Raz Mizrahi Date: Sun, 4 Jul 2021 22:15:14 +0300 Subject: [PATCH 4/9] add missing definitions --- .../stable/2020-01-01/AlertRules.json | 653 +++++++++ .../stable/2020-01-01/Bookmarks.json | 2 +- .../stable/2020-01-01/DataConnectors.json | 386 ++++++ .../stable/2020-01-01/SecurityInsights.json | 1201 +---------------- .../resource-manager/readme.md | 4 + 5 files changed, 1090 insertions(+), 1156 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json index b3308cc626bf..0ee1505d33b5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json @@ -685,6 +685,64 @@ }, "type": "object" }, + "AlertRuleTemplateDataSource": { + "description": "alert rule template data sources", + "properties": { + "connectorId": { + "description": "The connector id that provides the following data types", + "type": "string" + }, + "dataTypes": { + "description": "The data types used by the alert rule template", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AlertRuleTemplateStatus": { + "description": "The alert rule template status.", + "enum": [ + "Installed", + "Available", + "NotAvailable" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "TemplateStatus", + "values": [ + { + "description": "Alert rule template installed. and can not use more then once", + "value": "Installed" + }, + { + "description": "Alert rule template is available.", + "value": "Available" + }, + { + "description": "Alert rule template is not available", + "value": "NotAvailable" + } + ] + } + }, + "AlertRuleTriggerOperator": { + "description": "The operation against the threshold that triggers alert rule.", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "TriggerOperator" + } + }, "AlertRulesList": { "description": "List all the alert rules.", "properties": { @@ -725,6 +783,60 @@ "value" ] }, + "AlertSeverity": { + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + }, "CloudError": { "x-ms-external": true, "properties": { @@ -734,6 +846,547 @@ } }, "description": "An error response for a resource management request." + }, + "FusionAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Fusion alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleProperties", + "description": "Fusion alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleProperties": { + "description": "Fusion alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "FusionAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Fusion alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleTemplateProperties", + "description": "Fusion alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleTemplateProperties": { + "description": "Represents Fusion alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array" + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", + "description": "MicrosoftSecurityIncidentCreation rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { + "description": "MicrosoftSecurityIncidentCreation rule common property bag.", + "properties": { + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "#/definitions/AlertSeverity" + }, + "type": "array" + } + }, + "required": [ + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "displayName", + "enabled", + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "required": [ + "displayName", + "description", + "createdDateUTC", + "status", + "alertRulesCreatedByTemplateCount", + "productFilter" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": { + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array" + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "#/definitions/AlertSeverity" + }, + "type": "array" + } + }, + "required": [ + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityProductName": { + "description": "The alerts' productName on which the cases will be generated", + "enum": [ + "Microsoft Cloud App Security", + "Azure Security Center", + "Azure Advanced Threat Protection", + "Azure Active Directory Identity Protection", + "Azure Security Center for IoT" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MicrosoftSecurityProductName" + } + }, + "ScheduledAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents scheduled alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleProperties", + "description": "Scheduled alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "ScheduledAlertRuleCommonProperties": { + "description": "Schedule alert rule template property bag.", + "properties": { + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "ScheduledAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ], + "description": "Scheduled alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "suppressionDuration": { + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", + "format": "duration", + "type": "string" + }, + "suppressionEnabled": { + "description": "Determines whether the suppression for this alert rule is enabled or disabled.", + "type": "boolean" + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "enabled", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "suppressionEnabled", + "suppressionDuration" + ], + "type": "object" + }, + "ScheduledAlertRuleTemplateProperties": { + "description": "Scheduled alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array" + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "format": "int32", + "type": "integer" + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "type": "object" + }, + "ScheduledAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents scheduled alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleTemplateProperties", + "description": "Scheduled alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "alertRulesCreatedByTemplateCount", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" } }, "parameters": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json index b1dcea38fe71..12b93feaaa37 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json @@ -218,7 +218,7 @@ } } } - }, + } }, "definitions": { "Bookmark": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json index 8c6cf2f31f75..05517365c009 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json @@ -245,6 +245,157 @@ } }, "definitions": { + "AADDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AAD (Azure Active Directory) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AADDataConnectorProperties", + "description": "AAD (Azure Active Directory) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADDataConnectorProperties": { + "description": "AAD (Azure Active Directory) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "AATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPDataConnectorProperties", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPDataConnectorProperties": { + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "ASCDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents ASC (Azure Security Center) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCDataConnectorProperties", + "description": "ASC (Azure Security Center) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "ASC (Azure Security Center) data connector properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AlertsDataTypeOfDataConnector": { + "description": "Alerts data type for data connectors.", + "properties": { + "alerts": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Alerts data type connection.", + "type": "object" + } + }, + "type": "object" + }, + "AwsCloudTrailDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Amazon Web Services CloudTrail data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", + "description": "Amazon Web Services CloudTrail data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsCloudTrailDataConnectorDataTypes": { + "description": "The available data types for Amazon Web Services CloudTrail data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object" + }, + "AwsCloudTrailDataConnectorProperties": { + "description": "Amazon Web Services CloudTrail data connector properties.", + "properties": { + "awsRoleArn": { + "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, "CloudError": { "x-ms-external": true, "properties": { @@ -337,6 +488,241 @@ "required": [ "value" ] + }, + "DataConnectorDataTypeCommon": { + "description": "Common field for data type in data connectors.", + "properties": { + "state": { + "description": "Describe whether this data type connection is enabled or not.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataTypeState" + } + } + }, + "type": "object" + }, + "DataConnectorTenantId": { + "description": "Properties data connector on tenant level.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "DataConnectorWithAlertsProperties": { + "description": "Data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "MCASDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASDataConnectorProperties", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASDataConnectorDataTypes": { + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + } + ], + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "alerts": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Alerts data type connection." + }, + "discoveryLogs": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Discovery log data type connection." + } + }, + "type": "object" + }, + "MCASDataConnectorProperties": { + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/MCASDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "MDATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPDataConnectorProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPDataConnectorProperties": { + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "TIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents threat intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/TIDataConnectorProperties", + "description": "TI (Threat Intelligence) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TIDataConnectorDataTypes": { + "description": "The available data types for TI (Threat Intelligence) data connector.", + "properties": { + "indicators": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for indicators connection.", + "type": "object" + } + }, + "type": "object" + }, + "TIDataConnectorProperties": { + "description": "TI (Threat Intelligence) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "tipLookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "dataTypes": { + "$ref": "#/definitions/TIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "OfficeDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents office data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeDataConnectorProperties", + "description": "Office data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365" + }, + "OfficeDataConnectorDataTypes": { + "description": "The available data types for office data connector.", + "properties": { + "exchange": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Exchange data type connection.", + "type": "object" + }, + "sharePoint": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "SharePoint data type connection.", + "type": "object" + }, + "teams": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Teams data type connection.", + "type": "object" + } + }, + "type": "object" + }, + "OfficeDataConnectorProperties": { + "description": "Office data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/OfficeDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object" } }, "parameters": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json index b66a0a3dbbe3..0e9c38ed2b5e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json @@ -422,328 +422,6 @@ } }, "definitions": { - "AADDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents AAD (Azure Active Directory) data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/AADDataConnectorProperties", - "description": "AAD (Azure Active Directory) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "AzureActiveDirectory" - }, - "AADDataConnectorProperties": { - "description": "AAD (Azure Active Directory) data connector properties.", - "properties": { - "tenantId": { - "description": "The tenant id to connect to, and get the data from.", - "type": "string" - }, - "dataTypes": { - "$ref": "#/definitions/AlertsDataTypeOfDataConnector", - "description": "The available data types for the connector." - } - }, - "type": "object" - }, - "AATPDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/AATPDataConnectorProperties", - "description": "AATP (Azure Advanced Threat Protection) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "AzureAdvancedThreatProtection" - }, - "AATPDataConnectorProperties": { - "description": "AATP (Azure Advanced Threat Protection) data connector properties.", - "properties": { - "tenantId": { - "description": "The tenant id to connect to, and get the data from.", - "type": "string" - }, - "dataTypes": { - "$ref": "#/definitions/AlertsDataTypeOfDataConnector", - "description": "The available data types for the connector." - } - }, - "type": "object" - }, - "ASCDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents ASC (Azure Security Center) data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/ASCDataConnectorProperties", - "description": "ASC (Azure Security Center) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "AzureSecurityCenter" - }, - "ASCDataConnectorProperties": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorWithAlertsProperties" - } - ], - "description": "ASC (Azure Security Center) data connector properties.", - "properties": { - "subscriptionId": { - "description": "The subscription id to connect to, and get the data