From 4d214d655a3205d449ea912b2d9009726b3088a8 Mon Sep 17 00:00:00 2001 From: Adi Megidish Date: Sun, 24 May 2026 13:50:33 +0300 Subject: [PATCH 01/38] Add Versions enum and decorate preview-only resource files --- .../SecurityInsights/BillingStatistic.tsp | 3 +++ .../SecurityInsights/Entity.tsp | 3 +++ .../SecurityInsights/EntityQuery.tsp | 4 ++++ .../SecurityInsights/EntityQueryTemplate.tsp | 3 +++ .../SecurityInsights/FileImport.tsp | 3 +++ .../SecurityInsights/Hunt.tsp | 3 +++ .../SecurityInsights/HuntComment.tsp | 3 +++ .../SecurityInsights/HuntRelation.tsp | 3 +++ .../SecurityInsights/Job.tsp | 3 +++ .../SecurityInsights/OfficeConsent.tsp | 3 +++ .../SecurityInsights/Recommendation.tsp | 3 +++ .../SecurityInsights/Settings.tsp | 3 +++ .../SecurityInsights/TriggeredAnalyticsRuleRun.tsp | 3 +++ .../SecurityInsights/WorkspaceManagerAssignment.tsp | 3 +++ .../SecurityInsights/WorkspaceManagerConfiguration.tsp | 3 +++ .../SecurityInsights/WorkspaceManagerGroup.tsp | 3 +++ .../SecurityInsights/WorkspaceManagerMember.tsp | 3 +++ .../SecurityInsights/main.tsp | 10 ++++++++-- 18 files changed, 60 insertions(+), 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/BillingStatistic.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/BillingStatistic.tsp index 33811c041307..7f0c46858291 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/BillingStatistic.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/BillingStatistic.tsp @@ -63,3 +63,6 @@ interface BillingStatistics { @@doc(BillingStatistic.name, "The name of the billing statistic"); @@minLength(Extension.ExternalResource.name, 1); @@maxLength(Extension.ExternalResource.name, 90); + +@@added(BillingStatistic, Versions.v2025_10_01_preview); +@@added(BillingStatistics, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp index 29ab6c030b5e..0507c2a62562 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp @@ -141,3 +141,6 @@ interface Entities { Entities.entitiesGetTimelineList::parameters.body, "The parameters required to execute an timeline operation on the given entity." ); + +@@added(Entity, Versions.v2025_10_01_preview); +@@added(Entities, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQuery.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQuery.tsp index 3573dfdff64f..d9543c367d77 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQuery.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQuery.tsp @@ -122,3 +122,7 @@ interface EntityQueries { EntityQueries.createOrUpdate::parameters.resource, "The entity query we want to create or update" ); + +@@added(EntityQuery, Versions.v2025_10_01_preview); +@@added(EntityQueriesOps, Versions.v2025_10_01_preview); +@@added(EntityQueries, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQueryTemplate.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQueryTemplate.tsp index 48c57cf0a61b..90ec0d0deb5b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQueryTemplate.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQueryTemplate.tsp @@ -58,3 +58,6 @@ interface EntityQueryTemplates { } @@doc(EntityQueryTemplate.name, "entity query template ID"); + +@@added(EntityQueryTemplate, Versions.v2025_10_01_preview); +@@added(EntityQueryTemplates, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/FileImport.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/FileImport.tsp index 516b7441e06f..3302e531438e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/FileImport.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/FileImport.tsp @@ -91,3 +91,6 @@ interface FileImports { @@doc(FileImport.name, "File import ID"); @@doc(FileImport.properties, "File import properties"); @@doc(FileImports.create::parameters.resource, "The file import"); + +@@added(FileImport, Versions.v2025_10_01_preview); +@@added(FileImports, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Hunt.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Hunt.tsp index f64c0ff5a754..8627a5d1d175 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Hunt.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Hunt.tsp @@ -92,3 +92,6 @@ interface Hunts { @@doc(Hunt.name, "The hunt id (GUID)"); @@doc(Hunt.properties, "Hunt properties"); @@doc(Hunts.createOrUpdate::parameters.resource, "The hunt"); + +@@added(Hunt, Versions.v2025_10_01_preview); +@@added(Hunts, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntComment.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntComment.tsp index e61883025ae5..2cb2df20211f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntComment.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntComment.tsp @@ -99,3 +99,6 @@ interface HuntComments { @@doc(HuntComment.name, "The hunt comment id (GUID)"); @@doc(HuntComment.properties, "Hunt Comment properties"); @@doc(HuntComments.createOrUpdate::parameters.resource, "The hunt comment"); + +@@added(HuntComment, Versions.v2025_10_01_preview); +@@added(HuntComments, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntRelation.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntRelation.tsp index 1fb3cee6c777..55453cfce967 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntRelation.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntRelation.tsp @@ -93,3 +93,6 @@ interface HuntRelations { @@doc(HuntRelation.name, "The hunt relation id (GUID)"); @@doc(HuntRelation.properties, "Hunt Relation properties"); @@doc(HuntRelations.createOrUpdate::parameters.resource, "The hunt relation"); + +@@added(HuntRelation, Versions.v2025_10_01_preview); +@@added(HuntRelations, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Job.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Job.tsp index 8e7ab4147084..24fcc85d3cc2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Job.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Job.tsp @@ -76,3 +76,6 @@ interface Jobs { @@doc(Job.name, "The job name"); @@doc(Job.properties, "The job object"); + +@@added(Job, Versions.v2025_10_01_preview); +@@added(Jobs, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/OfficeConsent.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/OfficeConsent.tsp index bc60276cf3ea..34ca3ec3d5a3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/OfficeConsent.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/OfficeConsent.tsp @@ -59,3 +59,6 @@ interface OfficeConsents { @@doc(OfficeConsent.name, "consent ID"); @@doc(OfficeConsent.properties, "Office consent properties"); + +@@added(OfficeConsent, Versions.v2025_10_01_preview); +@@added(OfficeConsents, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Recommendation.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Recommendation.tsp index 96686293f756..b413e6b53086 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Recommendation.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Recommendation.tsp @@ -86,3 +86,6 @@ interface Recommendations { Recommendations.recommendation::parameters.properties, "Recommendation Fields to Update." ); + +@@added(Recommendation, Versions.v2025_10_01_preview); +@@added(Recommendations, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Settings.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Settings.tsp index 783e6b61ce5e..1a086a4b9918 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Settings.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Settings.tsp @@ -81,3 +81,6 @@ interface ProductSettings { "The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba" ); @@doc(ProductSettings.update::parameters.resource, "The setting"); + +@@added(Settings, Versions.v2025_10_01_preview); +@@added(ProductSettings, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/TriggeredAnalyticsRuleRun.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/TriggeredAnalyticsRuleRun.tsp index 5a4a57544448..109f0e0ecd98 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/TriggeredAnalyticsRuleRun.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/TriggeredAnalyticsRuleRun.tsp @@ -66,3 +66,6 @@ interface triggeredAnalyticsRuleRun { TriggeredAnalyticsRuleRun.properties, "The triggered analytics rule run Properties" ); + +@@added(TriggeredAnalyticsRuleRun, Versions.v2025_10_01_preview); +@@added(triggeredAnalyticsRuleRun, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerAssignment.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerAssignment.tsp index b9f4dc7ca493..c00f8204f177 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerAssignment.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerAssignment.tsp @@ -110,3 +110,6 @@ interface WorkspaceManagerAssignments { WorkspaceManagerAssignments.createOrUpdate::parameters.resource, "The workspace manager assignment" ); + +@@added(WorkspaceManagerAssignment, Versions.v2025_10_01_preview); +@@added(WorkspaceManagerAssignments, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerConfiguration.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerConfiguration.tsp index 0b62fcdee70b..0e0dfb44883a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerConfiguration.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerConfiguration.tsp @@ -101,3 +101,6 @@ interface WorkspaceManagerConfigurations { WorkspaceManagerConfigurations.createOrUpdate::parameters.resource, "The workspace manager configuration" ); + +@@added(WorkspaceManagerConfiguration, Versions.v2025_10_01_preview); +@@added(WorkspaceManagerConfigurations, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerGroup.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerGroup.tsp index 71a418a55b34..1f2d6aa1753a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerGroup.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerGroup.tsp @@ -92,3 +92,6 @@ interface WorkspaceManagerGroups { WorkspaceManagerGroups.createOrUpdate::parameters.resource, "The workspace manager group object" ); + +@@added(WorkspaceManagerGroup, Versions.v2025_10_01_preview); +@@added(WorkspaceManagerGroups, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerMember.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerMember.tsp index 2af1d7523bf9..32cc8d263c31 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerMember.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerMember.tsp @@ -92,3 +92,6 @@ interface WorkspaceManagerMembers { WorkspaceManagerMembers.createOrUpdate::parameters.resource, "The workspace manager member object" ); + +@@added(WorkspaceManagerMember, Versions.v2025_10_01_preview); +@@added(WorkspaceManagerMembers, Versions.v2025_10_01_preview); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/main.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/main.tsp index f362c1c89f52..a3bcacb8d4d9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/main.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/main.tsp @@ -74,9 +74,15 @@ namespace Microsoft.SecurityInsights; */ enum Versions { /** - * The 2025-07-01-preview API version. + * The 2025-09-01 API version. */ - v2025_07_01_preview: "2025-07-01-preview", + v2025_09_01: "2025-09-01", + + /** + * The 2025-10-01-preview API version. + */ + @previewVersion + v2025_10_01_preview: "2025-10-01-preview", } interface Operations From 0ef31518351547beb9245a167e10945737fa7aa1 Mon Sep 17 00:00:00 2001 From: Adi Megidish Date: Mon, 25 May 2026 17:31:22 +0300 Subject: [PATCH 02/38] Decorate preview-only declarations in models.tsp --- .../SecurityInsights/models.tsp | 306 ++++++++++++++++++ 1 file changed, 306 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 2b3bd0f45e66..d610606c9ed0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -159,6 +159,7 @@ union ActionType { /** * The kind of the billing statistic */ +@added(Versions.v2025_10_01_preview) union BillingStatisticKind { string, @@ -888,6 +889,7 @@ union DataConnectorKind { /** * The authentication kind used to poll the data */ +@added(Versions.v2025_10_01_preview) union ConnectAuthKind { string, @@ -910,6 +912,7 @@ union ConnectAuthKind { /** * Describes the state of user's authorization for a connector kind. */ +@added(Versions.v2025_10_01_preview) union DataConnectorAuthorizationState { string, @@ -927,6 +930,7 @@ union DataConnectorAuthorizationState { /** * Describes the state of user's license for a connector kind. */ +@added(Versions.v2025_10_01_preview) union DataConnectorLicenseState { string, @@ -947,6 +951,7 @@ union DataConnectorLicenseState { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) union EnrichmentType { string, @@ -959,6 +964,7 @@ union EnrichmentType { /** * The entity query kind */ +@added(Versions.v2025_10_01_preview) union EntityTimelineKind { string, @@ -984,6 +990,7 @@ union EntityTimelineKind { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) union EntityItemQueryKind { string, @@ -996,6 +1003,7 @@ union EntityItemQueryKind { /** * The kind of the entity query */ +@added(Versions.v2025_10_01_preview) union EntityQueryKind { string, @@ -1018,6 +1026,7 @@ union EntityQueryKind { /** * the query kind */ +@added(Versions.v2025_10_01_preview) union GetInsightsError { string, @@ -1028,6 +1037,7 @@ union GetInsightsError { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) union EntityQueryTemplateKind { string, @@ -1070,6 +1080,7 @@ union EntityQueryTemplateKind { /** * The kind of the entity query that supports put request. */ +@added(Versions.v2025_10_01_preview) union CustomEntityQueryKind { string, @@ -1082,6 +1093,7 @@ union CustomEntityQueryKind { /** * Describes how to ingest the records in the file. */ +@added(Versions.v2025_10_01_preview) union IngestionMode { string, @@ -1104,6 +1116,7 @@ union IngestionMode { /** * The content type of this file. */ +@added(Versions.v2025_10_01_preview) union FileImportContentType { string, @@ -1126,6 +1139,7 @@ union FileImportContentType { /** * The format of the file */ +@added(Versions.v2025_10_01_preview) union FileFormat { string, @@ -1148,6 +1162,7 @@ union FileFormat { /** * Indicates whether the file was deleted from the storage account. */ +@added(Versions.v2025_10_01_preview) union DeleteStatus { string, @@ -1170,6 +1185,7 @@ union DeleteStatus { /** * The state of the file import. */ +@added(Versions.v2025_10_01_preview) union FileImportState { string, @@ -1212,6 +1228,7 @@ union FileImportState { /** * The status of the hunt. */ +@added(Versions.v2025_10_01_preview) union Status { string, @@ -1259,6 +1276,7 @@ union Status { /** * The hypothesis status of the hunt. */ +@added(Versions.v2025_10_01_preview) union HypothesisStatus { string, @@ -1642,6 +1660,7 @@ union SecurityMLAnalyticsSettingsKind { /** * The kind of the setting */ +@added(Versions.v2025_10_01_preview) union SettingKind { string, @@ -1897,6 +1916,7 @@ union ThreatIntelligenceSortingOrder { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) union TiType { string, @@ -1909,6 +1929,7 @@ union TiType { /** * Represents boolean connectives used to join clauses in conditions. */ +@added(Versions.v2025_10_01_preview) union Connective { string, @@ -1926,6 +1947,7 @@ union Connective { /** * The direction to sort the results by. */ +@added(Versions.v2025_10_01_preview) union SortingDirection { string, @@ -1943,6 +1965,7 @@ union SortingDirection { /** * The kind of the TI object */ +@added(Versions.v2025_10_01_preview) union TIObjectKind { string, @@ -2024,6 +2047,7 @@ union SourceType { /** * The current mode of the workspace manager configuration */ +@added(Versions.v2025_10_01_preview) union Mode { string, @@ -2826,6 +2850,7 @@ union DataTypeState { /** * The available data providers. */ +@added(Versions.v2025_10_01_preview) union MtpProvider { string, @@ -2974,6 +2999,7 @@ union RestApiPollerRequestPagingKind { /** * The polling frequency for the TAXII server. */ +@added(Versions.v2025_10_01_preview) union PollingFrequency { string, @@ -2996,6 +3022,7 @@ union PollingFrequency { /** * type of connectivity */ +@added(Versions.v2025_10_01_preview) union ConnectivityType { string, @@ -3008,6 +3035,7 @@ union ConnectivityType { /** * Provider name */ +@added(Versions.v2025_10_01_preview) union ProviderName { string, @@ -3045,6 +3073,7 @@ union ProviderName { /** * Permission provider scope */ +@added(Versions.v2025_10_01_preview) union PermissionProviderScope { string, @@ -3067,6 +3096,7 @@ union PermissionProviderScope { /** * The kind of the setting */ +@added(Versions.v2025_10_01_preview) union SettingType { string, @@ -3089,6 +3119,7 @@ union SettingType { /** * The type of the entity */ +@added(Versions.v2025_10_01_preview) union EntityType { string, @@ -3206,6 +3237,7 @@ union EntityType { /** * Insights Column type. */ +@added(Versions.v2025_10_01_preview) union OutputType { string, @@ -3250,6 +3282,7 @@ union SettingsStatus { /** * The entity provider that is synced. */ +@added(Versions.v2025_10_01_preview) union EntityProviders { string, @@ -3267,6 +3300,7 @@ union EntityProviders { /** * The data source that enriched by ueba. */ +@added(Versions.v2025_10_01_preview) union UebaDataSources { string, @@ -3326,6 +3360,7 @@ union FileHashAlgorithm { /** * Device importance, determines if the device classified as 'crown jewel' */ +@added(Versions.v2025_10_01_preview) union DeviceImportance { string, @@ -3926,6 +3961,7 @@ model ManualTriggerRequestBody { /** * List of all Microsoft Sentinel billing statistics. */ +@added(Versions.v2025_10_01_preview) model BillingStatisticList is Azure.Core.Page; /** @@ -4076,6 +4112,7 @@ model IncidentInfo { /** * Describes the entity mappings of a single entity */ +@added(Versions.v2025_10_01_preview) model BookmarkEntityMappings { /** * The entity type @@ -4092,6 +4129,7 @@ model BookmarkEntityMappings { /** * Map identifiers of a single entity */ +@added(Versions.v2025_10_01_preview) model EntityFieldMapping { /** * Alert V3 identifier @@ -4141,6 +4179,7 @@ model RelationProperties { /** * The parameters required to execute an expand operation on the given bookmark. */ +@added(Versions.v2025_10_01_preview) model BookmarkExpandParameters { /** * The end date filter, so the only expansion results returned are before this date. @@ -4163,6 +4202,7 @@ model BookmarkExpandParameters { /** * The entity expansion result operation response. */ +@added(Versions.v2025_10_01_preview) model BookmarkExpandResponse { /** * The metadata from the expansion operation results. @@ -4178,6 +4218,7 @@ model BookmarkExpandResponse { /** * Expansion result metadata. */ +@added(Versions.v2025_10_01_preview) model ExpansionResultsMetadata { /** * Information of the aggregated nodes in the expansion result. @@ -4189,6 +4230,7 @@ model ExpansionResultsMetadata { /** * Information of a specific aggregation in the expansion result. */ +@added(Versions.v2025_10_01_preview) model ExpansionResultAggregation { /** * The common type of the aggregation. (for e.g. entity field name) @@ -4214,6 +4256,7 @@ model ExpansionResultAggregation { /** * The expansion result values. */ +@added(Versions.v2025_10_01_preview) model BookmarkExpandResponseValue { /** * Array of the expansion result entities. @@ -4230,6 +4273,7 @@ model BookmarkExpandResponseValue { /** * Expansion result connected entities */ +@added(Versions.v2025_10_01_preview) model ConnectedEntity { /** * Entity Id of the connected entity @@ -4729,6 +4773,7 @@ model DataConnectorList is Azure.Core.Page; /** * Represents Codeless API Polling data connector. */ +@added(Versions.v2025_10_01_preview) model DataConnectorConnectBody { /** * The authentication kind used to poll the data @@ -4790,6 +4835,7 @@ model DataConnectorConnectBody { * Data connector requirements properties. */ @discriminator("kind") +@added(Versions.v2025_10_01_preview) model DataConnectorsCheckRequirements { /** * Describes the kind of connector to be checked. @@ -4800,6 +4846,7 @@ model DataConnectorsCheckRequirements { /** * Data connector requirements status. */ +@added(Versions.v2025_10_01_preview) model DataConnectorRequirementsState { /** * Authorization state for this connector @@ -4815,6 +4862,7 @@ model DataConnectorRequirementsState { /** * IP address (v4 or v6) to be enriched */ +@added(Versions.v2025_10_01_preview) model EnrichmentIpAddressBody { /** * The dotted-decimal or colon-separated string representation of the IP address @@ -4825,6 +4873,7 @@ model EnrichmentIpAddressBody { /** * Geodata information for a given IP address */ +@added(Versions.v2025_10_01_preview) model EnrichmentIpGeodata { /** * The autonomous system number associated with this IP address @@ -4921,6 +4970,7 @@ model EnrichmentIpGeodata { /** * Domain name to be enriched */ +@added(Versions.v2025_10_01_preview) model EnrichmentDomainBody { /** * The domain name @@ -4931,6 +4981,7 @@ model EnrichmentDomainBody { /** * Whois information for a given domain and associated metadata */ +@added(Versions.v2025_10_01_preview) model EnrichmentDomainWhois { /** * The domain for this whois record @@ -4969,6 +5020,7 @@ model EnrichmentDomainWhois { /** * The whois record for a given domain */ +@added(Versions.v2025_10_01_preview) model EnrichmentDomainWhoisDetails { /** * The registrar associated with this domain @@ -4994,6 +5046,7 @@ model EnrichmentDomainWhoisDetails { /** * The registrar associated with this domain */ +@added(Versions.v2025_10_01_preview) model EnrichmentDomainWhoisRegistrarDetails { /** * The name of this registrar @@ -5029,6 +5082,7 @@ model EnrichmentDomainWhoisRegistrarDetails { /** * The set of contacts associated with this domain */ +@added(Versions.v2025_10_01_preview) model EnrichmentDomainWhoisContacts { /** * The admin contact for this whois record @@ -5054,6 +5108,7 @@ model EnrichmentDomainWhoisContacts { /** * An individual contact associated with this domain */ +@added(Versions.v2025_10_01_preview) model EnrichmentDomainWhoisContact { /** * The name of this contact @@ -5109,11 +5164,13 @@ model EnrichmentDomainWhoisContact { /** * List of all the entities. */ +@added(Versions.v2025_10_01_preview) model EntityList is Azure.Core.Page; /** * The parameters required to execute an expand operation on the given entity. */ +@added(Versions.v2025_10_01_preview) model EntityExpandParameters { /** * The end date filter, so the only expansion results returned are before this date. @@ -5136,6 +5193,7 @@ model EntityExpandParameters { /** * The entity expansion result operation response. */ +@added(Versions.v2025_10_01_preview) model EntityExpandResponse { /** * The metadata from the expansion operation results. @@ -5151,6 +5209,7 @@ model EntityExpandResponse { /** * The expansion result values. */ +@added(Versions.v2025_10_01_preview) model EntityExpandResponseValue { /** * Array of the expansion result entities. @@ -5168,6 +5227,7 @@ model EntityExpandResponseValue { /** * The edge that connects the entity to the other entity. */ +@added(Versions.v2025_10_01_preview) model EntityEdges { /** * The target entity Id. @@ -5184,6 +5244,7 @@ model EntityEdges { /** * The parameters required to execute s timeline operation on the given entity. */ +@added(Versions.v2025_10_01_preview) model EntityTimelineParameters { /** * Array of timeline Item kinds. @@ -5211,6 +5272,7 @@ model EntityTimelineParameters { /** * The entity timeline result operation response. */ +@added(Versions.v2025_10_01_preview) model EntityTimelineResponse { /** * The metadata from the timeline operation results. @@ -5228,6 +5290,7 @@ model EntityTimelineResponse { /** * Expansion result metadata. */ +@added(Versions.v2025_10_01_preview) model TimelineResultsMetadata { /** * the total items found for the timeline request @@ -5250,6 +5313,7 @@ model TimelineResultsMetadata { /** * timeline aggregation information per kind */ +@added(Versions.v2025_10_01_preview) model TimelineAggregation { /** * the total items found for a kind @@ -5265,6 +5329,7 @@ model TimelineAggregation { /** * Timeline Query Errors. */ +@added(Versions.v2025_10_01_preview) model TimelineError { /** * the query kind @@ -5286,6 +5351,7 @@ model TimelineError { * Entity timeline Item. */ @discriminator("kind") +@added(Versions.v2025_10_01_preview) model EntityTimelineItem { /** * The entity query kind type. @@ -5296,6 +5362,7 @@ model EntityTimelineItem { /** * Retrieve queries for entity result operation response. */ +@added(Versions.v2025_10_01_preview) model GetQueriesResponse { /** * The query result values. @@ -5312,6 +5379,7 @@ model GetQueriesResponse { * An abstract Query item for entity */ @discriminator("kind") +@added(Versions.v2025_10_01_preview) model EntityQueryItem { /** * Query Template ARM ID @@ -5338,6 +5406,7 @@ model EntityQueryItem { /** * The parameters required to execute