From 8e250992f7243444363c40e32e6b82118b6ccf8d Mon Sep 17 00:00:00 2001 From: Usman Hasan Date: Mon, 21 Mar 2022 10:58:52 -0700 Subject: [PATCH 1/3] adding fixes for Jan 2022 preview version --- .../2022-01-01-preview/Watchlists.json | 65 ++++++++++++++ ...eWatchlistAndWatchlistItemsFromSasUri.json | 88 +++++++++++++++++++ 2 files changed, 153 insertions(+) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItemsFromSasUri.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json index 7e3d27927e33..72a4d59549a1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json @@ -182,6 +182,9 @@ }, "Creates or updates a watchlist and bulk creates watchlist items.": { "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItems.json" + }, + "Create or update a watchlist and bulk creates watchlist items from SAL URI.": { + "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItemsFromSasUri.json" } }, "tags": [ @@ -568,6 +571,11 @@ "description": "The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint", "type": "string" }, + "sasUri": { + "x-ms-secret": true, + "description": "The Shared Access Signature (SAS) URI under which the large csv watchlist file is located and from which the watchlist and its items will be created", + "type": "string" + }, "itemsSearchKey": { "description": "The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.", "type": "string" @@ -579,6 +587,11 @@ "uploadStatus": { "description": "The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted", "type": "string" + }, + "provisioningState": { + "readOnly": true, + "$ref": "#/definitions/ProvisioningState", + "description": "The provisioning state of the watchlist resource." } }, "required": [ @@ -676,6 +689,58 @@ "itemsKeyValue" ], "type": "object" + }, + "UserInfo": { + "description": "User information that made some action", + "properties": { + "email": { + "description": "The email of the user.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the user.", + "readOnly": true, + "type": "string" + }, + "objectId": { + "description": "The object id of the user.", + "format": "uuid", + "type": "string", + "x-nullable": true + } + }, + "type": "object" + }, + "Label": { + "description": "Label that will be used to tag and filter on.", + "type": "string" + }, + "ProvisioningState": { + "type": "string", + "readOnly": true, + "description": "The current provisioning state.", + "enum": [ + "Succeeded", + "Failed", + "Canceled", + "InProgress" + ], + "x-ms-enum": { + "name": "ProvisioningState", + "modelAsString": true + } + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", + "description": "The error object of the CloudError response" + } + }, + "type": "object", + "description": "An error response for a resource management request." } }, "parameters": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItemsFromSasUri.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItemsFromSasUri.json new file mode 100644 index 000000000000..bdcfa51408f6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItemsFromSasUri.json @@ -0,0 +1,88 @@ +{ + "parameters": { + "api-version": "2022-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "sourceType": "Remote storage", + "provider": "Microsoft", + "description": "Watchlist from a large CSV file under Blob storage", + "numberOfLinesToSkip": 1, + "sasUri": "https://storagesample.blob.core.windows.net/sample-contaier/sampleBlob.csv?sp=r&st=2021-09-24T01:15:52Z&se=2021-10-01T09:15:52Z&spr=https&sv=2020-08-04&sr=b&sig=HRRRMc43ZJz634eBc402X%2FFPxam5sZVPSkLOY14baEd%4Z", + "itemsSearchKey": "header1" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} From 9bc6b3835fcf415af0b330a818f79d422bfd161f Mon Sep 17 00:00:00 2001 From: Usman Hasan Date: Tue, 22 Mar 2022 08:40:56 -0700 Subject: [PATCH 2/3] adding fix for PoSH --- .../preview/2022-01-01-preview/Watchlists.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json index 72a4d59549a1..ee64fc7bc536 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json @@ -678,11 +678,13 @@ }, "itemsKeyValue": { "description": "key-value pairs for a watchlist item", - "type": "object" + "type": "object", + "additionalProperties": {} }, "entityMapping": { "description": "key-value pairs for a watchlist item entity mapping", - "type": "object" + "type": "object", + "additionalProperties": {} } }, "required": [ From 48885bd8f8d05cc66363772d3a50f2afcabb8e10 Mon Sep 17 00:00:00 2001 From: Usman Hasan Date: Tue, 22 Mar 2022 10:42:30 -0700 Subject: [PATCH 3/3] removing un-needed params --- .../2022-01-01-preview/Watchlists.json | 33 ------------------- 1 file changed, 33 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json index ee64fc7bc536..43f2d9e6fffe 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json @@ -692,28 +692,6 @@ ], "type": "object" }, - "UserInfo": { - "description": "User information that made some action", - "properties": { - "email": { - "description": "The email of the user.", - "readOnly": true, - "type": "string" - }, - "name": { - "description": "The name of the user.", - "readOnly": true, - "type": "string" - }, - "objectId": { - "description": "The object id of the user.", - "format": "uuid", - "type": "string", - "x-nullable": true - } - }, - "type": "object" - }, "Label": { "description": "Label that will be used to tag and filter on.", "type": "string" @@ -732,17 +710,6 @@ "name": "ProvisioningState", "modelAsString": true } - }, - "CloudError": { - "x-ms-external": true, - "properties": { - "error": { - "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", - "description": "The error object of the CloudError response" - } - }, - "type": "object", - "description": "An error response for a resource management request." } }, "parameters": {