from.", - "type": "string" - } - }, - "type": "object" - }, - "ActionRequest": { - "allOf": [ - { - "$ref": "#/definitions/ResourceWithEtag" - } - ], - "description": "Action for alert rule.", - "properties": { - "properties": { - "$ref": "#/definitions/ActionRequestProperties", - "description": "Action properties for put request", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "ActionPropertiesBase": { - "description": "Action property bag base.", - "properties": { - "logicAppResourceId": { - "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.", - "type": "string" - } - }, - "required": [ - "logicAppResourceId" - ], - "type": "object" - }, - "ActionRequestProperties": { - "allOf": [ - { - "$ref": "#/definitions/ActionPropertiesBase" - } - ], - "description": "Action property bag.", - "properties": { - "triggerUri": { - "description": "Logic App Callback URL for this specific workflow.", - "type": "string" - } - }, - "required": [ - "triggerUri" - ], - "type": "object" - }, - "ActionResponse": { - "allOf": [ - { - "$ref": "#/definitions/Resource" - } - ], - "description": "Action for alert rule.", - "properties": { - "etag": { - "description": "Etag of the action.", - "type": "string" - }, - "properties": { - "$ref": "#/definitions/ActionResponseProperties", - "description": "Action properties for get request", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "ActionResponseProperties": { - "allOf": [ - { - "$ref": "#/definitions/ActionPropertiesBase" - } - ], - "description": "Action property bag.", - "properties": { - "workflowId": { - "description": "The name of the logic app's workflow.", - "type": "string" - } - }, - "type": "object" - }, - "ActionsList": { - "description": "List all the actions.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of actions.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of actions.", - "items": { - "$ref": "#/definitions/ActionResponse" - }, - "type": "array" - } - }, - "required": [ - "value" - ] - }, - "AlertSeverity": { - "description": "The severity of the alert", - "enum": [ - "High", - "Medium", - "Low", - "Informational" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AlertSeverity", - "values": [ - { - "description": "High severity", - "value": "High" - }, - { - "description": "Medium severity", - "value": "Medium" - }, - { - "description": "Low severity", - "value": "Low" - }, - { - "description": "Informational severity", - "value": "Informational" - } - ] - } - }, - "MicrosoftSecurityProductName": { - "description": "The alerts' productName on which the cases will be generated", - "enum": [ - "Microsoft Cloud App Security", - "Azure Security Center", - "Azure Advanced Threat Protection", - "Azure Active Directory Identity Protection", - "Azure Security Center for IoT" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "MicrosoftSecurityProductName" - } - }, - "AlertsDataTypeOfDataConnector": { - "description": "Alerts data type for data connectors.", - "properties": { - "alerts": { - "$ref": "#/definitions/DataConnectorDataTypeCommon", - "description": "Alerts data type connection.", - "type": "object" - } - }, - "type": "object" - }, - "AttackTactic": { - "description": "The severity for alerts created by this alert rule.", - "enum": [ - "InitialAccess", - "Execution", - "Persistence", - "PrivilegeEscalation", - "DefenseEvasion", - "CredentialAccess", - "Discovery", - "LateralMovement", - "Collection", - "Exfiltration", - "CommandAndControl", - "Impact" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AttackTactic" - } - }, - "AwsCloudTrailDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents Amazon Web Services CloudTrail data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", - "description": "Amazon Web Services CloudTrail data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" - }, - "AwsCloudTrailDataConnectorDataTypes": { - "description": "The available data types for Amazon Web Services CloudTrail data connector.", - "properties": { - "logs": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "Logs data type.", - "type": "object" - } - }, - "type": "object" - }, - "AwsCloudTrailDataConnectorProperties": { - "description": "Amazon Web Services CloudTrail data connector properties.", - "properties": { - "awsRoleArn": { - "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.", - "type": "string" - }, - "dataTypes": { - "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", - "description": "The available data types for the connector." - } - }, - "type": "object" - }, "ClientInfo": { "description": "Information on the client (user or application) that made some action", "properties": { @@ -777,180 +455,6 @@ }, "description": "An error response for a resource management request." }, - "DataConnectorDataTypeCommon": { - "description": "Common field for data type in data connectors.", - "properties": { - "state": { - "description": "Describe whether this data type connection is enabled or not.", - "enum": [ - "Enabled", - "Disabled" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "DataTypeState" - } - } - }, - "type": "object" - }, - "DataConnectorTenantId": { - "description": "Properties data connector on tenant level.", - "properties": { - "tenantId": { - "description": "The tenant id to connect to, and get the data from.", - "type": "string" - } - }, - "type": "object" - }, - "DataConnectorWithAlertsProperties": { - "description": "Data connector properties.", - "properties": { - "dataTypes": { - "$ref": "#/definitions/AlertsDataTypeOfDataConnector", - "description": "The available data types for the connector." - } - }, - "type": "object" - }, - "FusionAlertRule": { - "allOf": [ - { - "$ref": "#/definitions/AlertRule" - } - ], - "description": "Represents Fusion alert rule.", - "properties": { - "properties": { - "$ref": "#/definitions/FusionAlertRuleProperties", - "description": "Fusion alert rule properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Fusion" - }, - "FusionAlertRuleProperties": { - "description": "Fusion alert rule base property bag.", - "properties": { - "alertRuleTemplateName": { - "description": "The Name of the alert rule template used to create this rule.", - "type": "string" - }, - "description": { - "description": "The description of the alert rule.", - "readOnly": true, - "type": "string" - }, - "displayName": { - "description": "The display name for alerts created by this alert rule.", - "readOnly": true, - "type": "string" - }, - "enabled": { - "description": "Determines whether this alert rule is enabled or disabled.", - "type": "boolean" - }, - "lastModifiedUtc": { - "description": "The last time that this alert has been modified.