insights operation on the given entity. */ +@added(Versions.v2025_10_01_preview) model EntityGetInsightsParameters { /** * The start timeline date, so the results returned are after this date. @@ -5365,6 +5434,7 @@ model EntityGetInsightsParameters { /** * The Get Insights result operation response. */ +@added(Versions.v2025_10_01_preview) model EntityGetInsightsResponse { /** * The metadata from the get insights operation results. @@ -5382,6 +5452,7 @@ model EntityGetInsightsResponse { /** * Get Insights result metadata. */ +@added(Versions.v2025_10_01_preview) model GetInsightsResultsMetadata { /** * the total items found for the insights request @@ -5398,6 +5469,7 @@ model GetInsightsResultsMetadata { /** * GetInsights Query Errors. */ +@added(Versions.v2025_10_01_preview) model GetInsightsErrorKind { /** * the query kind @@ -5418,6 +5490,7 @@ model GetInsightsErrorKind { /** * Entity insight Item. */ +@added(Versions.v2025_10_01_preview) model EntityInsightItem { /** * The query id of the insight @@ -5444,6 +5517,7 @@ model EntityInsightItem { /** * The Time interval that the query actually executed on. */ +@added(Versions.v2025_10_01_preview) model EntityInsightItemQueryTimeInterval { /** * Insight query start time @@ -5461,6 +5535,7 @@ model EntityInsightItemQueryTimeInterval { /** * Query results for table insights query. */ +@added(Versions.v2025_10_01_preview) model InsightsTableResult { /** * Columns Metadata of the table @@ -5476,6 +5551,7 @@ model InsightsTableResult { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model InsightsTableResultColumnsItem { /** * the type of the column @@ -5491,6 +5567,7 @@ model InsightsTableResultColumnsItem { /** * List of all the entity queries. */ +@added(Versions.v2025_10_01_preview) model EntityQueryList is Azure.Core.Page; /** @@ -5498,6 +5575,7 @@ model EntityQueryList is Azure.Core.Page; */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @discriminator("kind") +@added(Versions.v2025_10_01_preview) model CustomEntityQuery extends ResourceWithEtag { /** * the entity query kind @@ -5508,17 +5586,20 @@ model CustomEntityQuery extends ResourceWithEtag { /** * List of all the entity query templates. */ +@added(Versions.v2025_10_01_preview) model EntityQueryTemplateList is Azure.Core.Page; /** * List all the file imports. */ +@added(Versions.v2025_10_01_preview) model FileImportList is Azure.Core.Page; /** * Describes the FileImport's properties */ #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model FileImportProperties { /** * Describes how to ingest the records in the file. @@ -5605,6 +5686,7 @@ model FileImportProperties { /** * Represents a file. */ +@added(Versions.v2025_10_01_preview) model FileMetadata { /** * The format of the file @@ -5637,6 +5719,7 @@ model FileMetadata { /** * Describes an error encountered in the file during validation. */ +@added(Versions.v2025_10_01_preview) model ValidationError { /** * The number of the record that has the error. @@ -5653,12 +5736,14 @@ model ValidationError { /** * List all the hunts. */ +@added(Versions.v2025_10_01_preview) model HuntList is Azure.Core.Page; /** * Describes hunt properties */ #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model HuntProperties { /** * The display name of the hunt @@ -5704,6 +5789,7 @@ model HuntProperties { /** * Describes a user that the hunt is assigned to */ +@added(Versions.v2025_10_01_preview) model HuntOwner { /** * The email of the user the hunt is assigned to. @@ -5735,12 +5821,14 @@ model HuntOwner { /** * List of all the hunt relations */ +@added(Versions.v2025_10_01_preview) model HuntRelationList is Azure.Core.Page; /** * Describes hunt relation properties */ #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model HuntRelationProperties { /** * The id of the related resource @@ -5774,12 +5862,14 @@ model HuntRelationProperties { /** * List of all hunt comments */ +@added(Versions.v2025_10_01_preview) model HuntCommentList is Azure.Core.Page; /** * Describes a hunt comment properties */ #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model HuntCommentProperties { /** * The message for the comment @@ -6024,6 +6114,7 @@ model IncidentAdditionalData { /** * Describes team information */ +@added(Versions.v2025_10_01_preview) model TeamInformation { /** * Team ID @@ -6708,12 +6799,14 @@ model MetadataPropertiesPatch { /** * List of all the office365 consents. */ +@added(Versions.v2025_10_01_preview) model OfficeConsentList is Azure.Core.Page; /** * Consent property bag. */ #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficeConsentProperties { /** * The tenantId of the Office365 with the consent. @@ -6801,12 +6894,14 @@ model OperationDisplay { /** * A list of recommendations */ +@added(Versions.v2025_10_01_preview) model RecommendationList is Azure.Core.Page; /** * Recommendation properties object. */ #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model RecommendationProperties { /** * Id of the recommendation type. @@ -6869,6 +6964,7 @@ model RecommendationProperties { /** * What suggestions should be taken to complete the recommendation. */ +@added(Versions.v2025_10_01_preview) model RecommendedSuggestion { /** * Id of the suggestion type. @@ -6901,6 +6997,7 @@ model RecommendedSuggestion { /** * Recommendation Fields to update. */ +@added(Versions.v2025_10_01_preview) model RecommendationPatch { /** * Recommendation Fields Properties to update. @@ -6911,6 +7008,7 @@ model RecommendationPatch { /** * Recommendation Fields Properties to update. */ +@added(Versions.v2025_10_01_preview) model RecommendationPatchProperties { /** * State of the recommendation. @@ -6921,6 +7019,7 @@ model RecommendationPatchProperties { /** * Reevaluate response object. */ +@added(Versions.v2025_10_01_preview) model ReevaluateResponse { /** * The time stamp (UTC) when the recommendation was last evaluated. @@ -6939,6 +7038,7 @@ model SecurityMLAnalyticsSettingsList /** * List of all the settings. */ +@added(Versions.v2025_10_01_preview) model SettingList is Azure.Core.Page; /** @@ -7811,6 +7911,7 @@ model ThreatIntelligenceAppendTags { /** * Represents a query to run on the TI objects in the workspace. */ +@added(Versions.v2025_10_01_preview) model CountQuery { /** * Query properties @@ -7821,6 +7922,7 @@ model CountQuery { /** * Describes the query properties */ +@added(Versions.v2025_10_01_preview) model QueryProperties { /** * Represents a condition used to query for TI objects. @@ -7831,6 +7933,7 @@ model QueryProperties { /** * Represents a condition used to query for TI objects. */ +@added(Versions.v2025_10_01_preview) model ConditionProperties { /** * The STIX type for the objects returned by this query. @@ -7854,6 +7957,7 @@ model ConditionProperties { /** * Represents a single clause to be evaluated by a NormalizedCondition. */ +@added(Versions.v2025_10_01_preview) model ConditionClause { /** * The connective used to join all values in this ConditionClause @@ -7880,6 +7984,7 @@ model ConditionClause { /** * Count of all the threat intelligence objects on the workspace that match the provided query. */ +@added(Versions.v2025_10_01_preview) model ThreatIntelligenceCount { /** * Count of all the threat intelligence objects on the workspace that match the provided query. @@ -7891,6 +7996,7 @@ model ThreatIntelligenceCount { /** * Represents a query to run on the TI objects in the workspace. */ +@added(Versions.v2025_10_01_preview) model Query { /** * Represents a condition used to query for TI objects. @@ -7916,6 +8022,7 @@ model Query { /** * Represents a condition used to query for TI objects. */ +@added(Versions.v2025_10_01_preview) model QueryCondition { /** * The STIX type for the objects returned by this query. @@ -7937,6 +8044,7 @@ model QueryCondition { /** * Specifies how to sort the query results. */ +@added(Versions.v2025_10_01_preview) model QuerySortBy { /** * The direction to sort the results by. @@ -7952,6 +8060,7 @@ model QuerySortBy { /** * List all the threat intelligence objects on the workspace that match the provided query. */ +@added(Versions.v2025_10_01_preview) model ThreatIntelligenceList is Azure.Core.Page; /** @@ -7960,6 +8069,7 @@ model ThreatIntelligenceList is Azure.Core.Page; #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @discriminator("kind") +@added(Versions.v2025_10_01_preview) model TIObject extends Azure.ResourceManager.CommonTypes.Resource { /** * The properties of the TI object @@ -7976,6 +8086,7 @@ model TIObject extends Azure.ResourceManager.CommonTypes.Resource { * Describes properties common to all threat intelligence objects */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model TIObjectCommonProperties { /** * The core STIX object that this TI object represents. @@ -8046,6 +8157,7 @@ model TIObjectCommonProperties { /** * An object used to help follow relationships from this object to other STIX objects. */ +@added(Versions.v2025_10_01_preview) model RelationshipHint { #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" fieldName?: string; @@ -8056,6 +8168,7 @@ model RelationshipHint { /** * The triggered analytics rule run Properties */ +@added(Versions.v2025_10_01_preview) model TriggeredAnalyticsRuleRunProperties { // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario. #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @@ -8083,11 +8196,13 @@ model TriggeredAnalyticsRuleRunProperties { /** * The triggered analytics rule run array */ +@added(Versions.v2025_10_01_preview) model TriggeredAnalyticsRuleRuns is Azure.Core.Page; /** * Analytics Rule Run Trigger request */ +@added(Versions.v2025_10_01_preview) model AnalyticsRuleRunTrigger { /** * The analytics Rule Run Trigger request @@ -8098,6 +8213,7 @@ model AnalyticsRuleRunTrigger { /** * The Analytics Rule Run Trigger properties */ +@added(Versions.v2025_10_01_preview) model AnalyticsRuleRunTriggerProperties { // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario. #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @@ -8296,6 +8412,7 @@ model WatchlistItemProperties { /** * List of all the workspace manager assignments. */ +@added(Versions.v2025_10_01_preview) model WorkspaceManagerAssignmentList is Azure.Core.Page; @@ -8303,6 +8420,7 @@ model WorkspaceManagerAssignmentList * The workspace manager assignment properties */ #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model WorkspaceManagerAssignmentProperties { /** * The resource name of the workspace manager group targeted by the workspace manager assignment @@ -8332,6 +8450,7 @@ model WorkspaceManagerAssignmentProperties { /** * An entity describing a content item. */ +@added(Versions.v2025_10_01_preview) model AssignmentItem { /** * The resource id of the content item @@ -8342,11 +8461,13 @@ model AssignmentItem { /** * List of all the jobs */ +@added(Versions.v2025_10_01_preview) model JobList is Azure.Core.Page; /** * The job properties */ +@added(Versions.v2025_10_01_preview) model JobProperties { /** * The time the job completed @@ -8384,6 +8505,7 @@ model JobProperties { /** * An entity describing the publish status of a content item. */ +@added(Versions.v2025_10_01_preview) model JobItem { /** * The resource id of the content item @@ -8413,6 +8535,7 @@ model JobItem { /** * The error description for why a publication failed */ +@added(Versions.v2025_10_01_preview) model Error { /** * The member resource name for which the publication error occured @@ -8428,6 +8551,7 @@ model Error { /** * List all the workspace manager configurations for the workspace. */ +@added(Versions.v2025_10_01_preview) model WorkspaceManagerConfigurationList is Azure.Core.Page; @@ -8435,6 +8559,7 @@ model WorkspaceManagerConfigurationList * The workspace manager configuration properties */ #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model WorkspaceManagerConfigurationProperties { /** * The current mode of the workspace manager configuration @@ -8445,12 +8570,14 @@ model WorkspaceManagerConfigurationProperties { /** * List of all the workspace manager groups. */ +@added(Versions.v2025_10_01_preview) model WorkspaceManagerGroupList is Azure.Core.Page; /** * The workspace manager group properties */ #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model WorkspaceManagerGroupProperties { /** * The description of the workspace manager group @@ -8471,12 +8598,14 @@ model WorkspaceManagerGroupProperties { /** * List of workspace manager members */ +@added(Versions.v2025_10_01_preview) model WorkspaceManagerMembersList is Azure.Core.Page; /** * The workspace manager member properties */ #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model WorkspaceManagerMemberProperties { /** * Fully qualified resource ID of the target Sentinel workspace joining the given Sentinel workspace manager @@ -8555,6 +8684,7 @@ model AlertRuleTemplatePropertiesBase { * Alert rule template with MITRE property bag. */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model AlertRuleTemplateWithMitreProperties extends AlertRuleTemplatePropertiesBase { /** @@ -8571,6 +8701,7 @@ model AlertRuleTemplateWithMitreProperties /** * Query based alert rule template base property bag. */ +@added(Versions.v2025_10_01_preview) model QueryBasedAlertRuleTemplateProperties { /** * The query that creates alerts for this rule. @@ -8706,6 +8837,7 @@ model EventGroupingSettings { /** * A single sentinel entity mapping */ +@added(Versions.v2025_10_01_preview) model SentinelEntityMapping { /** * the column name to be mapped to the SentinelEntities @@ -8717,6 +8849,7 @@ model SentinelEntityMapping { * Represents MLBehaviorAnalytics alert rule. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MLBehaviorAnalyticsAlertRule extends AlertRule { /** * MLBehaviorAnalytics alert rule properties @@ -8734,6 +8867,7 @@ model MLBehaviorAnalyticsAlertRule extends AlertRule { * MLBehaviorAnalytics alert rule base property bag. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MLBehaviorAnalyticsAlertRuleProperties { /** * The Name of the alert rule template used to create this rule. @@ -8794,6 +8928,7 @@ model MLBehaviorAnalyticsAlertRuleProperties { * Represents MLBehaviorAnalytics alert rule template. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MLBehaviorAnalyticsAlertRuleTemplate extends AlertRuleTemplate { /** * MLBehaviorAnalytics alert rule template properties. @@ -8812,6 +8947,7 @@ model MLBehaviorAnalyticsAlertRuleTemplate extends AlertRuleTemplate { */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MLBehaviorAnalyticsAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties { /** @@ -8908,6 +9044,7 @@ model FusionAlertRuleProperties { /** * Represents a supported source signal configuration in Fusion detection. */ +@added(Versions.v2025_10_01_preview) model FusionSourceSettings { /** * Determines whether this source signal is enabled or disabled in Fusion detection. @@ -8929,6 +9066,7 @@ model FusionSourceSettings { /** * Represents a supported source subtype configuration under a source signal in Fusion detection. */ +@added(Versions.v2025_10_01_preview) model FusionSourceSubTypeSetting { /** * Determines whether this source subtype under source signal is enabled or disabled in Fusion detection. @@ -8955,6 +9093,7 @@ model FusionSourceSubTypeSetting { /** * Represents severity configuration for a source subtype consumed in Fusion detection. */ +@added(Versions.v2025_10_01_preview) model FusionSubTypeSeverityFilter { /** * Determines whether this source subtype supports severity configuration or not. @@ -8972,6 +9111,7 @@ model FusionSubTypeSeverityFilter { /** * Represents a Severity filter setting for a given source subtype consumed in Fusion detection. */ +@added(Versions.v2025_10_01_preview) model FusionSubTypeSeverityFiltersItem { /** * The Severity for a given source subtype consumed in Fusion detection. @@ -8987,6 +9127,7 @@ model FusionSubTypeSeverityFiltersItem { /** * Represents a Fusion scenario exclusion patterns in Fusion detection. */ +@added(Versions.v2025_10_01_preview) model FusionScenarioExclusionPattern { /** * Scenario exclusion pattern. @@ -9091,6 +9232,7 @@ model FusionAlertRuleTemplateProperties { /** * Represents a source signal consumed in Fusion detection. */ +@added(Versions.v2025_10_01_preview) model FusionTemplateSourceSetting { /** * The name of a source signal consumed in Fusion detection. @@ -9107,6 +9249,7 @@ model FusionTemplateSourceSetting { /** * Represents a source subtype under a source signal consumed in Fusion detection. */ +@added(Versions.v2025_10_01_preview) model FusionTemplateSourceSubType { /** * The name of source subtype under a source signal consumed in Fusion detection. @@ -9128,6 +9271,7 @@ model FusionTemplateSourceSubType { /** * Represents severity configurations available for a source subtype consumed in Fusion detection. */ +@added(Versions.v2025_10_01_preview) model FusionTemplateSubTypeSeverityFilter { /** * Determines whether severity configuration is supported for this source subtype consumed in Fusion detection. @@ -9143,6 +9287,7 @@ model FusionTemplateSubTypeSeverityFilter { /** * Represents Threat Intelligence alert rule. */ +@added(Versions.v2025_10_01_preview) model ThreatIntelligenceAlertRule extends AlertRule { /** * Threat Intelligence alert rule properties @@ -9158,6 +9303,7 @@ model ThreatIntelligenceAlertRule extends AlertRule { /** * Threat Intelligence alert rule base property bag. */ +@added(Versions.v2025_10_01_preview) model ThreatIntelligenceAlertRuleProperties { /** * The Name of the alert rule template used to create this rule. @@ -9216,6 +9362,7 @@ model ThreatIntelligenceAlertRuleProperties { /** * Represents Threat Intelligence alert rule template. */ +@added(Versions.v2025_10_01_preview) model ThreatIntelligenceAlertRuleTemplate extends AlertRuleTemplate { /** * Threat Intelligence alert rule template properties @@ -9232,6 +9379,7 @@ model ThreatIntelligenceAlertRuleTemplate extends AlertRuleTemplate { * Threat Intelligence alert rule template properties */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model ThreatIntelligenceAlertRuleTemplateProperties extends AlertRuleTemplateWithMitreProperties { /** @@ -9546,6 +9694,7 @@ model ScheduledAlertRuleCommonProperties { /** * Nrt alert rule base property bag. */ +@added(Versions.v2025_10_01_preview) model NrtAlertRuleProperties { /** * The Name of the alert rule template used to create this rule. @@ -9791,6 +9940,7 @@ model ScheduledAlertRuleTemplate extends AlertRuleTemplate { /** * Represents NRT alert rule template. */ +@added(Versions.v2025_10_01_preview) model NrtAlertRuleTemplate extends AlertRuleTemplate { /** * NRT alert rule template properties @@ -9806,6 +9956,7 @@ model NrtAlertRuleTemplate extends AlertRuleTemplate { /** * NRT alert rule template properties */ +@added(Versions.v2025_10_01_preview) model NrtAlertRuleTemplateProperties { ...AlertRuleTemplateWithMitreProperties; ...QueryBasedAlertRuleTemplateProperties; @@ -9829,6 +9980,7 @@ model ScheduledAlertRule extends AlertRule { /** * Represents NRT alert rule. */ +@added(Versions.v2025_10_01_preview) model NrtAlertRule extends AlertRule { /** * NRT alert rule properties @@ -10058,6 +10210,7 @@ model PropertyConditionProperties extends AutomationRuleCondition { /** * Billing statistic about the Microsoft Sentinel solution for SAP Usage */ +@added(Versions.v2025_10_01_preview) model SapSolutionUsageStatistic extends BillingStatistic { /** * The SAP solution usage object @@ -10073,6 +10226,7 @@ model SapSolutionUsageStatistic extends BillingStatistic { /** * Properties of the billing statistic about the Microsoft Sentinel solution for SAP usage */ +@added(Versions.v2025_10_01_preview) model SapSolutionUsageStatisticProperties { /** * The latest count of active SAP system IDs under the Microsoft Sentinel solution for SAP Usage @@ -10424,6 +10578,7 @@ model CustomizableConnectionsConfig { * Represents AADIP (Azure Active Directory Identity Protection) requirements check request. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model AADCheckRequirements extends DataConnectorsCheckRequirements { /** * AADIP (Azure Active Directory Identity Protection) requirements check properties. @@ -10442,6 +10597,7 @@ model AADCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model AADCheckRequirementsProperties extends DataConnectorTenantId {} /** @@ -10457,6 +10613,7 @@ model DataConnectorTenantId { /** * Represents AATP (Azure Advanced Threat Protection) requirements check request. */ +@added(Versions.v2025_10_01_preview) model AatpCheckRequirements extends DataConnectorsCheckRequirements { /** * AATP (Azure Advanced Threat Protection) requirements check properties. @@ -10474,12 +10631,14 @@ model AatpCheckRequirements extends DataConnectorsCheckRequirements { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model AatpCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents ASC (Azure Security Center) requirements check request. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model ASCCheckRequirements extends DataConnectorsCheckRequirements { /** * ASC (Azure Security Center) requirements check properties. @@ -10496,6 +10655,7 @@ model ASCCheckRequirements extends DataConnectorsCheckRequirements { * ASC (Azure Security Center) requirements check properties. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model ASCCheckRequirementsProperties { /** * The subscription id to connect to, and get the data from. @@ -10506,6 +10666,7 @@ model ASCCheckRequirementsProperties { /** * Amazon Web Services CloudTrail requirements check request. */ +@added(Versions.v2025_10_01_preview) model AwsCloudTrailCheckRequirements extends DataConnectorsCheckRequirements { /** * Describes the kind of connector to be checked. @@ -10516,6 +10677,7 @@ model AwsCloudTrailCheckRequirements extends DataConnectorsCheckRequirements { /** * Amazon Web Services S3 requirements check request. */ +@added(Versions.v2025_10_01_preview) model AwsS3CheckRequirements extends DataConnectorsCheckRequirements { /** * Describes the kind of connector to be checked. @@ -10526,6 +10688,7 @@ model AwsS3CheckRequirements extends DataConnectorsCheckRequirements { /** * Represents Dynamics365 requirements check request. */ +@added(Versions.v2025_10_01_preview) model Dynamics365CheckRequirements extends DataConnectorsCheckRequirements { /** * Dynamics365 requirements check properties. @@ -10543,11 +10706,13 @@ model Dynamics365CheckRequirements extends DataConnectorsCheckRequirements { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model Dynamics365CheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents MCAS (Microsoft Cloud App Security) requirements check request. */ +@added(Versions.v2025_10_01_preview) model McasCheckRequirements extends DataConnectorsCheckRequirements { /** * MCAS (Microsoft Cloud App Security) requirements check properties. @@ -10565,11 +10730,13 @@ model McasCheckRequirements extends DataConnectorsCheckRequirements { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model McasCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. */ +@added(Versions.v2025_10_01_preview) model MdatpCheckRequirements extends DataConnectorsCheckRequirements { /** * MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. @@ -10587,11 +10754,13 @@ model MdatpCheckRequirements extends DataConnectorsCheckRequirements { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MdatpCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents Microsoft Threat Intelligence requirements check request. */ +@added(Versions.v2025_10_01_preview) model MstiCheckRequirements extends DataConnectorsCheckRequirements { /** * Microsoft Threat Intelligence requirements check properties. @@ -10609,11 +10778,13 @@ model MstiCheckRequirements extends DataConnectorsCheckRequirements { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MstiCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents MTP (Microsoft Threat Protection) requirements check request. */ +@added(Versions.v2025_10_01_preview) model MtpCheckRequirements extends DataConnectorsCheckRequirements { /** * MTP (Microsoft Threat Protection) requirements check properties. @@ -10632,12 +10803,14 @@ model MtpCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MTPCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficeATPCheckRequirements extends DataConnectorsCheckRequirements { /** * OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. @@ -10656,12 +10829,14 @@ model OfficeATPCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficeATPCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficeIRMCheckRequirements extends DataConnectorsCheckRequirements { /** * OfficeIRM (Microsoft Insider Risk Management) requirements check properties. @@ -10680,11 +10855,13 @@ model OfficeIRMCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficeIRMCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents MicrosoftPurviewInformationProtection requirements check request. */ +@added(Versions.v2025_10_01_preview) model MicrosoftPurviewInformationProtectionCheckRequirements extends DataConnectorsCheckRequirements { /** @@ -10703,12 +10880,14 @@ model MicrosoftPurviewInformationProtectionCheckRequirements */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MicrosoftPurviewInformationProtectionCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents Office365 Project requirements check request. */ +@added(Versions.v2025_10_01_preview) model Office365ProjectCheckRequirements extends DataConnectorsCheckRequirements { /** @@ -10727,6 +10906,7 @@ model Office365ProjectCheckRequirements */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model Office365ProjectCheckRequirementsProperties extends DataConnectorTenantId {} @@ -10734,6 +10914,7 @@ model Office365ProjectCheckRequirementsProperties * Represents Office PowerBI requirements check request. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficePowerBICheckRequirements extends DataConnectorsCheckRequirements { /** * Office Power BI requirements check properties. @@ -10752,11 +10933,13 @@ model OfficePowerBICheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficePowerBICheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents PurviewAudit requirements check request. */ +@added(Versions.v2025_10_01_preview) model PurviewAuditCheckRequirements extends DataConnectorsCheckRequirements { /** * PurviewAudit requirements check properties. @@ -10774,12 +10957,14 @@ model PurviewAuditCheckRequirements extends DataConnectorsCheckRequirements { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model PurviewAuditCheckRequirementsProperties extends DataConnectorTenantId {} /** * Threat Intelligence Platforms data connector check requirements */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model TICheckRequirements extends DataConnectorsCheckRequirements { /** * Threat Intelligence Platforms data connector check required properties @@ -10798,11 +10983,13 @@ model TICheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model TICheckRequirementsProperties extends DataConnectorTenantId {} /** * Threat Intelligence TAXII data connector check requirements */ +@added(Versions.v2025_10_01_preview) model TiTaxiiCheckRequirements extends DataConnectorsCheckRequirements { /** * Threat Intelligence TAXII check required properties. @@ -10820,12 +11007,14 @@ model TiTaxiiCheckRequirements extends DataConnectorsCheckRequirements { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model TiTaxiiCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents IoT requirements check request. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model IoTCheckRequirements extends DataConnectorsCheckRequirements { /** * IoT requirements check properties. @@ -10842,6 +11031,7 @@ model IoTCheckRequirements extends DataConnectorsCheckRequirements { * IoT requirements check properties. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model IoTCheckRequirementsProperties { /** * The subscription id to connect to, and get the data from. @@ -11013,6 +11203,7 @@ model PremiumMdtiDataConnectorDataTypesConnector * Represents MTP (Microsoft Threat Protection) data connector. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MTPDataConnector extends DataConnector { /** * MTP (Microsoft Threat Protection) data connector properties. @@ -11030,6 +11221,7 @@ model MTPDataConnector extends DataConnector { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MTPDataConnectorProperties extends DataConnectorTenantId { /** * The available data types for the connector. @@ -11046,6 +11238,7 @@ model MTPDataConnectorProperties extends DataConnectorTenantId { * The available data types for Microsoft Threat Protection Platforms data connector. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MTPDataConnectorDataTypes { /** * Incidents data type for Microsoft Threat Protection Platforms data connector. @@ -11064,6 +11257,7 @@ model MTPDataConnectorDataTypes { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MTPDataConnectorDataTypesIncidents extends DataConnectorDataTypeCommon {} /** @@ -11072,11 +11266,13 @@ model MTPDataConnectorDataTypesIncidents extends DataConnectorDataTypeCommon {} #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MTPDataConnectorDataTypesAlerts extends DataConnectorDataTypeCommon {} /** * Represents the connector's Filtered providers */ +@added(Versions.v2025_10_01_preview) model MtpFilteredProviders { /** * Alerts filtered providers. When filters are not applied, all alerts will stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which are in GA state. @@ -11188,6 +11384,7 @@ model AwsCloudTrailDataConnectorDataTypesLogs /** * Represents Amazon Web Services S3 data connector. */ +@added(Versions.v2025_10_01_preview) model AwsS3DataConnector extends DataConnector { /** * Amazon Web Services S3 data connector properties. @@ -11203,6 +11400,7 @@ model AwsS3DataConnector extends DataConnector { /** * Amazon Web Services S3 data connector properties. */ +@added(Versions.v2025_10_01_preview) model AwsS3DataConnectorProperties { /** * The logs destination table name in LogAnalytics. @@ -11228,6 +11426,7 @@ model AwsS3DataConnectorProperties { /** * The available data types for Amazon Web Services S3 data connector. */ +@added(Versions.v2025_10_01_preview) model AwsS3DataConnectorDataTypes { /** * Logs data type. @@ -11240,6 +11439,7 @@ model AwsS3DataConnectorDataTypes { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model AwsS3DataConnectorDataTypesLogs extends DataConnectorDataTypeCommon {} /** @@ -11655,6 +11855,7 @@ model RestApiPollerRequestPagingCountBaseConfig * Represents Google Cloud Platform data connector. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model GCPDataConnector extends DataConnector { /** * Google Cloud Platform data connector properties. @@ -11671,6 +11872,7 @@ model GCPDataConnector extends DataConnector { * Google Cloud Platform data connector properties. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model GCPDataConnectorProperties { /** * The name of the connector definition that represents the UI config. @@ -11697,6 +11899,7 @@ model GCPDataConnectorProperties { * Google Cloud Platform auth section properties. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model GCPAuthProperties { /** * The service account that is used to access the GCP project. @@ -11718,6 +11921,7 @@ model GCPAuthProperties { * Google Cloud Platform request section properties. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model GCPRequestProperties { /** * The GCP project id. @@ -12158,6 +12362,7 @@ model MCASDataConnectorDataTypes extends AlertsDataTypeOfDataConnector { /** * Represents Dynamics365 data connector. */ +@added(Versions.v2025_10_01_preview) model Dynamics365DataConnector extends DataConnector { /** * Dynamics365 data connector properties. @@ -12174,6 +12379,7 @@ model Dynamics365DataConnector extends DataConnector { * Dynamics365 data connector properties. */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model Dynamics365DataConnectorProperties extends DataConnectorTenantId { /** * The available data types for the connector. @@ -12184,6 +12390,7 @@ model Dynamics365DataConnectorProperties extends DataConnectorTenantId { /** * The available data types for Dynamics365 data connector. */ +@added(Versions.v2025_10_01_preview) model Dynamics365DataConnectorDataTypes { /** * Common Data Service data type connection. @@ -12196,6 +12403,7 @@ model Dynamics365DataConnectorDataTypes { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model Dynamics365DataConnectorDataTypesDynamics365CdsActivities extends DataConnectorDataTypeCommon {} @@ -12203,6 +12411,7 @@ model Dynamics365DataConnectorDataTypesDynamics365CdsActivities * Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficeATPDataConnector extends DataConnector { /** * OfficeATP (Office 365 Advanced Threat Protection) data connector properties. @@ -12219,6 +12428,7 @@ model OfficeATPDataConnector extends DataConnector { * OfficeATP (Office 365 Advanced Threat Protection) data connector properties. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficeATPDataConnectorProperties { ...DataConnectorTenantId; ...DataConnectorWithAlertsProperties; @@ -12227,6 +12437,7 @@ model OfficeATPDataConnectorProperties { /** * Represents Microsoft Purview Information Protection data connector. */ +@added(Versions.v2025_10_01_preview) model MicrosoftPurviewInformationProtectionDataConnector extends DataConnector { /** * Microsoft Purview Information Protection data connector properties. @@ -12243,6 +12454,7 @@ model MicrosoftPurviewInformationProtectionDataConnector extends DataConnector { * Microsoft Purview Information Protection data connector properties. */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MicrosoftPurviewInformationProtectionDataConnectorProperties extends DataConnectorTenantId { /** @@ -12254,6 +12466,7 @@ model MicrosoftPurviewInformationProtectionDataConnectorProperties /** * The available data types for Microsoft Purview Information Protection data connector. */ +@added(Versions.v2025_10_01_preview) model MicrosoftPurviewInformationProtectionConnectorDataTypes { /** * Logs data type. @@ -12266,12 +12479,14 @@ model MicrosoftPurviewInformationProtectionConnectorDataTypes { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model MicrosoftPurviewInformationProtectionConnectorDataTypesLogs extends DataConnectorDataTypeCommon {} /** * Represents Office Microsoft Project data connector. */ +@added(Versions.v2025_10_01_preview) model Office365ProjectDataConnector extends DataConnector { /** * Office Microsoft Project data connector properties. @@ -12288,6 +12503,7 @@ model Office365ProjectDataConnector extends DataConnector { * Office Microsoft Project data connector properties. */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model Office365ProjectDataConnectorProperties extends DataConnectorTenantId { /** * The available data types for the connector. @@ -12298,6 +12514,7 @@ model Office365ProjectDataConnectorProperties extends DataConnectorTenantId { /** * The available data types for Office Microsoft Project data connector. */ +@added(Versions.v2025_10_01_preview) model Office365ProjectConnectorDataTypes { /** * Logs data type. @@ -12310,12 +12527,14 @@ model Office365ProjectConnectorDataTypes { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model Office365ProjectConnectorDataTypesLogs extends DataConnectorDataTypeCommon {} /** * Represents Office Microsoft PowerBI data connector. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficePowerBIDataConnector extends DataConnector { /** * Office Microsoft PowerBI data connector properties. @@ -12333,6 +12552,7 @@ model OfficePowerBIDataConnector extends DataConnector { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficePowerBIDataConnectorProperties extends DataConnectorTenantId { /** * The available data types for the connector. @@ -12344,6 +12564,7 @@ model OfficePowerBIDataConnectorProperties extends DataConnectorTenantId { * The available data types for Office Microsoft PowerBI data connector. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficePowerBIConnectorDataTypes { /** * Logs data type. @@ -12357,11 +12578,13 @@ model OfficePowerBIConnectorDataTypes { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficePowerBIConnectorDataTypesLogs extends DataConnectorDataTypeCommon {} /** * Represents PurviewAudit data connector. */ +@added(Versions.v2025_10_01_preview) model PurviewAuditDataConnector extends DataConnector { /** * PurviewAudit data connector properties. @@ -12378,6 +12601,7 @@ model PurviewAuditDataConnector extends DataConnector { * PurviewAudit data connector properties. */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model PurviewAuditDataConnectorProperties extends DataConnectorTenantId { /** * The connector definition name (the dataConnectorDefinition resource id). @@ -12403,6 +12627,7 @@ model PurviewAuditDataConnectorProperties extends DataConnectorTenantId { /** * The available data types for PurviewAudit data connector. */ +@added(Versions.v2025_10_01_preview) model PurviewAuditConnectorDataTypes { /** * Logs data type. @@ -12415,12 +12640,14 @@ model PurviewAuditConnectorDataTypes { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model PurviewAuditConnectorDataTypesLogs extends DataConnectorDataTypeCommon {} /** * Represents OfficeIRM (Microsoft Insider Risk Management) data connector. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficeIRMDataConnector extends DataConnector { /** * OfficeIRM (Microsoft Insider Risk Management) data connector properties. @@ -12437,6 +12664,7 @@ model OfficeIRMDataConnector extends DataConnector { * OfficeIRM (Microsoft Insider Risk Management) data connector properties. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model OfficeIRMDataConnectorProperties { ...DataConnectorTenantId; ...DataConnectorWithAlertsProperties; @@ -12593,6 +12821,7 @@ model TIDataConnectorDataTypesIndicators extends DataConnectorDataTypeCommon {} /** * Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server */ +@added(Versions.v2025_10_01_preview) model TiTaxiiDataConnector extends DataConnector { /** * Threat intelligence TAXII data connector properties. @@ -12609,6 +12838,7 @@ model TiTaxiiDataConnector extends DataConnector { * Threat Intelligence TAXII data connector properties. */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model TiTaxiiDataConnectorProperties extends DataConnectorTenantId { /** * The workspace id. @@ -12663,6 +12893,7 @@ model TiTaxiiDataConnectorProperties extends DataConnectorTenantId { /** * The available data types for Threat Intelligence TAXII data connector. */ +@added(Versions.v2025_10_01_preview) model TiTaxiiDataConnectorDataTypes { /** * Data type for TAXII connector. @@ -12675,6 +12906,7 @@ model TiTaxiiDataConnectorDataTypes { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model TiTaxiiDataConnectorDataTypesTaxiiClient extends DataConnectorDataTypeCommon {} @@ -12682,6 +12914,7 @@ model TiTaxiiDataConnectorDataTypesTaxiiClient * Represents IoT data connector. */ #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model IoTDataConnector extends DataConnector { /** * IoT data connector properties. @@ -12699,6 +12932,7 @@ model IoTDataConnector extends DataConnector { */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/casing-style" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model IoTDataConnectorProperties extends DataConnectorWithAlertsProperties { /** * The subscription id to connect to, and get the data from. @@ -12709,6 +12943,7 @@ model IoTDataConnectorProperties extends DataConnectorWithAlertsProperties { /** * Represents Codeless UI data connector. */ +@added(Versions.v2025_10_01_preview) model CodelessUiDataConnector extends DataConnector { /** * Codeless UI data connector properties @@ -12724,6 +12959,7 @@ model CodelessUiDataConnector extends DataConnector { /** * Represents Codeless UI data connector */ +@added(Versions.v2025_10_01_preview) model CodelessParameters { /** * Config to describe the instructions blade @@ -12734,6 +12970,7 @@ model CodelessParameters { /** * Config to describe the instructions blade */ +@added(Versions.v2025_10_01_preview) model CodelessUiConnectorConfigProperties { /** * Connector blade title @@ -12804,12 +13041,14 @@ model CodelessUiConnectorConfigProperties { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model CodelessUiConnectorConfigPropertiesGraphQueriesItem extends GraphQueries {} /** * The graph query to show the current data status */ +@added(Versions.v2025_10_01_preview) model GraphQueries { /** * the metric that the query is checking @@ -12830,12 +13069,14 @@ model GraphQueries { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model CodelessUiConnectorConfigPropertiesSampleQueriesItem extends SampleQueries {} /** * The sample queries for the connector */ +@added(Versions.v2025_10_01_preview) model SampleQueries { /** * The sample query description @@ -12851,12 +13092,14 @@ model SampleQueries { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model CodelessUiConnectorConfigPropertiesDataTypesItem extends LastDataReceivedDataType {} /** * Data type for last data received */ +@added(Versions.v2025_10_01_preview) model LastDataReceivedDataType { /** * Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder @@ -12872,12 +13115,14 @@ model LastDataReceivedDataType { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem extends ConnectivityCriteria {} /** * Setting for the connector check connectivity */ +@added(Versions.v2025_10_01_preview) model ConnectivityCriteria { /** * type of connectivity @@ -12893,6 +13138,7 @@ model ConnectivityCriteria { /** * Connector Availability Status */ +@added(Versions.v2025_10_01_preview) model Availability { /** * The connector Availability Status @@ -12908,6 +13154,7 @@ model Availability { /** * Permissions required for the connector */ +@added(Versions.v2025_10_01_preview) model Permissions { /** * Resource provider permissions required for the connector @@ -12925,11 +13172,13 @@ model Permissions { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model PermissionsResourceProviderItem extends ResourceProvider {} /** * Resource provider permissions required for the connector */ +@added(Versions.v2025_10_01_preview) model ResourceProvider { /** * Provider name @@ -12960,6 +13209,7 @@ model ResourceProvider { /** * Required permissions for the connector */ +@added(Versions.v2025_10_01_preview) model RequiredPermissions { /** * action permission @@ -12985,6 +13235,7 @@ model RequiredPermissions { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model PermissionsCustomsItem extends Customs {} /** @@ -12992,11 +13243,13 @@ model PermissionsCustomsItem extends Customs {} */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model Customs extends CustomsPermission {} /** * Customs permissions required for the connector */ +@added(Versions.v2025_10_01_preview) model CustomsPermission { /** * Customs permissions name @@ -13012,12 +13265,14 @@ model CustomsPermission { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model CodelessUiConnectorConfigPropertiesInstructionStepsItem extends InstructionSteps {} /** * Instruction steps to enable the connector */ +@added(Versions.v2025_10_01_preview) model InstructionSteps { /** * Instruction step title @@ -13039,11 +13294,13 @@ model InstructionSteps { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model InstructionStepsInstructionsItem extends ConnectorInstructionModelBase {} /** * Instruction step details */ +@added(Versions.v2025_10_01_preview) model ConnectorInstructionModelBase { /** * The parameters for the setting @@ -13060,6 +13317,7 @@ model ConnectorInstructionModelBase { /** * Represents Codeless API Polling data connector. */ +@added(Versions.v2025_10_01_preview) model CodelessApiPollingDataConnector extends DataConnector { /** * Codeless poling data connector properties @@ -13075,6 +13333,7 @@ model CodelessApiPollingDataConnector extends DataConnector { /** * Represents Codeless API Polling data connector */ +@added(Versions.v2025_10_01_preview) model ApiPollingParameters { /** * Config to describe the instructions blade @@ -13090,6 +13349,7 @@ model ApiPollingParameters { /** * Config to describe the polling config for API poller connector */ +@added(Versions.v2025_10_01_preview) model CodelessConnectorPollingConfigProperties { /** * The poller active status @@ -13120,6 +13380,7 @@ model CodelessConnectorPollingConfigProperties { /** * Describe the authentication properties needed to successfully authenticate with the server */ +@added(Versions.v2025_10_01_preview) model CodelessConnectorPollingAuthProperties { /** * The authentication type @@ -13193,6 +13454,7 @@ model CodelessConnectorPollingAuthProperties { /** * Describe the request properties needed to successfully pull from the server */ +@added(Versions.v2025_10_01_preview) model CodelessConnectorPollingRequestProperties { /** * Describe the endpoint we should pull the data from @@ -13260,6 +13522,7 @@ model CodelessConnectorPollingRequestProperties { /** * Describe the properties needed to make a pagination call */ +@added(Versions.v2025_10_01_preview) model CodelessConnectorPollingPagingProperties { /** * Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' @@ -13310,6 +13573,7 @@ model CodelessConnectorPollingPagingProperties { /** * Describes the response from the external server */ +@added(Versions.v2025_10_01_preview) model CodelessConnectorPollingResponseProperties { /** * Describes the path we should extract the data in the response @@ -13335,6 +13599,7 @@ model CodelessConnectorPollingResponseProperties { /** * Represents Activity timeline item. */ +@added(Versions.v2025_10_01_preview) model ActivityTimelineItem extends EntityTimelineItem { /** * The activity query id. @@ -13388,6 +13653,7 @@ model ActivityTimelineItem extends EntityTimelineItem { /** * Represents bookmark timeline item. */ +@added(Versions.v2025_10_01_preview) model BookmarkTimelineItem extends EntityTimelineItem { /** * The bookmark azure resource id. @@ -13441,6 +13707,7 @@ model BookmarkTimelineItem extends EntityTimelineItem { /** * Represents anomaly timeline item. */ +@added(Versions.v2025_10_01_preview) model AnomalyTimelineItem extends EntityTimelineItem { /** * The anomaly azure resource id. @@ -13509,6 +13776,7 @@ model AnomalyTimelineItem extends EntityTimelineItem { /** * An properties abstract Query item for entity */ +@added(Versions.v2025_10_01_preview) model EntityQueryItemProperties { /** * Data types for template @@ -13535,6 +13803,7 @@ model EntityQueryItemProperties { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model EntityQueryItemPropertiesDataTypesItem { /** * Data type name @@ -13545,6 +13814,7 @@ model EntityQueryItemPropertiesDataTypesItem { /** * Represents Insight Query. */ +@added(Versions.v2025_10_01_preview) model InsightQueryItem extends EntityQueryItem { /** * Properties bag for InsightQueryItem @@ -13561,6 +13831,7 @@ model InsightQueryItem extends EntityQueryItem { * Represents Insight Query. */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model InsightQueryItemProperties extends EntityQueryItemProperties { /** * The insight display name. @@ -13607,6 +13878,7 @@ model InsightQueryItemProperties extends EntityQueryItemProperties { /** * The insight table query. */ +@added(Versions.v2025_10_01_preview) model InsightQueryItemPropertiesTableQuery { /** * List of insight column definitions. @@ -13622,6 +13894,7 @@ model InsightQueryItemPropertiesTableQuery { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem { /** * Insight column header. @@ -13640,6 +13913,7 @@ model InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem { /** * Insight column header. @@ -13664,6 +13938,7 @@ model InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem { /** * Insight Link Definition Projected Name. @@ -13680,6 +13955,7 @@ model InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem /** * The activity query definitions. */ +@added(Versions.v2025_10_01_preview) model InsightQueryItemPropertiesAdditionalQuery { /** * The insight query. @@ -13695,6 +13971,7 @@ model InsightQueryItemPropertiesAdditionalQuery { /** * The insight chart query. */ +@added(Versions.v2025_10_01_preview) model InsightQueryItemPropertiesDefaultTimeRange { /** * The padding for the start time of the query. @@ -13710,6 +13987,7 @@ model InsightQueryItemPropertiesDefaultTimeRange { /** * The insight chart query. */ +@added(Versions.v2025_10_01_preview) model InsightQueryItemPropertiesReferenceTimeRange { /** * Additional query time for looking back. @@ -13720,6 +13998,7 @@ model InsightQueryItemPropertiesReferenceTimeRange { /** * Represents security alert timeline item. */ +@added(Versions.v2025_10_01_preview) model SecurityAlertTimelineItem extends EntityTimelineItem { /** * The alert azure resource id. @@ -13789,6 +14068,7 @@ model