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "severity": { - "$ref": "#/definitions/AlertSeverity", - "description": "The severity for alerts created by this alert rule.", - "readOnly": true - }, - "tactics": { - "description": "The tactics of the alert rule", - "items": { - "$ref": "#/definitions/AttackTactic" - }, - "readOnly": true, - "type": "array" - } - }, - "required": [ - "alertRuleTemplateName", - "enabled" - ], - "type": "object" - }, - "FusionAlertRuleTemplate": { - "allOf": [ - { - "$ref": "#/definitions/AlertRuleTemplate" - } - ], - "description": "Represents Fusion alert rule template.", - "properties": { - "properties": { - "$ref": "#/definitions/FusionAlertRuleTemplateProperties", - "description": "Fusion alert rule template properties", - "required": [ - "displayName", - "description", - "status", - "severity", - "alertRulesCreatedByTemplateCount" - ], - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Fusion" - }, - "FusionAlertRuleTemplateProperties": { - "description": "Represents Fusion alert rule template properties", - "properties": { - "alertRulesCreatedByTemplateCount": { - "description": "the number of alert rules that were created by this template", - "format": "int32", - "type": "integer" - }, - "createdDateUTC": { - "description": "The time that this alert rule template has been added.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "description": { - "description": "The description of the alert rule template.", - "type": "string" - }, - "displayName": { - "description": "The display name for alert rule template.", - "type": "string" - }, - "requiredDataConnectors": { - "description": "The required data connectors for this template", - "items": { - "$ref": "#/definitions/AlertRuleTemplateDataSource" - }, - "type": "array" - }, - "status": { - "$ref": "#/definitions/AlertRuleTemplateStatus", - "description": "The alert rule template status.", - "type": "string" - }, - "severity": { - "$ref": "#/definitions/AlertSeverity", - "description": "The severity for alerts created by this alert rule." - }, - "tactics": { - "description": "The tactics of the alert rule template", - "items": { - "$ref": "#/definitions/AttackTactic" - }, - "type": "array" - } - }, - "type": "object" - }, "Incident": { "allOf": [ { @@ -1304,319 +808,59 @@ "description": "Medium severity", "value": "Medium" }, - { - "description": "Low severity", - "value": "Low" - }, - { - "description": "Informational severity", - "value": "Informational" - } - ] - } - }, - "status": { - "description": "The status of the incident", - "enum": [ - "New", - "Active", - "Closed" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "IncidentStatus", - "values": [ - { - "description": "An active incident which isn't being handled currently", - "value": "New" - }, - { - "description": "An active incident which is being handled", - "value": "Active" - }, - { - "description": "A non-active incident", - "value": "Closed" - } - ] - } - }, - "title": { - "description": "The title of the incident", - "type": "string" - } - }, - "required": [ - "title", - "severity", - "status" - ], - "type": "object" - }, - "Label": { - "description": "Label that will be used to tag and filter on.", - "type": "string" - }, - "MCASDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/MCASDataConnectorProperties", - "description": "MCAS (Microsoft Cloud App Security) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" - }, - "MCASDataConnectorDataTypes": { - "allOf": [ - { - "$ref": "#/definitions/AlertsDataTypeOfDataConnector" - } - ], - "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", - "properties": { - "alerts": { - "$ref": "#/definitions/DataConnectorDataTypeCommon", - "description": "Alerts data type connection." - }, - "discoveryLogs": { - "$ref": "#/definitions/DataConnectorDataTypeCommon", - "description": "Discovery log data type connection." - } - }, - "type": "object" - }, - "MCASDataConnectorProperties": { - "description": "MCAS (Microsoft Cloud App Security) data connector properties.", - "properties": { - "tenantId": { - "description": "The tenant id to connect to, and get the data from.", - "type": "string" - }, - "dataTypes": { - "$ref": "#/definitions/MCASDataConnectorDataTypes", - "description": "The available data types for the connector." - } - }, - "type": "object" - }, - "MDATPDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/MDATPDataConnectorProperties", - "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" - }, - "MDATPDataConnectorProperties": { - "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", - "properties": { - "tenantId": { - "description": "The tenant id to connect to, and get the data from.", - "type": "string" - }, - "dataTypes": { - "$ref": "#/definitions/AlertsDataTypeOfDataConnector", - "description": "The available data types for the connector." - } - }, - "type": "object" - }, - "MicrosoftSecurityIncidentCreationAlertRule": { - "allOf": [ - { - "$ref": "#/definitions/AlertRule" - } - ], - "description": "Represents MicrosoftSecurityIncidentCreation rule.", - "properties": { - "properties": { - "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", - "description": "MicrosoftSecurityIncidentCreation rule properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" - }, - "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { - "description": "MicrosoftSecurityIncidentCreation rule common property bag.", - "properties": { - "displayNamesFilter": { - "description": "the alerts' displayNames on which the cases will be generated", - "items": { - "type": "string" - }, - "type": "array" - }, - "displayNamesExcludeFilter": { - "description": "the alerts' displayNames on which the cases will not be generated", - "items": { - "type": "string" - }, - "type": "array" - }, - "productFilter": { - "$ref": "#/definitions/MicrosoftSecurityProductName", - "description": "The alerts' productName on which the cases will be generated" - }, - "severitiesFilter": { - "description": "the alerts' severities on which the cases will be generated", - "items": { - "$ref": "#/definitions/AlertSeverity" - }, - "type": "array" - } - }, - "required": [ - "productFilter" - ], - "type": "object" - }, - "MicrosoftSecurityIncidentCreationAlertRuleProperties": { - "allOf": [ - { - "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" - } - ], - "description": "MicrosoftSecurityIncidentCreation rule property bag.", - "properties": { - "alertRuleTemplateName": { - "description": "The Name of the alert rule template used to create this rule.", - "type": "string" - }, - "description": { - "description": "The description of the alert rule.", - "type": "string" - }, - "displayName": { - "description": "The display name for alerts created by this alert rule.", - "type": "string" - }, - "enabled": { - "description": "Determines whether this alert rule is enabled or disabled.", - "type": "boolean" - }, - "lastModifiedUtc": { - "description": "The last time that this alert has been modified.", - "format": "date-time", - "readOnly": true, - "type": "string" - } - }, - "required": [ - "displayName", - "enabled", - "productFilter" - ], - "type": "object" - }, - "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": { - "description": "MicrosoftSecurityIncidentCreation rule template properties", - "properties": { - "alertRulesCreatedByTemplateCount": { - "description": "the number of alert rules that were created by this template", - "format": "int32", - "type": "integer" - }, - "createdDateUTC": { - "description": "The time that this alert rule template has been added.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "description": { - "description": "The description of the alert rule template.", - "type": "string" - }, - "displayName": { - "description": "The display name for alert rule template.", - "type": "string" - }, - "requiredDataConnectors": { - "description": "The required data connectors for this template", - "items": { - "$ref": "#/definitions/AlertRuleTemplateDataSource" - }, - "type": "array" - }, - "status": { - "$ref": "#/definitions/AlertRuleTemplateStatus", - "description": "The alert rule template status.", - "type": "string" - }, - "displayNamesFilter": { - "description": "the alerts' displayNames on which the cases will be generated", - "items": { - "type": "string" - }, - "type": "array" - }, - "displayNamesExcludeFilter": { - "description": "the alerts' displayNames on which the cases will not be generated", - "items": { - "type": "string" - }, - "type": "array" + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } }, - "productFilter": { - "$ref": "#/definitions/MicrosoftSecurityProductName", - "description": "The alerts' productName on which the cases will be generated" + "status": { + "description": "The status of the incident", + "enum": [ + "New", + "Active", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentStatus", + "values": [ + { + "description": "An active incident which isn't being handled currently", + "value": "New" + }, + { + "description": "An active incident which is being handled", + "value": "Active" + }, + { + "description": "A non-active incident", + "value": "Closed" + } + ] + } }, - "severitiesFilter": { - "description": "the alerts' severities on which the cases will be generated", - "items": { - "$ref": "#/definitions/AlertSeverity" - }, - "type": "array" + "title": { + "description": "The title of the incident", + "type": "string" } }, "required": [ - "productFilter" + "title", + "severity", + "status" ], "type": "object" }, - "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { - "allOf": [ - { - "$ref": "#/definitions/AlertRuleTemplate" - } - ], - "description": "Represents MicrosoftSecurityIncidentCreation rule template.", - "properties": { - "properties": { - "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", - "description": "MicrosoftSecurityIncidentCreation rule template properties", - "required": [ - "displayName", - "description", - "createdDateUTC", - "status", - "alertRulesCreatedByTemplateCount", - "productFilter" - ], - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + "Label": { + "description": "Label that will be used to tag and filter on.", + "type": "string" }, "OfficeConsent": { "allOf": [ @@ -1669,70 +913,6 @@ }, "type": "object" }, - "OfficeDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents office data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/OfficeDataConnectorProperties", - "description": "Office data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Office365" - }, - "OfficeDataConnectorDataTypes": { - "description": "The available data types for office data connector.", - "properties": { - "exchange": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "Exchange data type connection.", - "type": "object" - }, - "sharePoint": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "SharePoint data type connection.", - "type": "object" - }, - "teams": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "Teams data type connection.", - "type": "object" - } - }, - "type": "object" - }, - "OfficeDataConnectorProperties": { - "description": "Office data connector properties.", - "properties": { - "tenantId": { - "description": "The tenant id to connect to, and get the data from.", - "type": "string" - }, - "dataTypes": { - "$ref": "#/definitions/OfficeDataConnectorDataTypes", - "description": "The available data types for the connector." - } - }, - "type": "object" - }, "Operation": { "description": "Operation provided by provider", "properties": { @@ -1833,217 +1013,6 @@ }, "x-ms-azure-resource": true }, - "ScheduledAlertRule": { - "allOf": [ - { - "$ref": "#/definitions/AlertRule" - } - ], - "description": "Represents scheduled alert rule.", - "properties": { - "properties": { - "$ref": "#/definitions/ScheduledAlertRuleProperties", - "description": "Scheduled alert rule properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Scheduled" - }, - "ScheduledAlertRuleCommonProperties": { - "description": "Schedule alert rule template property bag.", - "properties": { - "query": { - "description": "The query that creates alerts for this rule.", - "type": "string" - }, - "queryFrequency": { - "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", - "format": "duration", - "type": "string" - }, - "queryPeriod": { - "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", - "format": "duration", - "type": "string" - }, - "severity": { - "$ref": "#/definitions/AlertSeverity", - "description": "The severity for alerts created by this alert rule." - }, - "triggerOperator": { - "$ref": "#/definitions/AlertRuleTriggerOperator", - "description": "The operation against the threshold that triggers alert rule." - }, - "triggerThreshold": { - "description": "The threshold triggers this alert rule.", - "format": "int32", - "type": "integer" - } - }, - "type": "object" - }, - "ScheduledAlertRuleProperties": { - "allOf": [ - { - "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" - } - ], - "description": "Scheduled alert rule base property bag.", - "properties": { - "alertRuleTemplateName": { - "description": "The Name of the alert rule template used to create this rule.", - "type": "string" - }, - "description": { - "description": "The description of the alert rule.", - "type": "string" - }, - "displayName": { - "description": "The display name for alerts created by this alert rule.", - "type": "string" - }, - "enabled": { - "description": "Determines whether this alert rule is enabled or disabled.", - "type": "boolean" - }, - "lastModifiedUtc": { - "description": "The last time that this alert rule has been modified.