SecurityAlertTimelineItem extends EntityTimelineItem { /** * Represents Expansion entity query. */ +@added(Versions.v2025_10_01_preview) model ExpansionEntityQuery extends EntityQuery { /** * Expansion entity query properties @@ -13804,6 +14084,7 @@ model ExpansionEntityQuery extends EntityQuery { /** * Describes expansion entity query properties */ +@added(Versions.v2025_10_01_preview) model ExpansionEntityQueriesProperties { /** * List of the data sources that are required to run the query @@ -13839,6 +14120,7 @@ model ExpansionEntityQueriesProperties { /** * Represents Activity entity query. */ +@added(Versions.v2025_10_01_preview) model ActivityEntityQuery extends EntityQuery { /** * Activity entity query properties @@ -13854,6 +14136,7 @@ model ActivityEntityQuery extends EntityQuery { /** * Describes activity entity query properties */ +@added(Versions.v2025_10_01_preview) model ActivityEntityQueriesProperties { /** * The entity query title @@ -13920,6 +14203,7 @@ model ActivityEntityQueriesProperties { /** * The Activity query definitions */ +@added(Versions.v2025_10_01_preview) model ActivityEntityQueriesPropertiesQueryDefinitions { /** * The Activity query to run on a given entity @@ -13930,6 +14214,7 @@ model ActivityEntityQueriesPropertiesQueryDefinitions { /** * Represents Activity entity query. */ +@added(Versions.v2025_10_01_preview) model ActivityCustomEntityQuery extends CustomEntityQuery { /** * Activity entity query properties @@ -13945,6 +14230,7 @@ model ActivityCustomEntityQuery extends CustomEntityQuery { /** * Represents Activity entity query. */ +@added(Versions.v2025_10_01_preview) model ActivityEntityQueryTemplate extends EntityQueryTemplate { /** * Activity entity query properties @@ -13960,6 +14246,7 @@ model ActivityEntityQueryTemplate extends EntityQueryTemplate { /** * Describes activity entity query properties */ +@added(Versions.v2025_10_01_preview) model ActivityEntityQueryTemplateProperties { /** * The entity query title @@ -14008,6 +14295,7 @@ model ActivityEntityQueryTemplateProperties { /** * The Activity query definitions */ +@added(Versions.v2025_10_01_preview) model ActivityEntityQueryTemplatePropertiesQueryDefinitions { /** * The Activity query to run on a given entity @@ -14023,6 +14311,7 @@ model ActivityEntityQueryTemplatePropertiesQueryDefinitions { /** * The data type definition */ +@added(Versions.v2025_10_01_preview) model DataTypeDefinitions { /** * The data type name @@ -14033,6 +14322,7 @@ model DataTypeDefinitions { /** * Describes team properties */ +@added(Versions.v2025_10_01_preview) model TeamProperties { /** * The name of the team @@ -14170,6 +14460,7 @@ model SecurityMLAnalyticsSettingsDataSource { /** * Settings with single toggle. */ +@added(Versions.v2025_10_01_preview) model Anomalies extends Settings { /** * Anomalies properties @@ -14185,6 +14476,7 @@ model Anomalies extends Settings { /** * Anomalies property bag. */ +@added(Versions.v2025_10_01_preview) model AnomaliesSettingsProperties { /** * Determines whether the setting is enable or disabled. @@ -14196,6 +14488,7 @@ model AnomaliesSettingsProperties { /** * Settings with single toggle. */ +@added(Versions.v2025_10_01_preview) model EyesOn extends Settings { /** * EyesOn properties @@ -14211,6 +14504,7 @@ model EyesOn extends Settings { /** * EyesOn property bag. */ +@added(Versions.v2025_10_01_preview) model EyesOnSettingsProperties { /** * Determines whether the setting is enable or disabled. @@ -14222,6 +14516,7 @@ model EyesOnSettingsProperties { /** * Settings with single toggle. */ +@added(Versions.v2025_10_01_preview) model EntityAnalytics extends Settings { /** * EntityAnalytics properties @@ -14237,6 +14532,7 @@ model EntityAnalytics extends Settings { /** * EntityAnalytics property bag. */ +@added(Versions.v2025_10_01_preview) model EntityAnalyticsProperties { /** * The relevant entity providers that are synced @@ -14247,6 +14543,7 @@ model EntityAnalyticsProperties { /** * Settings with single toggle. */ +@added(Versions.v2025_10_01_preview) model Ueba extends Settings { /** * Ueba properties @@ -14262,6 +14559,7 @@ model Ueba extends Settings { /** * Ueba property bag. */ +@added(Versions.v2025_10_01_preview) model UebaProperties { /** * The relevant data sources that enriched by ueba @@ -14272,6 +14570,7 @@ model UebaProperties { /** * Represents a threat actor in Azure Security Insights. */ +@added(Versions.v2025_10_01_preview) model ThreatActor extends TIObject { /** * The kind of the TI object @@ -14282,6 +14581,7 @@ model ThreatActor extends TIObject { /** * Represents an attack pattern in Azure Security Insights. */ +@added(Versions.v2025_10_01_preview) model AttackPattern extends TIObject { /** * The kind of the TI object @@ -14292,6 +14592,7 @@ model AttackPattern extends TIObject { /** * Represents an identity in Azure Security Insights. */ +@added(Versions.v2025_10_01_preview) model Identity extends TIObject { /** * The kind of the TI object @@ -14302,6 +14603,7 @@ model Identity extends TIObject { /** * Represents a relationship in Azure Security Insights. */ +@added(Versions.v2025_10_01_preview) model Relationship extends TIObject { /** * The kind of the TI object @@ -14312,6 +14614,7 @@ model Relationship extends TIObject { /** * Represents an indicator in Azure Security Insights. */ +@added(Versions.v2025_10_01_preview) model Indicator extends TIObject { /** * The observables of this indicator @@ -14328,6 +14631,7 @@ model Indicator extends TIObject { /** * An observable of this indicator */ +@added(Versions.v2025_10_01_preview) model IndicatorObservablesItem { /** * The type of the observable of this indicator @@ -15701,6 +16005,7 @@ model UrlEntityProperties extends EntityCommonProperties { /** * Represents an network interface entity. */ +@added(Versions.v2025_10_01_preview) model NicEntity extends Entity { /** * Network interface entity properties @@ -15717,6 +16022,7 @@ model NicEntity extends Entity { * Nic entity property bag. */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) model NicEntityProperties extends EntityCommonProperties { /** * The MAC address of this network interface From c302e6411f61757c7f711a9cbee6110dd95668f6 Mon Sep 17 00:00:00 2001 From: Adi Megidish Date: Wed, 27 May 2026 14:24:39 +0300 Subject: [PATCH 03/38] Fix Entity versioning --- .../SecurityInsights/Entity.tsp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp index 0507c2a62562..c5ca64492683 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp @@ -32,12 +32,14 @@ interface Entities { * Gets an entity. */ @tag("Entities") + @added(Versions.v2025_10_01_preview) get is Extension.Read; /** * Gets all entities. */ @tag("Entities") + @added(Versions.v2025_10_01_preview) list is Extension.ListByTarget< workspaceExternalResource, Entity, @@ -67,6 +69,7 @@ interface Entities { * Expands an entity. */ @tag("Entities") + @added(Versions.v2025_10_01_preview) expand is Extension.ActionSync< workspaceExternalResource, Entity, @@ -81,6 +84,7 @@ interface Entities { @get @list @tag("Entities") + @added(Versions.v2025_10_01_preview) queries is Extension.ActionSync< workspaceExternalResource, Entity, @@ -100,6 +104,7 @@ interface Entities { * Execute Insights for an entity. */ @tag("Entities") + @added(Versions.v2025_10_01_preview) getInsights is Extension.ActionSync< workspaceExternalResource, Entity, @@ -115,6 +120,7 @@ interface Entities { @operationId("EntitiesGetTimeline_list") @action("getTimeline") @tag("Entities") + @added(Versions.v2025_10_01_preview) entitiesGetTimelineList is Extension.ActionSync< workspaceExternalResource, Entity, @@ -142,5 +148,3 @@ interface Entities { "The parameters required to execute an timeline operation on the given entity." ); -@@added(Entity, Versions.v2025_10_01_preview); -@@added(Entities, Versions.v2025_10_01_preview); From 717342f77280857beea507ae97ed4e35622a9a3d Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Mon, 1 Jun 2026 16:55:18 +0300 Subject: [PATCH 04/38] Versioning models.tsp --- .../SecurityInsights/back-compatible.tsp | 32 +-- .../SecurityInsights/models.tsp | 205 ++++++++++++++++-- 2 files changed, 198 insertions(+), 39 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp index 0995c9fd6a99..ff4e1d6e055a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp @@ -81,7 +81,7 @@ using Microsoft.SecurityInsights; @@Legacy.flattenProperty(AADCheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -@@Legacy.flattenProperty(AatpCheckRequirements.properties); +@@Legacy.flattenProperty(AATPCheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @@Legacy.flattenProperty(ASCCheckRequirements.properties); @@ -90,13 +90,13 @@ using Microsoft.SecurityInsights; @@Legacy.flattenProperty(Dynamics365CheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -@@Legacy.flattenProperty(McasCheckRequirements.properties); +@@Legacy.flattenProperty(MCASCheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -@@Legacy.flattenProperty(MdatpCheckRequirements.properties); +@@Legacy.flattenProperty(MDATPCheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -@@Legacy.flattenProperty(MstiCheckRequirements.properties); +@@Legacy.flattenProperty(MSTICheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @@Legacy.flattenProperty(MtpCheckRequirements.properties); @@ -134,7 +134,7 @@ using Microsoft.SecurityInsights; @@Legacy.flattenProperty(AADDataConnector.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -@@Legacy.flattenProperty(MstiDataConnector.properties); +@@Legacy.flattenProperty(MSTIDataConnector.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @@Legacy.flattenProperty( @@ -693,24 +693,24 @@ using Microsoft.SecurityInsights; @@clientName(OutputType, "outputType"); @@clientName(JobItem, "jobItem"); -@@clientName(McasCheckRequirements, "MCASCheckRequirements"); +@@clientName(MCASCheckRequirements, "MCASCheckRequirements"); @@clientName( - McasCheckRequirementsProperties, + MCASCheckRequirementsProperties, "MCASCheckRequirementsProperties" ); -@@clientName(MdatpCheckRequirements, "MDATPCheckRequirements"); +@@clientName(MDATPCheckRequirements, "MDATPCheckRequirements"); @@clientName( - MdatpCheckRequirementsProperties, + MDATPCheckRequirementsProperties, "MDATPCheckRequirementsProperties" ); -@@clientName(MstiCheckRequirements, "MSTICheckRequirements"); +@@clientName(MSTICheckRequirements, "MSTICheckRequirements"); @@clientName( - MstiCheckRequirementsProperties, + MSTICheckRequirementsProperties, "MSTICheckRequirementsProperties" ); -@@clientName(MstiDataConnector, "MSTIDataConnector"); -@@clientName(MstiDataConnectorProperties, "MSTIDataConnectorProperties"); -@@clientName(MstiDataConnectorDataTypes, "MSTIDataConnectorDataTypes"); +@@clientName(MSTIDataConnector, "MSTIDataConnector"); +@@clientName(MSTIDataConnectorProperties, "MSTIDataConnectorProperties"); +@@clientName(MSTIDataConnectorDataTypes, "MSTIDataConnectorDataTypes"); @@clientName(AssignmentItem, "assignmentItem"); @@clientName(Error, "error"); @@clientName( @@ -722,9 +722,9 @@ using Microsoft.SecurityInsights; ThreatIntelligenceIndicatorOperationGroup.queryIndicators::parameters.body, "ThreatIntelligenceFilteringCriteria" ); -@@clientName(AatpCheckRequirements, "AATPCheckRequirements"); +@@clientName(AATPCheckRequirements, "AATPCheckRequirements"); @@clientName( - AatpCheckRequirementsProperties, + AATPCheckRequirementsProperties, "AATPCheckRequirementsProperties" ); @@clientName(BookmarkRelations.createOrUpdate::parameters.resource, "relation"); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index d610606c9ed0..66190f73af3b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -1,4 +1,4 @@ -import "@typespec/rest"; +import "@typespec/rest"; import "@typespec/http"; import "@azure-tools/typespec-azure-core"; import "@azure-tools/typespec-azure-resource-manager"; @@ -34,16 +34,19 @@ union AlertRuleKind { /** * MLBehaviorAnalytics */ + @added(Versions.v2025_10_01_preview) MLBehaviorAnalytics: "MLBehaviorAnalytics", /** * ThreatIntelligence */ + @added(Versions.v2025_10_01_preview) ThreatIntelligence: "ThreatIntelligence", /** * NRT */ + @added(Versions.v2025_10_01_preview) NRT: "NRT", } @@ -402,6 +405,7 @@ union EntityKindEnum { /** * Entity represents network interface in the system. */ + @added(Versions.v2025_10_01_preview) Nic: "Nic", } @@ -602,12 +606,31 @@ union Kind { /** * Custom detections enable proactive monitoring and automated response actions for various events and system states across your tenant. */ + @added(Versions.v2025_10_01_preview) CustomDetection: "CustomDetection", } +/** + * Operator used for list of dependencies in criteria array. + */ +union MetadataDependencyOperator { + string, + + /** + * AND + */ + AND: "AND", + + /** + * OR + */ + OR: "OR", +} + /** * Represents an operator in a ConditionClause. */ +@added(Versions.v2025_10_01_preview) union Operator { string, @@ -783,6 +806,7 @@ union DataConnectorKind { /** * ThreatIntelligenceTaxii */ + @added(Versions.v2025_10_01_preview) ThreatIntelligenceTaxii: "ThreatIntelligenceTaxii", /** @@ -793,26 +817,31 @@ union DataConnectorKind { /** * OfficeATP */ + @added(Versions.v2025_10_01_preview) OfficeATP: "OfficeATP", /** * OfficeIRM */ + @added(Versions.v2025_10_01_preview) OfficeIRM: "OfficeIRM", /** * Office365Project */ + @added(Versions.v2025_10_01_preview) Office365Project: "Office365Project", /** * MicrosoftPurviewInformationProtection */ + @added(Versions.v2025_10_01_preview) MicrosoftPurviewInformationProtection: "MicrosoftPurviewInformationProtection", /** * OfficePowerBI */ + @added(Versions.v2025_10_01_preview) OfficePowerBI: "OfficePowerBI", /** @@ -823,6 +852,7 @@ union DataConnectorKind { /** * AmazonWebServicesS3 */ + @added(Versions.v2025_10_01_preview) AmazonWebServicesS3: "AmazonWebServicesS3", /** @@ -838,11 +868,13 @@ union DataConnectorKind { /** * Dynamics365 */ + @added(Versions.v2025_10_01_preview) Dynamics365: "Dynamics365", /** * MicrosoftThreatProtection */ + @added(Versions.v2025_10_01_preview) MicrosoftThreatProtection: "MicrosoftThreatProtection", /** @@ -858,21 +890,25 @@ union DataConnectorKind { /** * GenericUI */ + @added(Versions.v2025_10_01_preview) GenericUI: "GenericUI", /** * APIPolling */ + @added(Versions.v2025_10_01_preview) APIPolling: "APIPolling", /** * IOT */ + @added(Versions.v2025_10_01_preview) IOT: "IOT", /** * GCP */ + @added(Versions.v2025_10_01_preview) GCP: "GCP", /** @@ -883,6 +919,7 @@ union DataConnectorKind { /** * PurviewAudit */ + @added(Versions.v2025_10_01_preview) PurviewAudit: "PurviewAudit", } @@ -1613,9 +1650,27 @@ union IncidentTaskStatus { Completed: "Completed", } +/** + * Status of the pull request. + */ +union PullRequestState { + string, + + /** + * Open + */ + Open: "Open", + + /** + * Closed + */ + Closed: "Closed", +} + /** * State of recommendation. */ +@added(Versions.v2025_10_01_preview) union State { string, @@ -1995,9 +2050,80 @@ union TIObjectKind { ThreatActor: "ThreatActor", } +/** + * The provisioning state of the watchlist + */ +union WatchlistProvisioningState { + string, + + /** + * New + */ + New: "New", + + /** + * InProgress + */ + InProgress: "InProgress", + + /** + * Uploading + */ + Uploading: "Uploading", + + /** + * Deleting + */ + Deleting: "Deleting", + + /** + * Succeeded + */ + Succeeded: "Succeeded", + + /** + * Failed + */ + Failed: "Failed", + + /** + * Canceled + */ + Canceled: "Canceled", +} + +/** + * The provisioning state of the workspace manager job + */ +@added(Versions.v2025_10_01_preview) +union JobProvisioningState { + string, + + /** + * Succeeded + */ + Succeeded: "Succeeded", + + /** + * InProgress + */ + InProgress: "InProgress", + + /** + * Canceled + */ + Canceled: "Canceled", + + /** + * Failed + */ + Failed: "Failed", +} + /** * The triggered analytics rule run provisioning state */ +@added(Versions.v2025_10_01_preview) union ProvisioningState { string, @@ -2235,6 +2361,7 @@ union AlertProperty { /** * SubTechniques alert property */ + @added(Versions.v2025_10_01_preview) SubTechniques: "SubTechniques", } @@ -2289,11 +2416,13 @@ union MicrosoftSecurityProductName { /** * Office 365 Advanced Threat Protection */ + @added(Versions.v2025_10_01_preview) `Office 365 Advanced Threat Protection`: "Office 365 Advanced Threat Protection", /** * Microsoft Defender Advanced Threat Protection */ + @added(Versions.v2025_10_01_preview) `Microsoft Defender Advanced Threat Protection`: "Microsoft Defender Advanced Threat Protection", } @@ -2403,6 +2532,7 @@ union AutomationRulePropertyArrayConditionSupportedArrayType { /** * Evaluate the condition on the incident labels */ + @added(Versions.v2025_10_01_preview) IncidentLabels: "IncidentLabels", } @@ -2565,11 +2695,13 @@ union AutomationRulePropertyConditionSupportedProperty { /** * The Custom-Detection rule ids associated with any of the incident alerts */ + @added(Versions.v2025_10_01_preview) IncidentCustomDetectionRuleIds: "IncidentCustomDetectionRuleIds", /** * The alert title associated with any of the incident alerts */ + @added(Versions.v2025_10_01_preview) IncidentAlertTitle: "IncidentAlertTitle", /** @@ -4048,16 +4180,19 @@ model BookmarkProperties { * Describes the entity mappings of the bookmark */ #suppress "@azure-tools/typespec-azure-resource-manager/missing-x-ms-identifiers" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" + @added(Versions.v2025_10_01_preview) entityMappings?: BookmarkEntityMappings[]; /** * A list of relevant mitre attacks */ + @added(Versions.v2025_10_01_preview) tactics?: AttackTactic[]; /** * A list of relevant mitre techniques */ + @added(Versions.v2025_10_01_preview) techniques?: string[]; } @@ -4512,7 +4647,7 @@ model MetadataDependencies { /** * Operator used for list of dependencies in criteria array. */ - operator?: Operator; + operator?: MetadataDependencyOperator; /** * This is the list of dependencies we must fulfill, according to the AND/OR operator @@ -6003,6 +6138,7 @@ model IncidentProperties { /** * Describes a team for the incident */ + @added(Versions.v2025_10_01_preview) teamInformation?: TeamInformation; } @@ -6089,6 +6225,7 @@ model IncidentAdditionalData { /** * The techniques associated with incident's tactics */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) techniques?: string[]; @@ -6101,12 +6238,14 @@ model IncidentAdditionalData { /** * The incident number of the incident that the current incident was merged into */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) mergedIncidentNumber?: string; /** * The URL to the incident that the current incident was merged into */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) mergedIncidentUrl?: string; } @@ -7443,7 +7582,7 @@ model PullRequest { * State of the pull request */ @visibility(Lifecycle.Read) - state?: State; + state?: PullRequestState; } /** @@ -8341,7 +8480,7 @@ model WatchlistProperties { * Describes provisioning state */ @visibility(Lifecycle.Read) - provisioningState?: ProvisioningState; + provisioningState?: WatchlistProvisioningState; } /** @@ -8438,7 +8577,7 @@ model WorkspaceManagerAssignmentProperties { * State of the last job associated to this assignment */ @visibility(Lifecycle.Read) - lastJobProvisioningState?: ProvisioningState; + lastJobProvisioningState?: JobProvisioningState; /** * List of resources included in this workspace manager assignment @@ -8486,7 +8625,7 @@ model JobProperties { * State of the job */ @visibility(Lifecycle.Read) - provisioningState?: ProvisioningState; + provisioningState?: JobProvisioningState; /** * The time the job started @@ -9000,12 +9139,14 @@ model FusionAlertRuleProperties { /** * Configuration for all supported source signals in fusion detection. */ + @added(Versions.v2025_10_01_preview) @identifiers(#[]) sourceSettings?: FusionSourceSettings[]; /** * Configuration to exclude scenarios in fusion detection. */ + @added(Versions.v2025_10_01_preview) @identifiers(#[]) scenarioExclusionPatterns?: FusionScenarioExclusionPattern[]; @@ -9037,6 +9178,7 @@ model FusionAlertRuleProperties { /** * The sub-techniques of the alert rule */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) subTechniques?: string[]; } @@ -9220,11 +9362,13 @@ model FusionAlertRuleTemplateProperties { /** * The sub-techniques of the alert rule */ + @added(Versions.v2025_10_01_preview) subTechniques?: string[]; /** * All supported source signal configurations consumed in fusion detection. */ + @added(Versions.v2025_10_01_preview) @identifiers(#[]) sourceSettings?: FusionTemplateSourceSetting[]; } @@ -9565,6 +9709,7 @@ model ScheduledAlertRuleProperties extends ScheduledAlertRuleCommonProperties { /** * The sub-techniques of the alert rule */ + @added(Versions.v2025_10_01_preview) subTechniques?: string[]; /** @@ -9688,6 +9833,7 @@ model ScheduledAlertRuleCommonProperties { * Array of the sentinel entity mappings of the alert rule */ #suppress "@azure-tools/typespec-azure-resource-manager/missing-x-ms-identifiers" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" + @added(Versions.v2025_10_01_preview) sentinelEntitiesMappings?: SentinelEntityMapping[]; } @@ -9886,6 +10032,7 @@ model ScheduledAlertRuleTemplateProperties { /** * The sub-techniques of the alert rule */ + @added(Versions.v2025_10_01_preview) subTechniques?: string[]; /** @@ -9919,6 +10066,7 @@ model ScheduledAlertRuleTemplateProperties { * Array of the sentinel entity mappings of the alert rule */ #suppress "@azure-tools/typespec-azure-resource-manager/missing-x-ms-identifiers" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" + @added(Versions.v2025_10_01_preview) sentinelEntitiesMappings?: SentinelEntityMapping[]; } @@ -10614,11 +10762,11 @@ model DataConnectorTenantId { * Represents AATP (Azure Advanced Threat Protection) requirements check request. */ @added(Versions.v2025_10_01_preview) -model AatpCheckRequirements extends DataConnectorsCheckRequirements { +model AATPCheckRequirements extends DataConnectorsCheckRequirements { /** * AATP (Azure Advanced Threat Protection) requirements check properties. */ - properties?: AatpCheckRequirementsProperties; + properties?: AATPCheckRequirementsProperties; /** * Describes the kind of connector to be checked. @@ -10632,7 +10780,7 @@ model AatpCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @added(Versions.v2025_10_01_preview) -model AatpCheckRequirementsProperties extends DataConnectorTenantId {} +model AATPCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents ASC (Azure Security Center) requirements check request. @@ -10713,11 +10861,11 @@ model Dynamics365CheckRequirementsProperties extends DataConnectorTenantId {} * Represents MCAS (Microsoft Cloud App Security) requirements check request. */ @added(Versions.v2025_10_01_preview) -model McasCheckRequirements extends DataConnectorsCheckRequirements { +model MCASCheckRequirements extends DataConnectorsCheckRequirements { /** * MCAS (Microsoft Cloud App Security) requirements check properties. */ - properties?: McasCheckRequirementsProperties; + properties?: MCASCheckRequirementsProperties; /** * Describes the kind of connector to be checked. @@ -10731,17 +10879,17 @@ model McasCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @added(Versions.v2025_10_01_preview) -model McasCheckRequirementsProperties extends DataConnectorTenantId {} +model MCASCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. */ @added(Versions.v2025_10_01_preview) -model MdatpCheckRequirements extends DataConnectorsCheckRequirements { +model MDATPCheckRequirements extends DataConnectorsCheckRequirements { /** * MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. */ - properties?: MdatpCheckRequirementsProperties; + properties?: MDATPCheckRequirementsProperties; /** * Describes the kind of connector to be checked. @@ -10755,17 +10903,17 @@ model MdatpCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @added(Versions.v2025_10_01_preview) -model MdatpCheckRequirementsProperties extends DataConnectorTenantId {} +model MDATPCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents Microsoft Threat Intelligence requirements check request. */ @added(Versions.v2025_10_01_preview) -model MstiCheckRequirements extends DataConnectorsCheckRequirements { +model MSTICheckRequirements extends DataConnectorsCheckRequirements { /** * Microsoft Threat Intelligence requirements check properties. */ - properties?: MstiCheckRequirementsProperties; + properties?: MSTICheckRequirementsProperties; /** * Describes the kind of connector to be checked. @@ -10779,7 +10927,7 @@ model MstiCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @added(Versions.v2025_10_01_preview) -model MstiCheckRequirementsProperties extends DataConnectorTenantId {} +model MSTICheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents MTP (Microsoft Threat Protection) requirements check request. @@ -11097,11 +11245,11 @@ model DataConnectorDataTypeCommon { /** * Represents Microsoft Threat Intelligence data connector. */ -model MstiDataConnector extends DataConnector { +model MSTIDataConnector extends DataConnector { /** * Microsoft Threat Intelligence data connector properties. */ - properties?: MstiDataConnectorProperties; + properties?: MSTIDataConnectorProperties; /** * The data connector kind @@ -11113,17 +11261,17 @@ model MstiDataConnector extends DataConnector { * Microsoft Threat Intelligence data connector properties. */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -model MstiDataConnectorProperties extends DataConnectorTenantId { +model MSTIDataConnectorProperties extends DataConnectorTenantId { /** * The available data types for the connector. */ - dataTypes: MstiDataConnectorDataTypes; + dataTypes: MSTIDataConnectorDataTypes; } /** * The available data types for Microsoft Threat Intelligence Platforms data connector. */ -model MstiDataConnectorDataTypes { +model MSTIDataConnectorDataTypes { /** * Data type for Microsoft Threat Intelligence Platforms data connector. */ @@ -15136,65 +15284,76 @@ model IoTDeviceEntityProperties extends EntityCommonProperties { /** * A list of owners of the IoTDevice entity. */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) owners?: string[]; /** * A list of Nic entity ids of the IoTDevice entity. */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) nicEntityIds?: string[]; /** * The site of the device */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) site?: string; /** * The zone location of the device within a site */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) zone?: string; /** * The sensor the device is monitored by */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) sensor?: string; /** * The subType of the device ('PLC', 'HMI', 'EWS', etc.) */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) deviceSubType?: string; /** * Device importance, determines if the device classified as 'crown jewel' */ + @added(Versions.v2025_10_01_preview) importance?: DeviceImportance; /** * The Purdue Layer of the device */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) purdueLayer?: string; /** * Determines whether the device classified as authorized device */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) isAuthorized?: boolean; /** * Determines whether the device classified as programming device */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) isProgramming?: boolean; /** * Is the device classified as a scanner device */ + @added(Versions.v2025_10_01_preview) @visibility(Lifecycle.Read) isScanner?: boolean; } From 2807478d1ab752244b0c169d084605feaf7b2f35 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Tue, 2 Jun 2026 16:41:19 +0300 Subject: [PATCH 05/38] Versioning AlertRule, Bookmark, DataConnector, routes, Relation --- .../Microsoft.SecurityInsights/SecurityInsights/AlertRule.