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "suppressionDuration": { - "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", - "format": "duration", - "type": "string" - }, - "suppressionEnabled": { - "description": "Determines whether the suppression for this alert rule is enabled or disabled.", - "type": "boolean" - }, - "tactics": { - "description": "The tactics of the alert rule", - "items": { - "$ref": "#/definitions/AttackTactic" - }, - "type": "array" - } - }, - "required": [ - "displayName", - "enabled", - "severity", - "query", - "queryFrequency", - "queryPeriod", - "triggerOperator", - "triggerThreshold", - "suppressionEnabled", - "suppressionDuration" - ], - "type": "object" - }, - "ScheduledAlertRuleTemplateProperties": { - "description": "Scheduled alert rule template properties", - "properties": { - "alertRulesCreatedByTemplateCount": { - "description": "the number of alert rules that were created by this template", - "format": "int32", - "type": "integer" - }, - "createdDateUTC": { - "description": "The time that this alert rule template has been added.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "description": { - "description": "The description of the alert rule template.", - "type": "string" - }, - "displayName": { - "description": "The display name for alert rule template.", - "type": "string" - }, - "requiredDataConnectors": { - "description": "The required data connectors for this template", - "items": { - "$ref": "#/definitions/AlertRuleTemplateDataSource" - }, - "type": "array" - }, - "status": { - "$ref": "#/definitions/AlertRuleTemplateStatus", - "description": "The alert rule template status.", - "type": "string" - }, - "query": { - "description": "The query that creates alerts for this rule.", - "type": "string" - }, - "queryFrequency": { - "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", - "format": "duration", - "type": "string" - }, - "queryPeriod": { - "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", - "format": "duration", - "type": "string" - }, - "severity": { - "$ref": "#/definitions/AlertSeverity", - "description": "The severity for alerts created by this alert rule." - }, - "triggerOperator": { - "$ref": "#/definitions/AlertRuleTriggerOperator", - "description": "The operation against the threshold that triggers alert rule." - }, - "triggerThreshold": { - "description": "The threshold triggers this alert rule.", - "format": "int32", - "type": "integer" - }, - "tactics": { - "description": "The tactics of the alert rule template", - "items": { - "$ref": "#/definitions/AttackTactic" - }, - "type": "array" - } - }, - "type": "object" - }, - "ScheduledAlertRuleTemplate": { - "allOf": [ - { - "$ref": "#/definitions/AlertRuleTemplate" - } - ], - "description": "Represents scheduled alert rule template.", - "properties": { - "properties": { - "$ref": "#/definitions/ScheduledAlertRuleTemplateProperties", - "description": "Scheduled alert rule template properties", - "required": [ - "displayName", - "description", - "status", - "alertRulesCreatedByTemplateCount", - "severity", - "query", - "queryFrequency", - "queryPeriod", - "triggerOperator", - "triggerThreshold" - ], - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Scheduled" - }, "Settings": { "allOf": [ { @@ -2074,59 +1043,7 @@ "modelAsString": true, "name": "SettingKind" } - }, - "TIDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents threat intelligence data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/TIDataConnectorProperties", - "description": "TI (Threat Intelligence) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "ThreatIntelligence" - }, - "TIDataConnectorDataTypes": { - "description": "The available data types for TI (Threat Intelligence) data connector.", - "properties": { - "indicators": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "Data type for indicators connection.", - "type": "object" - } - }, - "type": "object" - }, - "TIDataConnectorProperties": { - "description": "TI (Threat Intelligence) data connector properties.", - "properties": { - "tenantId": { - "description": "The tenant id to connect to, and get the data from.", - "type": "string" - }, - "tipLookbackPeriod": { - "description": "The lookback period for the feed to be imported.", - "format": "date-time", - "type": "string", - "x-nullable": true - }, - "dataTypes": { - "$ref": "#/definitions/TIDataConnectorDataTypes", - "description": "The available data types for the connector." - } - }, - "type": "object" - }, + }, "ThreatIntelligence": { "description": "ThreatIntelligence property bag.", "properties": { @@ -2326,24 +1243,6 @@ } }, "parameters": { - "Action": { - "description": "The action", - "in": "body", - "name": "action", - "required": true, - "schema": { - "$ref": "#/definitions/ActionRequest" - }, - "x-ms-parameter-location": "method" - }, - "ActionId": { - "description": "Action ID", - "in": "path", - "name": "actionId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, "AggregationsName": { "description": "The aggregation name. Supports - Cases", "in": "path", @@ -2466,14 +1365,6 @@ "type": "string", "x-ms-parameter-location": "method" }, - "RuleId": { - "description": "Alert rule ID", - "in": "path", - "name": "ruleId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, "Settings": { "description": "The setting", "in": "body", diff --git a/specification/securityinsights/resource-manager/readme.md b/specification/securityinsights/resource-manager/readme.md index 057fd5b8b202..14d59fa3200f 100644 --- a/specification/securityinsights/resource-manager/readme.md +++ b/specification/securityinsights/resource-manager/readme.md @@ -54,7 +54,11 @@ These settings apply only when `--tag=package-2020-01` is specified on the comma ```yaml $(tag) == 'package-2020-01' input-file: +- Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json +- Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json +- Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json - Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json + directive: - suppress: R2059 from: Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json From 8986186a96f3c1ba55f98e14ff6e8dfd84905a4e Mon Sep 17 00:00:00 2001 From: Moran Raz Mizrahi Date: Sun, 4 Jul 2021 22:23:21 +0300 Subject: [PATCH 5/9] fixes --- .../stable/2020-01-01/Bookmarks.json | 8 ++++-- .../stable/2020-01-01/SecurityInsights.json | 28 +++++++++++++++---- 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json index 12b93feaaa37..4693299aadcf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json @@ -136,7 +136,7 @@ "operationId": "Bookmarks_CreateOrUpdate", "parameters": [ { - "$ref": "#/parameters/ApiVersion" + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" }, { "$ref": "#/parameters/SubscriptionId" @@ -188,7 +188,7 @@ "operationId": "Bookmarks_Delete", "parameters": [ { - "$ref": "#/parameters/ApiVersion" + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" }, { "$ref": "#/parameters/SubscriptionId" @@ -395,6 +395,10 @@ }, "type": "object" }, + "Label": { + "description": "Label that will be used to tag and filter on.", + "type": "string" + }, "UserInfo": { "description": "User information that made some action", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json index 0e9c38ed2b5e..e0a84f111940 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json @@ -422,6 +422,28 @@ } }, "definitions": { + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + }, "ClientInfo": { "description": "Information on the client (user or application) that made some action", "properties": { @@ -858,10 +880,6 @@ ], "type": "object" }, - "Label": { - "description": "Label that will be used to tag and filter on.", - "type": "string" - }, "OfficeConsent": { "allOf": [ { @@ -1043,7 +1061,7 @@ "modelAsString": true, "name": "SettingKind" } - }, + }, "ThreatIntelligence": { "description": "ThreatIntelligence property bag.", "properties": { From a47bfc2a2d6f3a213ba402e587ec33e25ca70c31 Mon Sep 17 00:00:00 2001 From: Moran Raz Mizrahi Date: Mon, 5 Jul 2021 17:44:23 +0300 Subject: [PATCH 6/9] correct version --- .../stable/2020-01-01/AlertRules.json | 2 +- .../Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json | 2 +- .../stable/2020-01-01/DataConnectors.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json index 0ee1505d33b5..e05642ed2e11 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2021-04-01" + "version": "2021-01-01" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json index 4693299aadcf..4dad249bf7b4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2021-04-01" + "version": "2021-01-01" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json index 05517365c009..56a39b874ddf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2021-04-01" + "version": "2021-01-01" }, "host": "management.azure.com", "schemes": [ From 4f3f613309aa7a68a39e061f34e88f8ac36a3682 Mon Sep 17 00:00:00 2001 From: Moran Raz Mizrahi Date: Mon, 5 Jul 2021 17:47:23 +0300 Subject: [PATCH 7/9] . --- .../stable/2020-01-01/AlertRules.json | 2 +- .../Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json | 2 +- .../stable/2020-01-01/DataConnectors.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json index e05642ed2e11..27c4cf1dc8d6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2021-01-01" + "version": "2020-01-01" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json index 4dad249bf7b4..def7545ea189 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2021-01-01" + "version": "2020-01-01" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json index 56a39b874ddf..39cdae1d4d3b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2021-01-01" + "version": "2020-01-01" }, "host": "management.azure.com", "schemes": [ From b8fb8a40252be9dabdd4ec0336c250f352f3e483 Mon Sep 17 00:00:00 2001 From: Moran Raz Mizrahi Date: Mon, 5 Jul 2021 19:55:15 +0300 Subject: [PATCH 8/9] revert common definitions --- .../stable/2020-01-01/AlertRules.json | 137 +++++++----------- .../stable/2020-01-01/Bookmarks.json | 83 +++-------- .../stable/2020-01-01/DataConnectors.json | 87 +++-------- 3 files changed, 100 insertions(+), 207 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json index 27c4cf1dc8d6..5564565c1eec 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json @@ -48,16 +48,16 @@ "operationId": "AlertRules_List", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" } ], "responses": { @@ -70,7 +70,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } }, @@ -99,16 +99,16 @@ "operationId": "AlertRules_Get", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/RuleId" @@ -124,7 +124,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -148,16 +148,16 @@ "operationId": "AlertRules_CreateOrUpdate", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/RuleId" @@ -182,7 +182,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -200,16 +200,16 @@ "operationId": "AlertRules_Delete", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/RuleId" @@ -225,7 +225,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -245,16 +245,16 @@ "operationId": "Actions_ListByAlertRule", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/RuleId" @@ -270,7 +270,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } }, @@ -293,16 +293,16 @@ "operationId": "Actions_Get", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/RuleId" @@ -321,7 +321,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -339,16 +339,16 @@ "operationId": "Actions_CreateOrUpdate", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/RuleId" @@ -376,7 +376,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -394,16 +394,16 @@ "operationId": "Actions_Delete", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/RuleId" @@ -422,7 +422,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -442,16 +442,16 @@ "operationId": "AlertRuleTemplates_List", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" } ], "responses": { @@ -464,7 +464,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } }, @@ -487,16 +487,16 @@ "operationId": "AlertRuleTemplates_Get", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/AlertRuleTemplateId" @@ -512,7 +512,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -543,7 +543,7 @@ "ActionRequest": { "allOf": [ { - "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" } ], "description": "Action for alert rule.", @@ -577,7 +577,7 @@ "ActionResponse": { "allOf": [ { - "$ref": "../../../common/1.0/types.json#/definitions/Resource" + "$ref": "SecurityInsights.json#/definitions/Resource" } ], "description": "Action for alert rule.", @@ -625,7 +625,7 @@ "AlertRule": { "allOf": [ { - "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" } ], "description": "Alert rule.", @@ -668,7 +668,7 @@ "AlertRuleTemplate": { "allOf": [ { - "$ref": "../../../common/1.0/types.json#/definitions/Resource" + "$ref": "SecurityInsights.json#/definitions/Resource" } ], "description": "Alert rule template.", @@ -837,16 +837,6 @@ "name": "AttackTactic" } }, - "CloudError": { - "x-ms-external": true, - "properties": { - "error": { - "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", - "description": "The error object of the CloudError response" - } - }, - "description": "An error response for a resource management request." - }, "FusionAlertRule": { "allOf": [ { @@ -1426,17 +1416,6 @@ "type": "string", "x-ms-parameter-location": "method" }, - "ResourceGroupName": { - "description": "The name of the resource group within the user's subscription. The name is case insensitive.", - "in": "path", - "maxLength": 90, - "minLength": 1, - "name": "resourceGroupName", - "pattern": "^[-\\w\\._\\(\\)]+$", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, "RuleId": { "description": "Alert