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/Bookmark.tsp | 1 + .../SecurityInsights/DataConnector.tsp | 2 ++ .../Microsoft.SecurityInsights/SecurityInsights/Relation.tsp | 4 ++++ .../Microsoft.SecurityInsights/SecurityInsights/routes.tsp | 4 ++++ 5 files changed, 12 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/AlertRule.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/AlertRule.tsp index 532bd7b17881..2119d0db3760 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/AlertRule.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/AlertRule.tsp @@ -78,6 +78,7 @@ interface AlertRules { #suppress "@azure-tools/typespec-azure-core/no-openapi" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @operationId("alertRule_TriggerRuleRun") @tag("trigger analytics rule run") + @added(Versions.v2025_10_01_preview) triggerRuleRun is Extension.ActionAsyncBase< OperationalInsights, AlertRule, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Bookmark.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Bookmark.tsp index bf478485f42f..c90ac7afe148 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Bookmark.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Bookmark.tsp @@ -72,6 +72,7 @@ interface Bookmarks { * Expand an bookmark */ @tag("Bookmark") + @added(Versions.v2025_10_01_preview) expand is Extension.ActionSync< OperationalInsights, Bookmark, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/DataConnector.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/DataConnector.tsp index e8e4b0f64f90..b1ae69ae6f2e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/DataConnector.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/DataConnector.tsp @@ -74,6 +74,7 @@ interface DataConnectors { * Connects a data connector. */ @tag("Data Connectors Connect") + @added(Versions.v2025_10_01_preview) connect is Extension.ActionSync< OperationalInsights, DataConnector, @@ -86,6 +87,7 @@ interface DataConnectors { * Disconnect a data connector. */ @tag("Data Connectors Disconnect") + @added(Versions.v2025_10_01_preview) disconnect is Extension.ActionSync< OperationalInsights, DataConnector, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Relation.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Relation.tsp index 062bdcdf527b..dca83525729e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Relation.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Relation.tsp @@ -96,6 +96,7 @@ interface Relations { } @armResourceOperations +@added(Versions.v2025_10_01_preview) interface BookmarkRelationsOps extends Azure.ResourceManager.Legacy.ExtensionOperations< { @@ -148,6 +149,7 @@ interface BookmarkRelationsOps > {} @armResourceOperations +@added(Versions.v2025_10_01_preview) interface BookmarkRelations { /** * Gets a bookmark relation. @@ -204,6 +206,7 @@ interface BookmarkRelations { } @armResourceOperations +@added(Versions.v2025_10_01_preview) interface EntityRelationOps extends Azure.ResourceManager.Legacy.ExtensionOperations< { @@ -254,6 +257,7 @@ interface EntityRelationOps > {} @armResourceOperations +@added(Versions.v2025_10_01_preview) interface EntityRelations { /** * Gets an entity relation. diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/routes.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/routes.tsp index b6a3f4bd666c..f8998f5c5673 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/routes.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/routes.tsp @@ -26,6 +26,7 @@ model EntityResource { } #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-interface-requires-decorator" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) interface DataConnectorsCheckRequirementsOperationGroup { /** * Get requirements state for a data connector type. @@ -64,6 +65,7 @@ interface DataConnectorsCheckRequirementsOperationGroup { @route("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/enrichment/{enrichmentType}/listGeodataByIp") @post @tag("Enrichment") +@added(Versions.v2025_10_01_preview) op listGeodataByIp( ...ApiVersionParameter, ...SubscriptionIdParameter, @@ -98,6 +100,7 @@ op listGeodataByIp( @route("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/enrichment/{enrichmentType}/listWhoisByDomain") @post @tag("Enrichment") +@added(Versions.v2025_10_01_preview) op listWhoisByDomain( ...ApiVersionParameter, ...SubscriptionIdParameter, @@ -233,6 +236,7 @@ interface ThreatIntelligenceIndicatorMetricsOperationGroup { } #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-interface-requires-decorator" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" +@added(Versions.v2025_10_01_preview) interface ThreatIntelligenceOperationGroup { /** * Gets the count of all TI objects for the workspace. From 75d3f7ce9c5b26dc623be2f5a6840400efbf3a32 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Wed, 3 Jun 2026 11:12:13 +0300 Subject: [PATCH 06/38] Add 'using TypeSpec.Versioning;' to files using @added --- .../Microsoft.SecurityInsights/SecurityInsights/AlertRule.tsp | 1 + .../SecurityInsights/BillingStatistic.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/Bookmark.tsp | 1 + .../SecurityInsights/DataConnector.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/Entity.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/EntityQuery.tsp | 1 + .../SecurityInsights/EntityQueryTemplate.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/FileImport.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/Hunt.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/HuntComment.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/HuntRelation.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/Job.tsp | 1 + .../SecurityInsights/OfficeConsent.tsp | 1 + .../SecurityInsights/Recommendation.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/Relation.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/Settings.tsp | 1 + .../SecurityInsights/TriggeredAnalyticsRuleRun.tsp | 1 + .../SecurityInsights/WorkspaceManagerAssignment.tsp | 1 + .../SecurityInsights/WorkspaceManagerConfiguration.tsp | 1 + .../SecurityInsights/WorkspaceManagerGroup.tsp | 1 + .../SecurityInsights/WorkspaceManagerMember.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/models.tsp | 1 + .../Microsoft.SecurityInsights/SecurityInsights/routes.tsp | 1 + 23 files changed, 23 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/AlertRule.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/AlertRule.tsp index 2119d0db3760..59274d39d313 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/AlertRule.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/AlertRule.tsp @@ -9,6 +9,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/BillingStatistic.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/BillingStatistic.tsp index 7f0c46858291..539130c3f199 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/BillingStatistic.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/BillingStatistic.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; // FIXME: BillingStatistic has no properties property diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Bookmark.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Bookmark.tsp index c90ac7afe148..306925a380ec 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Bookmark.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Bookmark.tsp @@ -9,6 +9,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/DataConnector.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/DataConnector.tsp index b1ae69ae6f2e..06abb515ef62 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/DataConnector.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/DataConnector.tsp @@ -9,6 +9,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp index c5ca64492683..3d498298d037 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; // FIXME: Entity has no properties property diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQuery.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQuery.tsp index d9543c367d77..cf67a436e25d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQuery.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQuery.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; // FIXME: EntityQuery has no properties property diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQueryTemplate.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQueryTemplate.tsp index 90ec0d0deb5b..c10d3dd896e9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQueryTemplate.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/EntityQueryTemplate.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; // FIXME: EntityQueryTemplate has no properties property diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/FileImport.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/FileImport.tsp index 3302e531438e..fca6dc339e8b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/FileImport.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/FileImport.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Hunt.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Hunt.tsp index 8627a5d1d175..2f9ac794ef7c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Hunt.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Hunt.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntComment.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntComment.tsp index 2cb2df20211f..ecae6ef79fae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntComment.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntComment.tsp @@ -9,6 +9,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntRelation.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntRelation.tsp index 55453cfce967..d1cfe1860ecc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntRelation.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/HuntRelation.tsp @@ -9,6 +9,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Job.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Job.tsp index 24fcc85d3cc2..e4813cc251f6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Job.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Job.tsp @@ -9,6 +9,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/OfficeConsent.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/OfficeConsent.tsp index 34ca3ec3d5a3..231cb82c1d76 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/OfficeConsent.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/OfficeConsent.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Recommendation.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Recommendation.tsp index b413e6b53086..64e3563fae34 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Recommendation.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Recommendation.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Relation.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Relation.tsp index dca83525729e..b92d77da0553 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Relation.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Relation.tsp @@ -9,6 +9,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Settings.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Settings.tsp index 1a086a4b9918..d854c76ac794 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Settings.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Settings.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; // FIXME: Settings has no properties property diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/TriggeredAnalyticsRuleRun.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/TriggeredAnalyticsRuleRun.tsp index 109f0e0ecd98..90f34da05848 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/TriggeredAnalyticsRuleRun.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/TriggeredAnalyticsRuleRun.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerAssignment.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerAssignment.tsp index c00f8204f177..ab14e9cec12c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerAssignment.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerAssignment.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerConfiguration.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerConfiguration.tsp index 0e0dfb44883a..042a831490ba 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerConfiguration.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerConfiguration.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerGroup.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerGroup.tsp index 1f2d6aa1753a..e8f6e856e8fc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerGroup.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerGroup.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerMember.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerMember.tsp index 32cc8d263c31..d39aa7b0ed3d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerMember.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/WorkspaceManagerMember.tsp @@ -8,6 +8,7 @@ using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 66190f73af3b..239905dfbaf4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -7,6 +7,7 @@ using TypeSpec.Rest; using TypeSpec.Http; using Azure.ResourceManager; using Azure.ResourceManager.Foundations; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/routes.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/routes.tsp index f8998f5c5673..50082c748270 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/routes.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/routes.tsp @@ -11,6 +11,7 @@ using TypeSpec.Rest; using TypeSpec.Http; using Azure.ResourceManager; using TypeSpec.OpenAPI; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; From 7c5dba9d77d66497e673b2ef6e20d3fcf8b29ca9 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Wed, 3 Jun 2026 13:00:33 +0300 Subject: [PATCH 07/38] Add openapi.json + examples for 2025-09-01 and 2025-10-01-preview --- .../actions/CreateActionOfAlertRule.json | 46 + .../actions/DeleteActionOfAlertRule.json | 17 + .../actions/GetActionOfAlertRuleById.json | 27 + .../actions/GetAllActionsByAlertRule.json | 30 + .../GetAlertRuleTemplateById.json | 82 + .../GetAlertRuleTemplates.json | 88 + .../alertRules/CreateFusionAlertRule.json | 68 + ...softSecurityIncidentCreationAlertRule.json | 61 + .../alertRules/CreateScheduledAlertRule.json | 283 + .../alertRules/DeleteAlertRule.json | 16 + .../alertRules/GetAllAlertRules.json | 135 + .../alertRules/GetFusionAlertRule.json | 37 + ...softSecurityIncidentCreationAlertRule.json | 33 + .../alertRules/GetScheduledAlertRule.json | 94 + .../AutomationRules_CreateOrUpdate.json | 173 + .../AutomationRules_Delete.json | 19 + .../automationRules/AutomationRules_Get.json | 67 + .../automationRules/AutomationRules_List.json | 70 + .../2025-09-01/bookmarks/CreateBookmark.json | 95 + .../2025-09-01/bookmarks/DeleteBookmark.json | 16 + .../2025-09-01/bookmarks/GetBookmarkById.json | 50 + .../2025-09-01/bookmarks/GetBookmarks.json | 53 + .../contentPackages/GetPackageById.json | 36 + .../contentPackages/GetPackages.json | 41 + .../GetProductPackageById.json | 78 + .../contentPackages/GetProductPackages.json | 81 + .../contentPackages/InstallPackage.json | 153 + .../contentPackages/UninstallPackage.json | 15 + .../contentTemplates/DeleteTemplate.json | 15 + .../GetProductTemplateById.json | 45 + .../contentTemplates/GetProductTemplates.json | 47 + .../contentTemplates/GetTemplateById.json | 43 + .../contentTemplates/GetTemplates.json | 45 + .../contentTemplates/InstallTemplate.json | 230 + ...teCustomizableDataConnectorDefinition.json | 260 + .../DeleteDataConnectorDefinitionById.json | 15 + ...stomizableDataConnectorDefinitionById.json | 97 + .../GetDataConnectorDefinitions.json | 96 + ...rosoftThreatIntelligenceDataConnector.json | 61 + .../CreateOfficeDataConnetor.json | 78 + ...derForThreatIntelligenceDataConnector.json | 63 + ...CreateThreatIntelligenceDataConnector.json | 62 + ...rosoftThreatIntelligenceDataConnector.json | 15 + .../DeleteOfficeDataConnetor.json | 16 + ...derForThreatIntelligenceDataConnector.json | 15 + .../GetAmazonWebServicesCloudTrailById.json | 31 + .../GetAzureActiveDirectoryById.json | 31 + .../GetAzureAdvancedThreatProtectionById.json | 31 + .../GetAzureSecurityCenterById.json | 31 + .../dataConnectors/GetDataConnectors.json | 148 + .../GetMicrosoftCloudAppSecurityById.json | 34 + ...tDefenderAdvancedThreatProtectionById.json | 31 + .../GetMicrosoftThreatIntelligenceById.json | 31 + .../GetOfficeDataConnetorById.json | 37 + ...softDefenderForThreatIntelligenceById.json | 32 + .../dataConnectors/GetRestApiPollerById.json | 61 + .../GetThreatIntelligenceById.json | 32 + .../2025-09-01/incidents/CreateIncident.json | 110 + .../2025-09-01/incidents/DeleteIncident.json | 15 + .../incidents/GetAllIncidentAlerts.json | 52 + .../incidents/GetAllIncidentBookmarks.json | 79 + .../incidents/GetAllIncidentEntities.json | 36 + .../2025-09-01/incidents/GetIncidentById.json | 58 + .../2025-09-01/incidents/GetIncidents.json | 63 + .../comments/CreateIncidentComment.json | 57 + .../comments/DeleteIncidentComment.json | 16 + .../comments/GetAllIncidentComments.json | 36 + .../comments/GetIncidentCommentById.json | 33 + .../relations/CreateIncidentRelation.json | 45 + .../relations/DeleteIncidentRelation.json | 16 + .../relations/GetAllIncidentRelations.json | 42 + .../relations/GetIncidentRelationByName.json | 27 + .../tasks/IncidentTasks_CreateOrUpdate.json | 75 + .../incidents/tasks/IncidentTasks_Delete.json | 16 + .../incidents/tasks/IncidentTasks_Get.json | 41 + .../incidents/tasks/IncidentTasks_List.json | 44 + .../manualTrigger/Entities_RunPlaybook.json | 19 + .../manualTrigger/Incidents_RunPlaybook.json | 18 + .../2025-09-01/metadata/DeleteMetadata.json | 15 + .../2025-09-01/metadata/GetAllMetadata.json | 66 + .../metadata/GetAllMetadataOData.json | 54 + .../2025-09-01/metadata/GetMetadata.json | 106 + .../2025-09-01/metadata/PatchMetadata.json | 37 + .../2025-09-01/metadata/PutMetadata.json | 288 + .../metadata/PutMetadataMinimal.json | 42 + .../CreateSentinelOnboardingState.json | 39 + .../DeleteSentinelOnboardingState.json | 16 + .../GetAllSentinelOnboardingStates.json | 27 + .../GetSentinelOnboardingState.json | 24 + .../2025-09-01/operations/ListOperations.json | 565 + .../repositories/GetRepositories.json | 39 + ...eateAnomalySecurityMLAnalyticsSetting.json | 247 + .../DeleteSecurityMLAnalyticsSetting.json | 15 + .../GetAllSecurityMLAnalyticsSettings.json | 96 + .../GetAnomalySecurityMLAnalyticsSetting.json | 93 + .../sourcecontrols/CreateSourceControl.json | 178 + .../sourcecontrols/DeleteSourceControl.json | 31 + .../sourcecontrols/GetSourceControlById.json | 84 + .../sourcecontrols/GetSourceControls.json | 87 + .../AppendTagsThreatIntelligence.json | 21 + .../CollectThreatIntelligenceMetrics.json | 46 + .../CreateThreatIntelligence.json | 103 + .../DeleteThreatIntelligence.json | 16 + .../GetThreatIntelligence.json | 79 + .../GetThreatIntelligenceById.json | 46 + .../QueryThreatIntelligence.json | 110 + .../ReplaceTagsThreatIntelligence.json | 55 + .../UpdateThreatIntelligence.json | 104 + .../watchlists/CreateWatchlist.json | 91 + .../CreateWatchlistAndWatchlistItems.json | 94 + .../watchlists/CreateWatchlistItem.json | 94 + .../watchlists/DeleteWatchlist.json | 20 + .../watchlists/DeleteWatchlistItem.json | 17 + .../watchlists/GetWatchlistByAlias.json | 52 + .../watchlists/GetWatchlistItemById.json | 49 + .../watchlists/GetWatchlistItems.json | 52 + .../2025-09-01/watchlists/GetWatchlists.json | 55 + .../actions/CreateActionOfAlertRule.json | 45 + .../actions/DeleteActionOfAlertRule.json | 16 + .../actions/GetActionOfAlertRuleById.json | 26 + .../actions/GetAllActionsByAlertRule.json | 29 + .../GetAlertRuleTemplateById.json | 55 + .../GetAlertRuleTemplates.json | 240 + .../alertRules/CreateFusionAlertRule.json | 847 + ...nAlertRuleWithFusionScenarioExclusion.json | 853 + ...softSecurityIncidentCreationAlertRule.json | 60 + .../alertRules/CreateNrtAlertRule.json | 138 + .../alertRules/CreateScheduledAlertRule.json | 272 + .../alertRules/DeleteAlertRule.json | 15 + .../alertRules/GetAllAlertRules.json | 414 + .../alertRules/GetFusionAlertRule.json | 312 + ...softSecurityIncidentCreationAlertRule.json | 32 + .../alertRules/GetNrtAlertRule.json | 57 + .../alertRules/GetScheduledAlertRule.json | 97 + .../AutomationRules_CreateOrUpdate.json | 197 + .../AutomationRules_Delete.json | 19 + .../automationRules/AutomationRules_Get.json | 75 + .../automationRules/AutomationRules_List.json | 78 + .../GetAllBillingStatistics.json | 28 + .../GetBillingStatistic.json | 25 + .../bookmarks/CreateBookmark.json | 145 + .../bookmarks/DeleteBookmark.json | 15 + .../bookmarks/GetBookmarkById.json | 66 + .../bookmarks/GetBookmarks.json | 69 + .../bookmarks/expand/PostExpandBookmark.json | 45 + .../relations/CreateBookmarkRelation.json | 45 + .../relations/DeleteBookmarkRelation.json | 16 + .../relations/GetAllBookmarkRelations.json | 30 + .../relations/GetBookmarkRelationByName.json | 27 + .../contentPackages/GetPackageById.json | 36 + .../contentPackages/GetPackages.json | 41 + .../GetProductPackageById.json | 78 + .../contentPackages/GetProductPackages.json | 80 + .../contentPackages/InstallPackage.json | 153 + .../contentPackages/UninstallPackage.json | 15 + .../contentTemplates/DeleteTemplate.json | 15 + .../GetProductTemplateById.json | 45 + .../contentTemplates/GetProductTemplates.json | 47 + .../contentTemplates/GetTemplateById.json | 43 + .../contentTemplates/GetTemplates.json | 45 + .../contentTemplates/InstallTemplate.json | 230 + ...teCustomizableDataConnectorDefinition.json | 260 + .../DeleteDataConnectorDefinitionById.json | 15 + ...stomizableDataConnectorDefinitionById.json | 97 + .../GetDataConnectorDefinitions.json | 96 + ...CheckRequirementsAzureActiveDirectory.json | 24 + ...tsAzureActiveDirectoryNoAuthorization.json | 24 + ...irementsAzureActiveDirectoryNoLicense.json | 24 + .../CheckRequirementsAzureSecurityCenter.json | 24 + .../CheckRequirementsDynamics365.json | 24 + .../dataConnectors/CheckRequirementsIoT.json | 24 + .../CheckRequirementsMdatp.json | 24 + ...RequirementsMicrosoftCloudAppSecurity.json | 24 + ...MicrosoftPurviewInformationProtection.json | 24 + ...quirementsMicrosoftThreatIntelligence.json | 24 + ...RequirementsMicrosoftThreatProtection.json | 24 + .../CheckRequirementsOffice365Project.json | 24 + .../CheckRequirementsOfficeATP.json | 24 + .../CheckRequirementsOfficeIRM.json | 24 + .../CheckRequirementsOfficePowerBI.json | 24 + .../CheckRequirementsPurviewAudit.json | 24 + .../CheckRequirementsThreatIntelligence.json | 24 + ...ckRequirementsThreatIntelligenceTaxii.json | 24 + .../dataConnectors/ConnectAPIPolling.json | 26 + .../ConnectAPIPollingV2Logs.json | 29 + .../dataConnectors/CreateAPIPolling.json | 370 + .../CreateDynamics365DataConnetor.json | 59 + .../dataConnectors/CreateGenericUI.json | 439 + .../CreateGoogleCloudPlatform.json | 94 + ...viewInformationProtectionDataConnetor.json | 59 + ...rosoftThreatIntelligenceDataConnector.json | 61 + ...MicrosoftThreatProtectionDataConnetor.json | 83 + .../CreateOffice365ProjectDataConnetor.json | 59 + .../CreateOfficeDataConnetor.json | 77 + .../CreateOfficePowerBIDataConnector.json | 59 + ...derForThreatIntelligenceDataConnector.json | 63 + .../CreatePurviewAuditDataConnector.json | 72 + ...CreateThreatIntelligenceDataConnector.json | 61 + ...eThreatIntelligenceTaxiiDataConnector.json | 83 + .../dataConnectors/DeleteAPIPolling.json | 15 + .../dataConnectors/DeleteGenericUI.json | 15 + .../DeleteGoogleCloudPlatform.json | 15 + ...viewInformationProtectionDataConnetor.json | 15 + ...rosoftThreatIntelligenceDataConnector.json | 15 + .../DeleteOffice365ProjectDataConnetor.json | 15 + .../DeleteOfficeDataConnetor.json | 15 + .../DeleteOfficePowerBIDataConnetor.json | 15 + ...derForThreatIntelligenceDataConnector.json | 15 + .../DeletePurviewAuditDataConnector.json | 15 + .../dataConnectors/DisconnectAPIPolling.json | 15 + .../dataConnectors/GetAPIPolling.json | 135 + .../GetAmazonWebServicesCloudTrailById.json | 30 + .../GetAmazonWebServicesS3ById.json | 34 + .../GetAzureActiveDirectoryById.json | 30 + .../GetAzureAdvancedThreatProtectionById.json | 30 + .../GetAzureSecurityCenterById.json | 30 + .../dataConnectors/GetDataConnectors.json | 528 + .../GetDynamics365DataConnectorById.json | 30 + .../dataConnectors/GetGenericUI.json | 158 + .../GetGoogleCloudPlatformById.json | 37 + .../dataConnectors/GetIoTById.json | 30 + .../GetMicrosoftCloudAppSecurityById.json | 33 + ...tDefenderAdvancedThreatProtectionById.json | 30 + ...GetMicrosoftInsiderRiskManagementById.json | 30 + ...InformationProtectionDataConnetorById.json | 30 + .../GetMicrosoftThreatIntelligenceById.json | 31 + .../GetMicrosoftThreatProtectionById.json | 38 + ...Office365AdvancedThreatProtectionById.json | 30 + .../GetOffice365ProjectDataConnetorById.json | 30 + .../GetOfficeDataConnetorById.json | 36 + .../GetOfficePowerBIDataConnetorById.json | 30 + ...softDefenderForThreatIntelligenceById.json | 32 + .../GetPurviewAuditDataConnectorById.json | 33 + .../dataConnectors/GetRestApiPollerById.json | 61 + .../GetThreatIntelligenceById.json | 31 + .../GetThreatIntelligenceTaxiiById.json | 38 + .../GetGeodataWithWorkspaceByIp.json | 37 + .../GetWhoisWithWorkspaceByDomainName.json | 93 + .../entities/GetAccountEntityById.json | 34 + .../entities/GetAzureResourceEntityById.json | 26 + .../GetCloudApplicationEntityById.json | 27 + .../entities/GetDnsEntityById.json | 28 + .../entities/GetEntities.json | 65 + .../entities/GetFileEntityById.json | 26 + .../entities/GetFileHashEntityById.json | 26 + .../entities/GetHostEntityById.json | 33 + .../entities/GetIoTDeviceEntityById.json | 47 + .../entities/GetIpEntityById.json | 25 + .../entities/GetMailClusterEntityById.json | 46 + .../entities/GetMailMessageEntityById.json | 50 + .../entities/GetMailboxEntityById.json | 28 + .../entities/GetMalwareEntityById.json | 26 + .../entities/GetProcessEntityById.json | 27 + .../entities/GetQueries.json | 458 + .../entities/GetRegistryKeyEntityById.json | 26 + .../entities/GetRegistryValueEntityById.json | 28 + .../entities/GetSecurityAlertEntityById.json | 53 + .../entities/GetSecurityGroupEntityById.json | 27 + .../entities/GetSubmissionMailEntityById.json | 31 + .../entities/GetUrlEntityById.json | 25 + .../entities/expand/PostExpandEntity.json | 54 + .../entities/insights/PostGetInsights.json | 102 + .../relations/GetAllEntityRelations.json | 30 + .../relations/GetEntityRelationByName.json | 27 + .../entities/timeline/PostTimelineEntity.json | 94 + .../CreateEntityQueryActivity.json | 135 + .../entityQueries/DeleteEntityQuery.json | 15 + .../GetActivityEntityQueryById.json | 56 + .../entityQueries/GetEntityQueries.json | 61 + .../GetExpansionEntityQueryById.json | 36 + .../GetActivityEntityQueryTemplateById.json | 59 + .../GetEntityQueryTemplates.json | 107 + .../fileImports/CreateFileImport.json | 77 + .../fileImports/DeleteFileImport.json | 43 + .../fileImports/GetFileImportById.json | 39 + .../fileImports/GetFileImports.json | 44 + .../2025-10-01-preview/hunts/CreateHunt.json | 102 + .../hunts/CreateHuntComment.json | 58 + .../hunts/CreateHuntRelation.json | 55 + .../2025-10-01-preview/hunts/DeleteHunt.json | 16 + .../hunts/DeleteHuntComment.json | 17 + .../hunts/DeleteHuntRelation.json | 17 + .../2025-10-01-preview/hunts/GetHuntById.json | 45 + .../hunts/GetHuntCommentById.json | 34 + .../hunts/GetHuntComments.json | 29 + .../hunts/GetHuntRelationById.json | 31 + .../hunts/GetHuntRelations.json | 34 + .../2025-10-01-preview/hunts/GetHunts.json | 48 + .../IncidentAlerts/Incidents_ListAlerts.json | 52 + .../Incidents_ListBookmarks.json | 49 + .../IncidentComments_CreateOrUpdate.json | 57 + .../IncidentComments_Delete.json | 16 + .../IncidentComments_Get.json | 33 + .../IncidentComments_List.json | 36 + .../Incidents_ListEntities.json | 36 + .../IncidentTasks_CreateOrUpdate.json | 75 + .../IncidentTasks/IncidentTasks_Delete.json | 16 + .../IncidentTasks/IncidentTasks_Get.json | 41 + .../IncidentTasks/IncidentTasks_List.json | 44 + .../incidents/Incidents_CreateOrUpdate.json | 138 + .../incidents/Incidents_Delete.json | 15 + .../incidents/Incidents_Get.json | 65 + .../incidents/Incidents_List.json | 70 + .../relations/CreateIncidentRelation.json | 45 + .../relations/DeleteIncidentRelation.json | 16 + .../relations/GetAllIncidentRelations.json | 42 + .../relations/GetIncidentRelationByName.json | 27 + .../manualTrigger/Entities_RunPlaybook.json | 19 + .../manualTrigger/Incidents_RunPlaybook.json | 20 + .../metadata/DeleteMetadata.json | 15 + .../metadata/GetAllMetadata.json | 66 + .../metadata/GetAllMetadataOData.json | 54 + .../metadata/GetMetadata.json | 106 + .../metadata/PatchMetadata.json | 37 + .../metadata/PutMetadata.json | 288 + .../metadata/PutMetadataMinimal.json | 42 + .../officeConsents/DeleteOfficeConsents.json | 15 + .../officeConsents/GetOfficeConsents.json | 27 + .../officeConsents/GetOfficeConsentsById.json | 24 + .../CreateSentinelOnboardingState.json | 38 + .../DeleteSentinelOnboardingState.json | 15 + .../GetAllSentinelOnboardingStates.json | 26 + .../GetSentinelOnboardingState.json | 23 + .../operations/ListOperations.json | 565 + .../recommendations/GetRecommendation.json | 44 + .../recommendations/GetRecommendations.json | 47 + .../recommendations/PatchRecommendation.json | 49 + .../ReevaluateRecommendation.json | 23 + .../repositories/GetRepositories.json | 39 + ...eateAnomalySecurityMLAnalyticsSetting.json | 247 + .../DeleteSecurityMLAnalyticsSetting.json | 15 + .../GetAllSecurityMLAnalyticsSettings.json | 96 + .../GetAnomalySecurityMLAnalyticsSetting.json | 93 + .../settings/DeleteEyesOnSetting.json | 15 + .../settings/GetAllSettings.json | 27 + .../settings/GetEyesOnSetting.json | 24 + .../settings/UpdateEyesOnSetting.json | 42 + .../sourcecontrols/CreateSourceControl.json | 178 + .../sourcecontrols/DeleteSourceControl.json | 31 + .../sourcecontrols/GetSourceControlById.json | 84 + .../sourcecontrols/GetSourceControls.json | 87 + .../AppendTagsThreatIntelligence.json | 20 + .../CollectThreatIntelligenceMetrics.json | 45 + .../CreateThreatIntelligence.json | 102 + .../DeleteThreatIntelligence.json | 15 + .../GetThreatIntelligence.json | 78 + .../GetThreatIntelligenceById.json | 45 + .../PostThreatIntelligenceCount.json | 32 + .../PostThreatIntelligenceQuery.json | 124 + .../QueryThreatIntelligence.json | 109 + .../ReplaceTagsThreatIntelligence.json | 54 + .../UpdateThreatIntelligence.json | 103 + .../triggerRuleRun_Post.json | 25 + .../triggeredAnalyticsRuleRun_Get.json | 31 + .../triggeredAnalyticsRuleRuns_Get.json | 50 + .../watchlists/CreateWatchlist.json | 90 + .../CreateWatchlistAndWatchlistItems.json | 94 + .../watchlists/CreateWatchlistItem.json | 94 + .../watchlists/DeleteWatchlist.json | 20 + .../watchlists/DeleteWatchlistItem.json | 17 + .../watchlists/GetWatchlistByAlias.json | 52 + .../watchlists/GetWatchlistItemById.json | 49 + .../watchlists/GetWatchlistItems.json | 52 + .../watchlists/GetWatchlists.json | 55 + .../CreateJob.json | 26 + ...ateOrUpdateWorkspaceManagerAssignment.json | 64 + .../DeleteJob.json | 16 + .../DeleteWorkspaceManagerAssignment.json | 15 + .../GetAllJobs.json | 48 + .../GetAllWorkspaceManagerAssignments.json | 37 + .../workspaceManagerAssignments/GetJob.json | 45 + .../GetWorkspaceManagerAssignment.json | 34 + ...OrUpdateWorkspaceManagerConfiguration.json | 40 + .../DeleteWorkspaceManagerConfiguration.json | 15 + .../GetAllWorkspaceManagerConfigurations.json | 27 + .../GetWorkspaceManagerConfiguration.json | 24 + .../CreateOrUpdateWorkspaceManagerGroup.json | 55 + .../DeleteWorkspaceManagerGroup.json | 15 + .../GetAllWorkspaceManagerGroups.json | 32 + .../GetWorkspaceManagerGroup.json | 29 + .../CreateOrUpdateWorkspaceManagerMember.json | 43 + .../DeleteWorkspaceManagerMember.json | 15 + .../GetAllWorkspaceManagerMembers.json | 28 + .../GetWorkspaceManagerMember.json | 25 + .../actions/CreateActionOfAlertRule.json | 45 + .../actions/DeleteActionOfAlertRule.json | 16 + .../actions/GetActionOfAlertRuleById.json | 26 + .../actions/GetAllActionsByAlertRule.json | 29 + .../GetAlertRuleTemplateById.json | 55 + .../GetAlertRuleTemplates.json | 240 + .../alertRules/CreateFusionAlertRule.json | 847 + ...nAlertRuleWithFusionScenarioExclusion.json | 853 + ...softSecurityIncidentCreationAlertRule.json | 60 + .../alertRules/CreateNrtAlertRule.json | 138 + .../alertRules/CreateScheduledAlertRule.json | 272 + .../examples/alertRules/DeleteAlertRule.json | 15 + .../examples/alertRules/GetAllAlertRules.json | 414 + .../alertRules/GetFusionAlertRule.json | 312 + ...softSecurityIncidentCreationAlertRule.json | 32 + .../examples/alertRules/GetNrtAlertRule.json | 57 + .../alertRules/GetScheduledAlertRule.json | 97 + .../AutomationRules_CreateOrUpdate.json | 197 + .../AutomationRules_Delete.json | 19 + .../automationRules/AutomationRules_Get.json | 75 + .../automationRules/AutomationRules_List.json | 78 + .../GetAllBillingStatistics.json | 28 + .../GetBillingStatistic.json | 25 + .../examples/bookmarks/CreateBookmark.json | 145 + .../examples/bookmarks/DeleteBookmark.json | 15 + .../examples/bookmarks/GetBookmarkById.json | 66 + .../examples/bookmarks/GetBookmarks.json | 69 + .../bookmarks/expand/PostExpandBookmark.json | 45 + .../relations/CreateBookmarkRelation.json | 45 + .../relations/DeleteBookmarkRelation.json | 16 + .../relations/GetAllBookmarkRelations.json | 30 + .../relations/GetBookmarkRelationByName.json | 27 + .../contentPackages/GetPackageById.json | 36 + .../examples/contentPackages/GetPackages.json | 41 + .../GetProductPackageById.json | 78 + .../contentPackages/GetProductPackages.json | 80 + .../contentPackages/InstallPackage.json | 153 + .../contentPackages/UninstallPackage.json | 15 + .../contentTemplates/DeleteTemplate.json | 15 + .../GetProductTemplateById.json | 45 + .../contentTemplates/GetProductTemplates.json | 47 + .../contentTemplates/GetTemplateById.json | 43 + .../contentTemplates/GetTemplates.json | 45 + .../contentTemplates/InstallTemplate.json | 230 + ...teCustomizableDataConnectorDefinition.json | 260 + .../DeleteDataConnectorDefinitionById.json | 15 + ...stomizableDataConnectorDefinitionById.json | 97 + .../GetDataConnectorDefinitions.json | 96 + ...CheckRequirementsAzureActiveDirectory.json | 24 + ...tsAzureActiveDirectoryNoAuthorization.json | 24 + ...irementsAzureActiveDirectoryNoLicense.json | 24 + .../CheckRequirementsAzureSecurityCenter.json | 24 + .../CheckRequirementsDynamics365.json | 24 + .../dataConnectors/CheckRequirementsIoT.json | 24 + .../CheckRequirementsMdatp.json | 24 + ...RequirementsMicrosoftCloudAppSecurity.json | 24 + ...MicrosoftPurviewInformationProtection.json | 24 + ...quirementsMicrosoftThreatIntelligence.json | 24 + ...RequirementsMicrosoftThreatProtection.json | 24 + .../CheckRequirementsOffice365Project.json | 24 + .../CheckRequirementsOfficeATP.json | 24 + .../CheckRequirementsOfficeIRM.json | 24 + .../CheckRequirementsOfficePowerBI.json | 24 + .../CheckRequirementsPurviewAudit.json | 24 + .../CheckRequirementsThreatIntelligence.json | 24 + ...ckRequirementsThreatIntelligenceTaxii.json | 24 + .../dataConnectors/ConnectAPIPolling.json | 26 + .../ConnectAPIPollingV2Logs.json | 29 + .../dataConnectors/CreateAPIPolling.json | 370 + .../CreateDynamics365DataConnetor.json | 59 + .../dataConnectors/CreateGenericUI.json | 439 + .../CreateGoogleCloudPlatform.json | 94 + ...viewInformationProtectionDataConnetor.json | 59 + ...rosoftThreatIntelligenceDataConnector.json | 61 + ...MicrosoftThreatProtectionDataConnetor.json | 83 + .../CreateOffice365ProjectDataConnetor.json | 59 + .../CreateOfficeDataConnetor.json | 77 + .../CreateOfficePowerBIDataConnector.json | 59 + ...derForThreatIntelligenceDataConnector.json | 63 + .../CreatePurviewAuditDataConnector.json | 72 + ...CreateThreatIntelligenceDataConnector.json | 61 + ...eThreatIntelligenceTaxiiDataConnector.json | 83 + .../dataConnectors/DeleteAPIPolling.json | 15 + .../dataConnectors/DeleteGenericUI.json | 15 + .../DeleteGoogleCloudPlatform.json | 15 + ...viewInformationProtectionDataConnetor.json | 15 + ...rosoftThreatIntelligenceDataConnector.json | 15 + .../DeleteOffice365ProjectDataConnetor.json | 15 + .../DeleteOfficeDataConnetor.json | 15 + .../DeleteOfficePowerBIDataConnetor.json | 15 + ...derForThreatIntelligenceDataConnector.json | 15 + .../DeletePurviewAuditDataConnector.json | 15 + .../dataConnectors/DisconnectAPIPolling.json | 15 + .../dataConnectors/GetAPIPolling.json | 135 + .../GetAmazonWebServicesCloudTrailById.json | 30 + .../GetAmazonWebServicesS3ById.json | 34 + .../GetAzureActiveDirectoryById.json | 30 + .../GetAzureAdvancedThreatProtectionById.json | 30 + .../GetAzureSecurityCenterById.json | 30 + .../dataConnectors/GetDataConnectors.json | 528 + .../GetDynamics365DataConnectorById.json | 30 + .../examples/dataConnectors/GetGenericUI.json | 158 + .../GetGoogleCloudPlatformById.json | 37 + .../examples/dataConnectors/GetIoTById.json | 30 + .../GetMicrosoftCloudAppSecurityById.json | 33 + ...tDefenderAdvancedThreatProtectionById.json | 30 + ...GetMicrosoftInsiderRiskManagementById.json | 30 + ...InformationProtectionDataConnetorById.json | 30 + .../GetMicrosoftThreatIntelligenceById.json | 31 + .../GetMicrosoftThreatProtectionById.json | 38 + ...Office365AdvancedThreatProtectionById.json | 30 + .../GetOffice365ProjectDataConnetorById.json | 30 + .../GetOfficeDataConnetorById.json | 36 + .../GetOfficePowerBIDataConnetorById.json | 30 + ...softDefenderForThreatIntelligenceById.json | 32 + .../GetPurviewAuditDataConnectorById.json | 33 + .../dataConnectors/GetRestApiPollerById.json | 61 + .../GetThreatIntelligenceById.json | 31 + .../GetThreatIntelligenceTaxiiById.json | 38 + .../GetGeodataWithWorkspaceByIp.json | 37 + .../GetWhoisWithWorkspaceByDomainName.json | 93 + .../entities/GetAccountEntityById.json | 34 + .../entities/GetAzureResourceEntityById.json | 26 + .../GetCloudApplicationEntityById.json | 27 + .../examples/entities/GetDnsEntityById.json | 28 + .../examples/entities/GetEntities.json | 65 + .../examples/entities/GetFileEntityById.json | 26 + .../entities/GetFileHashEntityById.json | 26 + .../examples/entities/GetHostEntityById.json | 33 + .../entities/GetIoTDeviceEntityById.json | 47 + .../examples/entities/GetIpEntityById.json | 25 + .../entities/GetMailClusterEntityById.json | 46 + .../entities/GetMailMessageEntityById.json | 50 + .../entities/GetMailboxEntityById.json | 28 + .../entities/GetMalwareEntityById.json | 26 + .../entities/GetProcessEntityById.json | 27 + .../examples/entities/GetQueries.json | 458 + .../entities/GetRegistryKeyEntityById.json | 26 + .../entities/GetRegistryValueEntityById.json | 28 + .../entities/GetSecurityAlertEntityById.json | 53 + .../entities/GetSecurityGroupEntityById.json | 27 + .../entities/GetSubmissionMailEntityById.json | 31 + .../examples/entities/GetUrlEntityById.json | 25 + .../entities/expand/PostExpandEntity.json | 54 + .../entities/insights/PostGetInsights.json | 102 + .../relations/GetAllEntityRelations.json | 30 + .../relations/GetEntityRelationByName.json | 27 + .../entities/timeline/PostTimelineEntity.json | 94 + .../CreateEntityQueryActivity.json | 135 + .../entityQueries/DeleteEntityQuery.json | 15 + .../GetActivityEntityQueryById.json | 56 + .../entityQueries/GetEntityQueries.json | 61 + .../GetExpansionEntityQueryById.json | 36 + .../GetActivityEntityQueryTemplateById.json | 59 + .../GetEntityQueryTemplates.json | 107 + .../fileImports/CreateFileImport.json | 77 + .../fileImports/DeleteFileImport.json | 43 + .../fileImports/GetFileImportById.json | 39 + .../examples/fileImports/GetFileImports.json | 44 + .../examples/hunts/CreateHunt.json | 102 + .../examples/hunts/CreateHuntComment.json | 58 + .../examples/hunts/CreateHuntRelation.json | 55 + .../examples/hunts/DeleteHunt.json | 16 + .../examples/hunts/DeleteHuntComment.json | 17 + .../examples/hunts/DeleteHuntRelation.json | 17 + .../examples/hunts/GetHuntById.json | 45 + .../examples/hunts/GetHuntCommentById.json | 34 + .../examples/hunts/GetHuntComments.json | 29 + .../examples/hunts/GetHuntRelationById.json | 31 + .../examples/hunts/GetHuntRelations.json | 34 + .../examples/hunts/GetHunts.json | 48 + .../IncidentAlerts/Incidents_ListAlerts.json | 52 + .../Incidents_ListBookmarks.json | 49 + .../IncidentComments_CreateOrUpdate.json | 57 + .../IncidentComments_Delete.json | 16 + .../IncidentComments_Get.json | 33 + .../IncidentComments_List.json | 36 + .../Incidents_ListEntities.json | 36 + .../IncidentTasks_CreateOrUpdate.json | 75 + .../IncidentTasks/IncidentTasks_Delete.json | 16 + .../IncidentTasks/IncidentTasks_Get.json | 41 + .../IncidentTasks/IncidentTasks_List.json | 44 + .../incidents/Incidents_CreateOrUpdate.json | 138 + .../examples/incidents/Incidents_Delete.json | 15 + .../examples/incidents/Incidents_Get.json | 65 + .../examples/incidents/Incidents_List.json | 70 + .../relations/CreateIncidentRelation.json | 45 + .../relations/DeleteIncidentRelation.json | 16 + .../relations/GetAllIncidentRelations.json | 42 + .../relations/GetIncidentRelationByName.json | 27 + .../manualTrigger/Entities_RunPlaybook.json | 19 + .../manualTrigger/Incidents_RunPlaybook.json | 20 + .../examples/metadata/DeleteMetadata.json | 15 + .../examples/metadata/GetAllMetadata.json | 66 + .../metadata/GetAllMetadataOData.json | 54 + .../examples/metadata/GetMetadata.json | 106 + .../examples/metadata/PatchMetadata.json | 37 + .../examples/metadata/PutMetadata.json | 288 + .../examples/metadata/PutMetadataMinimal.json | 42 + .../officeConsents/DeleteOfficeConsents.json | 15 + .../officeConsents/GetOfficeConsents.json | 27 + .../officeConsents/GetOfficeConsentsById.json | 24 + .../CreateSentinelOnboardingState.json | 38 + .../DeleteSentinelOnboardingState.json | 15 + .../GetAllSentinelOnboardingStates.json | 26 + .../GetSentinelOnboardingState.json | 23 + .../examples/operations/ListOperations.json | 565 + .../recommendations/GetRecommendation.json | 44 + .../recommendations/GetRecommendations.json | 47 + .../recommendations/PatchRecommendation.json | 49 + .../ReevaluateRecommendation.json | 23 + .../repositories/GetRepositories.json | 39 + ...eateAnomalySecurityMLAnalyticsSetting.json | 247 + .../DeleteSecurityMLAnalyticsSetting.json | 15 + .../GetAllSecurityMLAnalyticsSettings.json | 96 + .../GetAnomalySecurityMLAnalyticsSetting.json | 93 + .../settings/DeleteEyesOnSetting.json | 15 + .../examples/settings/GetAllSettings.json | 27 + .../examples/settings/GetEyesOnSetting.json | 24 + .../settings/UpdateEyesOnSetting.json | 42 + .../sourcecontrols/CreateSourceControl.json | 178 + .../sourcecontrols/DeleteSourceControl.json | 31 + .../sourcecontrols/GetSourceControlById.json | 84 + .../sourcecontrols/GetSourceControls.json | 87 + .../AppendTagsThreatIntelligence.json | 20 + .../CollectThreatIntelligenceMetrics.json | 45 + .../CreateThreatIntelligence.json | 102 + .../DeleteThreatIntelligence.json | 15 + .../GetThreatIntelligence.json | 78 + .../GetThreatIntelligenceById.json | 45 + .../PostThreatIntelligenceCount.json | 32 + .../PostThreatIntelligenceQuery.json | 124 + .../QueryThreatIntelligence.json | 109 + .../ReplaceTagsThreatIntelligence.json | 54 + .../UpdateThreatIntelligence.json | 103 + .../triggerRuleRun_Post.json | 25 + .../triggeredAnalyticsRuleRun_Get.json | 31 + .../triggeredAnalyticsRuleRuns_Get.json | 50 + .../examples/watchlists/CreateWatchlist.json | 90 + .../CreateWatchlistAndWatchlistItems.json | 94 + .../watchlists/CreateWatchlistItem.json | 94 + .../examples/watchlists/DeleteWatchlist.json | 20 + .../watchlists/DeleteWatchlistItem.json | 17 + .../watchlists/GetWatchlistByAlias.json | 52 + .../watchlists/GetWatchlistItemById.json | 49 + .../watchlists/GetWatchlistItems.json | 52 + .../examples/watchlists/GetWatchlists.json | 55 + .../CreateJob.json | 26 + ...ateOrUpdateWorkspaceManagerAssignment.json | 64 + .../DeleteJob.json | 16 + .../DeleteWorkspaceManagerAssignment.json | 15 + .../GetAllJobs.json | 48 + .../GetAllWorkspaceManagerAssignments.json | 37 + .../workspaceManagerAssignments/GetJob.json | 45 + .../GetWorkspaceManagerAssignment.json | 34 + ...OrUpdateWorkspaceManagerConfiguration.json | 40 + .../DeleteWorkspaceManagerConfiguration.json | 15 + .../GetAllWorkspaceManagerConfigurations.json | 27 + .../GetWorkspaceManagerConfiguration.json | 24 + .../CreateOrUpdateWorkspaceManagerGroup.json | 55 + .../DeleteWorkspaceManagerGroup.json | 15 + .../GetAllWorkspaceManagerGroups.json | 32 + .../GetWorkspaceManagerGroup.json | 29 + .../CreateOrUpdateWorkspaceManagerMember.json | 43 + .../DeleteWorkspaceManagerMember.json | 15 + .../GetAllWorkspaceManagerMembers.json | 28 + .../GetWorkspaceManagerMember.json | 25 + .../preview/2025-10-01-preview/openapi.json | 31486 ++++++++++++++++ .../actions/CreateActionOfAlertRule.json | 4 +- .../actions/DeleteActionOfAlertRule.json | 4 +- .../actions/GetActionOfAlertRuleById.json | 4 +- .../actions/GetAllActionsByAlertRule.json | 4 +- .../GetAlertRuleTemplateById.json | 4 +- .../GetAlertRuleTemplates.json | 4 +- .../alertRules/CreateFusionAlertRule.json | 4 +- ...softSecurityIncidentCreationAlertRule.json | 4 +- .../alertRules/CreateScheduledAlertRule.json | 4 +- .../examples/alertRules/DeleteAlertRule.json | 4 +- .../examples/alertRules/GetAllAlertRules.json | 4 +- .../alertRules/GetFusionAlertRule.json | 4 +- ...softSecurityIncidentCreationAlertRule.json | 4 +- .../alertRules/GetScheduledAlertRule.json | 4 +- .../AutomationRules_CreateOrUpdate.json | 4 +- .../AutomationRules_Delete.json | 4 +- .../automationRules/AutomationRules_Get.json | 4 +- .../automationRules/AutomationRules_List.json | 4 +- .../examples/bookmarks/CreateBookmark.json | 4 +- .../examples/bookmarks/DeleteBookmark.json | 4 +- .../examples/bookmarks/GetBookmarkById.json | 4 +- .../examples/bookmarks/GetBookmarks.json | 4 +- .../contentPackages/GetPackageById.json | 4 +- .../examples/contentPackages/GetPackages.json | 4 +- .../GetProductPackageById.json | 4 +- .../contentPackages/GetProductPackages.json | 4 +- .../contentPackages/InstallPackage.json | 4 +- .../contentPackages/UninstallPackage.json | 4 +- .../contentTemplates/DeleteTemplate.json | 4 +- .../GetProductTemplateById.json | 4 +- .../contentTemplates/GetProductTemplates.json | 4 +- .../contentTemplates/GetTemplateById.json | 4 +- .../contentTemplates/GetTemplates.json | 4 +- .../contentTemplates/InstallTemplate.json | 4 +- ...teCustomizableDataConnectorDefinition.json | 4 +- .../DeleteDataConnectorDefinitionById.json | 4 +- ...stomizableDataConnectorDefinitionById.json | 4 +- .../GetDataConnectorDefinitions.json | 4 +- ...rosoftThreatIntelligenceDataConnector.json | 4 +- .../CreateOfficeDataConnetor.json | 4 +- ...derForThreatIntelligenceDataConnector.json | 4 +- ...CreateThreatIntelligenceDataConnector.json | 4 +- ...rosoftThreatIntelligenceDataConnector.json | 4 +- .../DeleteOfficeDataConnetor.json | 4 +- ...derForThreatIntelligenceDataConnector.json | 4 +- .../GetAmazonWebServicesCloudTrailById.json | 4 +- .../GetAzureActiveDirectoryById.json | 4 +- .../GetAzureAdvancedThreatProtectionById.json | 4 +- .../GetAzureSecurityCenterById.json | 4 +- .../dataConnectors/GetDataConnectors.json | 4 +- .../GetMicrosoftCloudAppSecurityById.json | 4 +- ...tDefenderAdvancedThreatProtectionById.json | 4 +- .../GetMicrosoftThreatIntelligenceById.json | 4 +- .../GetOfficeDataConnetorById.json | 4 +- ...softDefenderForThreatIntelligenceById.json | 4 +- .../dataConnectors/GetRestApiPollerById.json | 4 +- .../GetThreatIntelligenceById.json | 4 +- .../examples/incidents/CreateIncident.json | 4 +- .../examples/incidents/DeleteIncident.json | 4 +- .../incidents/GetAllIncidentAlerts.json | 4 +- .../incidents/GetAllIncidentBookmarks.json | 4 +- .../incidents/GetAllIncidentEntities.json | 4 +- .../examples/incidents/GetIncidentById.json | 4 +- .../examples/incidents/GetIncidents.json | 4 +- .../comments/CreateIncidentComment.json | 4 +- .../comments/DeleteIncidentComment.json | 4 +- .../comments/GetAllIncidentComments.json | 4 +- .../comments/GetIncidentCommentById.json | 4 +- .../relations/CreateIncidentRelation.json | 4 +- .../relations/DeleteIncidentRelation.json | 4 +- .../relations/GetAllIncidentRelations.json | 4 +- .../relations/GetIncidentRelationByName.json | 4 +- .../tasks/IncidentTasks_CreateOrUpdate.json | 4 +- .../incidents/tasks/IncidentTasks_Delete.json | 4 +- .../incidents/tasks/IncidentTasks_Get.json | 4 +- .../incidents/tasks/IncidentTasks_List.json | 4 +- .../manualTrigger/Entities_RunPlaybook.json | 4 +- .../manualTrigger/Incidents_RunPlaybook.json | 4 +- .../examples/metadata/DeleteMetadata.json | 4 +- .../examples/metadata/GetAllMetadata.json | 4 +- .../metadata/GetAllMetadataOData.json | 4 +- .../examples/metadata/GetMetadata.json | 4 +- .../examples/metadata/PatchMetadata.json | 4 +- .../examples/metadata/PutMetadata.json | 8 +- .../examples/metadata/PutMetadataMinimal.json | 8 +- .../CreateSentinelOnboardingState.json | 4 +- .../DeleteSentinelOnboardingState.json | 4 +- .../GetAllSentinelOnboardingStates.json | 4 +- .../GetSentinelOnboardingState.json | 4 +- .../examples/operations/ListOperations.json | 4 +- .../repositories/GetRepositories.json | 4 +- ...eateAnomalySecurityMLAnalyticsSetting.json | 4 +- .../DeleteSecurityMLAnalyticsSetting.json | 4 +- .../GetAllSecurityMLAnalyticsSettings.json | 4 +- .../GetAnomalySecurityMLAnalyticsSetting.json | 4 +- .../sourcecontrols/CreateSourceControl.json | 4 +- .../sourcecontrols/DeleteSourceControl.json | 4 +- .../sourcecontrols/GetSourceControlById.json | 4 +- .../sourcecontrols/GetSourceControls.json | 4 +- .../AppendTagsThreatIntelligence.json | 4 +- .../CollectThreatIntelligenceMetrics.json | 4 +- .../CreateThreatIntelligence.json | 4 +- .../DeleteThreatIntelligence.json | 4 +- .../GetThreatIntelligence.json | 4 +- .../GetThreatIntelligenceById.json | 4 +- .../QueryThreatIntelligence.json | 4 +- .../ReplaceTagsThreatIntelligence.json | 4 +- .../UpdateThreatIntelligence.json | 4 +- .../examples/watchlists/CreateWatchlist.json | 4 +- .../CreateWatchlistAndWatchlistItems.json | 4 +- .../watchlists/CreateWatchlistItem.json | 4 +- .../examples/watchlists/DeleteWatchlist.json | 4 +- .../watchlists/DeleteWatchlistItem.json | 4 +- .../watchlists/GetWatchlistByAlias.json | 4 +- .../watchlists/GetWatchlistItemById.json | 4 +- .../watchlists/GetWatchlistItems.json | 4 +- .../examples/watchlists/GetWatchlists.json | 4 +- .../stable/2025-09-01/openapi.json | 18016 +++++++++ 770 files changed, 93105 insertions(+), 121 deletions(-) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/CreateActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/DeleteActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/GetActionOfAlertRuleById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/GetAllActionsByAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRuleTemplates/GetAlertRuleTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRuleTemplates/GetAlertRuleTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/DeleteAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetAllAlertRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/CreateBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/DeleteBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/GetBookmarkById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/GetBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetProductPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetProductPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/InstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/UninstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/DeleteTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetProductTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetProductTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/InstallTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/GetDataConnectorDefinitions.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeleteOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAmazonWebServicesCloudTrailById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureActiveDirectoryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureSecurityCenterById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetDataConnectors.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftCloudAppSecurityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetOfficeDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetRestApiPollerById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/CreateIncident.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/DeleteIncident.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentAlerts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetIncidentById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetIncidents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/CreateIncidentComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/DeleteIncidentComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/GetAllIncidentComments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/GetIncidentCommentById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/CreateIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/DeleteIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/GetAllIncidentRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/GetIncidentRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/manualTrigger/Entities_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/manualTrigger/Incidents_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/DeleteMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetAllMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetAllMetadataOData.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PatchMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PutMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PutMetadataMinimal.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/CreateSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/DeleteSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/GetAllSentinelOnboardingStates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/GetSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/operations/ListOperations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/repositories/GetRepositories.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/CreateSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/DeleteSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/GetSourceControlById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/GetSourceControls.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/AppendTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/CollectThreatIntelligenceMetrics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/CreateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/DeleteThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/GetThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/QueryThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/ReplaceTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/UpdateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlistAndWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/DeleteWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/DeleteWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistByAlias.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistItemById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlists.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/CreateActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/DeleteActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetActionOfAlertRuleById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetAllActionsByAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateNrtAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/DeleteAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetAllAlertRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetNrtAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetAllBillingStatistics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetBillingStatistic.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/CreateBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/DeleteBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarkById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/expand/PostExpandBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/CreateBookmarkRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/DeleteBookmarkRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetAllBookmarkRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetBookmarkRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/InstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/UninstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/DeleteTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/InstallTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetDataConnectorDefinitions.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectory.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureSecurityCenter.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsDynamics365.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsIoT.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMdatp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOffice365Project.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeATP.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeIRM.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficePowerBI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsPurviewAudit.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPollingV2Logs.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateDynamics365DataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGoogleCloudPlatform.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOffice365ProjectDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficePowerBIDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePurviewAuditDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGoogleCloudPlatform.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOffice365ProjectDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficePowerBIDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePurviewAuditDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DisconnectAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesCloudTrailById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesS3ById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureActiveDirectoryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureSecurityCenterById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDataConnectors.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDynamics365DataConnectorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGoogleCloudPlatformById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetIoTById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftCloudAppSecurityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftInsiderRiskManagementById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365AdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365ProjectDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficeDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficePowerBIDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPurviewAuditDataConnectorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetRestApiPollerById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceTaxiiById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetGeodataWithWorkspaceByIp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetWhoisWithWorkspaceByDomainName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAccountEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAzureResourceEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetCloudApplicationEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetDnsEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileHashEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetHostEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIoTDeviceEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIpEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailClusterEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailMessageEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailboxEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMalwareEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetProcessEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryKeyEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryValueEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityAlertEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityGroupEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSubmissionMailEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetUrlEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/expand/PostExpandEntity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/insights/PostGetInsights.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetAllEntityRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetEntityRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/timeline/PostTimelineEntity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/CreateEntityQueryActivity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/DeleteEntityQuery.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetActivityEntityQueryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetEntityQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetExpansionEntityQueryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetActivityEntityQueryTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetEntityQueryTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/CreateFileImport.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/DeleteFileImport.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImportById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImports.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntCommentById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntComments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelationById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHunts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentAlerts/Incidents_ListAlerts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentBookmarks/Incidents_ListBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentEntities/Incidents_ListEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/CreateIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/DeleteIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetAllIncidentRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetIncidentRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Entities_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Incidents_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/DeleteMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadataOData.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PatchMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadataMinimal.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/DeleteOfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsentsById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/CreateSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/DeleteSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetAllSentinelOnboardingStates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/operations/ListOperations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/PatchRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/ReevaluateRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/repositories/GetRepositories.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/DeleteEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetAllSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/UpdateEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/CreateSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/DeleteSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControlById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControls.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/AppendTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CollectThreatIntelligenceMetrics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CreateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/DeleteThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceCount.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceQuery.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/QueryThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/ReplaceTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/UpdateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistAndWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistByAlias.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItemById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlists.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllJobs.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/DeleteWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/CreateActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/DeleteActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetActionOfAlertRuleById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetAllActionsByAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateNrtAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/DeleteAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetAllAlertRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetNrtAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetBillingStatistic.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/CreateBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/DeleteBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarkById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/InstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/UninstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/DeleteTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/InstallTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsPurviewAudit.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePurviewAuditDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePurviewAuditDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDataConnectors.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetIoTById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPurviewAuditDataConnectorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetRestApiPollerById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAccountEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAzureResourceEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetCloudApplicationEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetDnsEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileHashEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetHostEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIoTDeviceEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIpEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailClusterEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailMessageEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailboxEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMalwareEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetProcessEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryKeyEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryValueEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityAlertEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityGroupEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSubmissionMailEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetUrlEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/expand/PostExpandEntity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/insights/PostGetInsights.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetAllEntityRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetEntityRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/timeline/PostTimelineEntity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/DeleteEntityQuery.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetEntityQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/CreateFileImport.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/DeleteFileImport.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImportById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImports.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntCommentById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntComments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelationById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHunts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/DeleteMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadataOData.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PatchMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadataMinimal.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/operations/ListOperations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/PatchRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/ReevaluateRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/repositories/GetRepositories.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/DeleteEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetAllSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/UpdateEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/CreateSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControlById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControls.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceCount.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceQuery.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistByAlias.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItemById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlists.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/CreateActionOfAlertRule.json new file mode 100644 index 000000000000..aaab8f022dce --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/CreateActionOfAlertRule.