rule ID", "in": "path", @@ -1444,14 +1423,6 @@ "required": true, "type": "string", "x-ms-parameter-location": "method" - }, - "SubscriptionId": { - "description": "Azure subscription ID", - "in": "path", - "name": "subscriptionId", - "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", - "required": true, - "type": "string" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json index def7545ea189..c273c4de9a2b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json @@ -48,16 +48,16 @@ "operationId": "Bookmarks_List", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" } ], "responses": { @@ -70,7 +70,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } }, @@ -93,16 +93,16 @@ "operationId": "Bookmarks_Get", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/BookmarkId" @@ -118,7 +118,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -136,16 +136,16 @@ "operationId": "Bookmarks_CreateOrUpdate", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/BookmarkId" @@ -170,7 +170,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -187,17 +187,17 @@ "description": "Delete the bookmark.", "operationId": "Bookmarks_Delete", "parameters": [ - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/BookmarkId" @@ -213,7 +213,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -224,7 +224,7 @@ "Bookmark": { "allOf": [ { - "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" } ], "description": "Represents a bookmark in Azure Security Insights.", @@ -330,16 +330,6 @@ ], "type": "object" }, - "CloudError": { - "x-ms-external": true, - "properties": { - "error": { - "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", - "description": "The error object of the CloudError response" - } - }, - "description": "An error response for a resource management request." - }, "IncidentInfo": { "description": "Describes related incident information for the bookmark", "properties": { @@ -443,35 +433,6 @@ "required": true, "type": "string", "x-ms-parameter-location": "method" - }, - "ResourceGroupName": { - "description": "The name of the resource group within the user's subscription. The name is case insensitive.", - "in": "path", - "maxLength": 90, - "minLength": 1, - "name": "resourceGroupName", - "pattern": "^[-\\w\\._\\(\\)]+$", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "SubscriptionId": { - "description": "Azure subscription ID", - "in": "path", - "name": "subscriptionId", - "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", - "required": true, - "type": "string" - }, - "WorkspaceName": { - "description": "The name of the workspace.", - "in": "path", - "maxLength": 90, - "minLength": 1, - "name": "workspaceName", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json index 39cdae1d4d3b..b8aa6727a505 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json @@ -48,16 +48,16 @@ "operationId": "DataConnectors_List", "parameters": [ { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" } ], "responses": { @@ -70,7 +70,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } }, @@ -113,17 +113,17 @@ "description": "Gets a data connector.", "operationId": "DataConnectors_Get", "parameters": [ - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/DataConnectorId" @@ -139,7 +139,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -159,17 +159,17 @@ "description": "Creates or updates the data connector.", "operationId": "DataConnectors_CreateOrUpdate", "parameters": [ - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/DataConnectorId" @@ -194,7 +194,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -211,17 +211,17 @@ "description": "Delete the data connector.", "operationId": "DataConnectors_Delete", "parameters": [ - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { - "$ref": "#/parameters/SubscriptionId" + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/ResourceGroupName" + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" }, { - "$ref": "#/parameters/WorkspaceName" + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" }, { "$ref": "#/parameters/DataConnectorId" @@ -237,7 +237,7 @@ "default": { "description": "Error response describing why the operation failed.", "schema": { - "$ref": "#/definitions/CloudError" + "$ref": "SecurityInsights.json#/definitions/CloudError" } } } @@ -396,20 +396,10 @@ }, "type": "object" }, - "CloudError": { - "x-ms-external": true, - "properties": { - "error": { - "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", - "description": "The error object of the CloudError response" - } - }, - "description": "An error response for a resource management request." - }, "DataConnector": { "allOf": [ { - "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" } ], "description": "Data connector.", @@ -743,35 +733,6 @@ "required": true, "type": "string", "x-ms-parameter-location": "method" - }, - "ResourceGroupName": { - "description": "The name of the resource group within the user's subscription. The name is case insensitive.", - "in": "path", - "maxLength": 90, - "minLength": 1, - "name": "resourceGroupName", - "pattern": "^[-\\w\\._\\(\\)]+$", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "SubscriptionId": { - "description": "Azure subscription ID", - "in": "path", - "name": "subscriptionId", - "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", - "required": true, - "type": "string" - }, - "WorkspaceName": { - "description": "The name of the workspace.", - "in": "path", - "maxLength": 90, - "minLength": 1, - "name": "workspaceName", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" } } } From 09d0e2944efdfeb7ea15fc757ceb9a7564a56e2d Mon Sep 17 00:00:00 2001 From: Moran Raz Mizrahi Date: Mon, 5 Jul 2021 20:01:32 +0300 Subject: [PATCH 9/9] prettier --- .../stable/2020-01-01/Bookmarks.json | 2 +- .../stable/2020-01-01/DataConnectors.json | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json index c273c4de9a2b..61051726d2df 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json @@ -187,7 +187,7 @@ "description": "Delete the bookmark.", "operationId": "Bookmarks_Delete", "parameters": [ - { + { "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json index b8aa6727a505..4d6c9b276b03 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json @@ -113,7 +113,7 @@ "description": "Gets a data connector.", "operationId": "DataConnectors_Get", "parameters": [ - { + { "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { @@ -159,7 +159,7 @@ "description": "Creates or updates the data connector.", "operationId": "DataConnectors_CreateOrUpdate", "parameters": [ - { + { "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, { @@ -211,7 +211,7 @@ "description": "Delete the data connector.", "operationId": "DataConnectors_Delete", "parameters": [ - { + { "$ref": "SecurityInsights.json#/parameters/ApiVersion" }, {