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "action": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + }, + "operationId": "Actions_CreateOrUpdate", + "title": "Creates or updates an action of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/DeleteActionOfAlertRule.json new file mode 100644 index 000000000000..9f9b3b6dd58f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/DeleteActionOfAlertRule.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Actions_Delete", + "title": "Delete an action of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/GetActionOfAlertRuleById.json new file mode 100644 index 000000000000..afc0674932e7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/GetActionOfAlertRuleById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + }, + "operationId": "Actions_Get", + "title": "Get an action of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/GetAllActionsByAlertRule.json new file mode 100644 index 000000000000..d2639f8a9aa7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/actions/GetAllActionsByAlertRule.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + ] + } + } + }, + "operationId": "Actions_ListByAlertRule", + "title": "Get all actions of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRuleTemplates/GetAlertRuleTemplateById.json new file mode 100644 index 000000000000..9183cc6f1d5a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "lastUpdatedDateUTC": "2021-02-27T10:00:00Z", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "version": "1.0.2", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "AccountCustomEntity" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "IPCustomEntity" + } + ] + } + ], + "customDetails": { + "EventNames": "EventName", + "EventTypes": "EventTypeName" + }, + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert on event {{EventName}}", + "alertDescriptionFormat": "Suspicious activity was made by {{AccountCustomEntity}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "alertRulesCreatedByTemplateCount": 0 + } + } + } + }, + "operationId": "AlertRuleTemplates_Get", + "title": "Get alert rule template by Id." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRuleTemplates/GetAlertRuleTemplates.json new file mode 100644 index 000000000000..27a7811f2202 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRuleTemplates/GetAlertRuleTemplates.json @@ -0,0 +1,88 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "lastUpdatedDateUTC": "2021-02-27T10:00:00Z", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "version": "1.0.1", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", + "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Place holder: Fusion uses graph powered machine learning algorithms to correlate between millions of lower fidelity anomalous activities from different products such as Azure AD Identity Protection, and Microsoft Cloud App Security, to combine them into a manageable number of interesting security cases.\n", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "lastUpdatedDateUTC": "2021-03-27T10:00:00Z", + "createdDateUTC": "2019-07-25T00:00:00Z", + "status": "Available", + "severity": "High", + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", + "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "Create incidents based on Microsoft Cloud App Security alerts", + "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", + "lastUpdatedDateUTC": "2021-05-27T10:00:00Z", + "createdDateUTC": "2019-07-16T00:00:00Z", + "status": "Available", + "alertRulesCreatedByTemplateCount": 0 + } + } + ] + } + } + }, + "operationId": "AlertRuleTemplates_List", + "title": "Get all alert rule templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateFusionAlertRule.json new file mode 100644 index 000000000000..a348f93116bd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateFusionAlertRule.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "myFirstFusionRule", + "alertRule": { + "kind": "Fusion", + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "properties": { + "enabled": true, + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Fusion alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..7d563cbc0b32 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "alertRule": { + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "testing displayname", + "enabled": true + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a MicrosoftSecurityIncidentCreation rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateScheduledAlertRule.json new file mode 100644 index 000000000000..e655e85be599 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/CreateScheduledAlertRule.json @@ -0,0 +1,283 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDynamicProperties": [ + { + "alertProperty": "ProductComponentName", + "value": "ProductComponentNameCustomColumn" + }, + { + "alertProperty": "ProductName", + "value": "ProductNameCustomColumn" + }, + { + "alertProperty": "AlertLink", + "value": "Link" + } + ] + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDynamicProperties": [ + { + "alertProperty": "ProductComponentName", + "value": "ProductComponentNameCustomColumn" + }, + { + "alertProperty": "ProductName", + "value": "ProductNameCustomColumn" + }, + { + "alertProperty": "AlertLink", + "value": "Link" + } + ] + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerThreshold": 0, + "triggerOperator": "GreaterThan", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:15:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDynamicProperties": [ + { + "alertProperty": "ProductComponentName", + "value": "ProductComponentNameCustomColumn" + }, + { + "alertProperty": "ProductName", + "value": "ProductNameCustomColumn" + }, + { + "alertProperty": "AlertLink", + "value": "Link" + } + ] + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Scheduled alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/DeleteAlertRule.json new file mode 100644 index 000000000000..0eed9728b604 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/DeleteAlertRule.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "AlertRules_Delete", + "title": "Delete an alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetAllAlertRules.json new file mode 100644 index 000000000000..2c2af1a8a1e1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetAllAlertRules.json @@ -0,0 +1,135 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": false, + "lastModifiedUtc": "2019-09-02T07:12:34.9065092Z" + } + } + ] + } + } + }, + "operationId": "AlertRules_List", + "title": "Get all alert rules." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetFusionAlertRule.json new file mode 100644 index 000000000000..20c996089dca --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetFusionAlertRule.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "myFirstFusionRule" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get a Fusion alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..0172f7f5929b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "microsoftSecurityIncidentCreationRuleExample" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get a MicrosoftSecurityIncidentCreation rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetScheduledAlertRule.json new file mode 100644 index 000000000000..338919c51082 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/alertRules/GetScheduledAlertRule.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get a Scheduled alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_CreateOrUpdate.json new file mode 100644 index 000000000000..e65cfaea7a01 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_CreateOrUpdate.json @@ -0,0 +1,173 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "automationRule": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + }, + "operationId": "AutomationRules_CreateOrUpdate", + "title": "AutomationRules_CreateOrUpdate" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_Delete.json new file mode 100644 index 000000000000..ad6e9d720434 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_Delete.json @@ -0,0 +1,19 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": {} + }, + "204": { + "body": {} + } + }, + "operationId": "AutomationRules_Delete", + "title": "AutomationRules_Delete" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_Get.json new file mode 100644 index 000000000000..9612a1def28c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_Get.json @@ -0,0 +1,67 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + }, + "operationId": "AutomationRules_Get", + "title": "AutomationRules_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_List.json new file mode 100644 index 000000000000..cdb0a2cf5556 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/automationRules/AutomationRules_List.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + }, + "operationId": "AutomationRules_List", + "title": "AutomationRules_List" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/CreateBookmark.json new file mode 100644 index 000000000000..f1c538c2bf52 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/CreateBookmark.json @@ -0,0 +1,95 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "bookmark": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result" + } + } + } + }, + "operationId": "Bookmarks_CreateOrUpdate", + "title": "Creates or updates a bookmark." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/DeleteBookmark.json new file mode 100644 index 000000000000..6607f5be9046 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/DeleteBookmark.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Bookmarks_Delete", + "title": "Delete a bookmark." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/GetBookmarkById.json new file mode 100644 index 000000000000..eaddbd1b5c9c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/GetBookmarkById.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + } + } + } + } + }, + "operationId": "Bookmarks_Get", + "title": "Get a bookmark." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/GetBookmarks.json new file mode 100644 index 000000000000..e96d7584c577 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/bookmarks/GetBookmarks.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + } + } + } + ] + } + } + }, + "operationId": "Bookmarks_List", + "title": "Get all bookmarks." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetPackageById.json new file mode 100644 index 000000000000..f16b6ccf39dd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetPackageById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "version": "2.0.0", + "displayName": "str" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + }, + "operationId": "ContentPackages_Get", + "title": "Get installed packages by id." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetPackages.json new file mode 100644 index 000000000000..03c3821992a4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetPackages.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "contentSchemaVersion": "3.0.0", + "version": "2.0.0", + "displayName": "str" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + }, + "operationId": "ContentPackages_List", + "title": "Get all available packages." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetProductPackageById.json new file mode 100644 index 000000000000..88ab8b691d62 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetProductPackageById.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentproductpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01", + "packageContent": "JSON string of the package" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + }, + "operationId": "ProductPackage_Get", + "title": "Get a package." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetProductPackages.json new file mode 100644 index 000000000000..81f0e7eeec58 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/GetProductPackages.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$search": "midnight blizzard" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentproductpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + }, + "operationId": "ProductPackages_List", + "title": "Get all available packages." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/InstallPackage.json new file mode 100644 index 000000000000..55c8470b97b6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/InstallPackage.json @@ -0,0 +1,153 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str", + "packageInstallationProperties": { + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "version": "2.0.0", + "displayName": "str" + }, + "tags": { + "tag1": "str" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + }, + "operationId": "ContentPackage_Install", + "title": "Install a package to the workspace." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/UninstallPackage.json new file mode 100644 index 000000000000..0858cd646384 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentPackages/UninstallPackage.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ContentPackage_Uninstall", + "title": "Uninstall a package from the workspace." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/DeleteTemplate.json new file mode 100644 index 000000000000..482e614a6a6b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/DeleteTemplate.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ContentTemplate_Delete", + "title": "Delete metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetProductTemplateById.json new file mode 100644 index 000000000000..d1d109ee270e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetProductTemplateById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contentproducttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "version": "1.0.0", + "packageVersion": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "packageId": "packageId", + "packageKind": "Standalone", + "packageName": "package name", + "source": { + "kind": "Standalone", + "name": "Source name" + }, + "mainTemplate": {} + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + }, + "operationId": "ProductTemplate_Get", + "title": "Get a template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetProductTemplates.json new file mode 100644 index 000000000000..872ccca49b75 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetProductTemplates.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contentproducttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "version": "1.0.0", + "packageVersion": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "packageId", + "packageKind": "Standalone", + "packageName": "package name", + "source": { + "kind": "Standalone", + "name": "Source name" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + }, + "operationId": "ProductTemplates_List", + "title": "Get all installed templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetTemplateById.json new file mode 100644 index 000000000000..2cff0c319045 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetTemplateById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "version": "1.0.0", + "packageVersion": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "packageId", + "source": { + "kind": "Standalone", + "name": "Source name" + }, + "mainTemplate": {} + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + }, + "operationId": "ContentTemplate_Get", + "title": "Get a template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetTemplates.json new file mode 100644 index 000000000000..beba72a9fc90 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/GetTemplates.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "packageVersion": "1.0.0", + "version": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "packageId", + "source": { + "kind": "Standalone", + "name": "Source name" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + }, + "operationId": "ContentTemplates_List", + "title": "Get all installed templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/InstallTemplate.json new file mode 100644 index 000000000000..ac038c19166e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/contentTemplates/InstallTemplate.json @@ -0,0 +1,230 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "str.azure-sentinel-solution-str", + "templateInstallationProperties": { + "properties": { + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "displayName": "API Protection workbook template", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "packageVersion": "1.0.0", + "packageId": "str.azure-sentinel-solution-str", + "packageName": "str", + "packageKind": "Solution", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.1", + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user", + "displayName": "Critical or High Severity Detections by User", + "enabled": false, + "query": "...", + "queryFrequency": "PT1H", + "queryPeriod": "PT1H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]", + "properties": { + "description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1", + "parentId": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]", + "contentId": "4465ebde-b381-45f7-ad08-7d818070a11c", + "kind": "AnalyticsRule", + "version": "1.0.0", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + } + } + } + ] + } + }, + "tags": { + "tag1": "str" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "packageKind": "Solution", + "packageId": "str.azure-sentinel-solution-str", + "packageVersion": "1.0.0", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "displayName": "API Protection workbook template", + "source": { + "kind": "Solution", + "name": "CiscoUmbrella", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "packageKind": "Solution", + "packageId": "str.azure-sentinel-solution-str", + "packageVersion": "1.0.0", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "displayName": "API Protection workbook template", + "source": { + "kind": "Solution", + "name": "CiscoUmbrella", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + }, + "operationId": "ContentTemplate_Install", + "title": "Get a template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json new file mode 100644 index 000000000000..61c9dc0fc4d3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -0,0 +1,260 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "connectorDefinitionInput": { + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + } + }, + "operationId": "DataConnectorDefinitions_CreateOrUpdate", + "title": "Create data connector definition" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json new file mode 100644 index 000000000000..2c85da32471a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectorDefinitions_Delete", + "title": "Delete data connector definition" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json new file mode 100644 index 000000000000..d35183adbf6c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + }, + "connectionsConfig": { + "templateSpecName": "templateNameMock", + "templateSpecVersion": "1.0.0" + } + } + } + } + }, + "operationId": "DataConnectorDefinitions_Get", + "title": "Get customize data connector definition" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/GetDataConnectorDefinitions.json new file mode 100644 index 000000000000..ce38a539e119 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -0,0 +1,96 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + ] + } + } + }, + "operationId": "DataConnectorDefinitions_List", + "title": "Get all data connector definitions." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..1f59f6bd94b0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "dataConnector": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "2024-11-01T00:00:00Z" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "2024-11-01T00:00:00Z" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "2024-11-01T00:00:00Z" + } + } + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a MicrosoftThreatIntelligence data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateOfficeDataConnetor.json new file mode 100644 index 000000000000..849e1a1f98c3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateOfficeDataConnetor.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Office365 data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..68cbc31fe33c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "dataConnector": { + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798", + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "dataTypes": { + "connector": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/b66e5c69-e2eb-422a-81c3-002de57059f3/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "name": "3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "etag": "56003401-0000-0100-0000-67314b0b0000", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "lookbackPeriod": "2024-11-01T00:00:00Z", + "requiredSKUsPresent": true, + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/b66e5c69-e2eb-422a-81c3-002de57059f3/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "name": "3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "etag": "56003401-0000-0100-0000-67314b0b0000", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "lookbackPeriod": "2024-11-01T00:00:00Z", + "requiredSKUsPresent": true, + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a PremiumMicrosoftDefenderForThreatIntelligence data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..58985e33d7dc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Threat Intelligence Platform data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..d3d337e7cf58 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an MicrosoftThreatIntelligence data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeleteOfficeDataConnetor.json new file mode 100644 index 000000000000..ea250f5db303 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeleteOfficeDataConnetor.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an Office365 data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..0dc174d7ab93 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Deletes a PremiumMicrosoftDefenderForThreatIntelligence data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAmazonWebServicesCloudTrailById.json new file mode 100644 index 000000000000..85346d69326b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AwsCloudTrail data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureActiveDirectoryById.json new file mode 100644 index 000000000000..1e1680e6fb80 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureActiveDirectoryById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AAD data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..09cee7a447d6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AATP data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureSecurityCenterById.json new file mode 100644 index 000000000000..a32a743ee605 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetAzureSecurityCenterById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a ASC data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetDataConnectors.json new file mode 100644 index 000000000000..b96d82b1d6d5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetDataConnectors.json @@ -0,0 +1,148 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + ] + } + } + }, + "operationId": "DataConnectors_List", + "title": "Get all data connectors." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftCloudAppSecurityById.json new file mode 100644 index 000000000000..0a0d916d28b5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MCAS data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..b69f62017d7e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MDATP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftThreatIntelligenceById.json new file mode 100644 index 000000000000..a872a9b56369 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "2024-11-01T00:00:00Z" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MicrosoftThreatIntelligence data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetOfficeDataConnetorById.json new file mode 100644 index 000000000000..a871f8ad8576 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetOfficeDataConnetorById.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office365 data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json new file mode 100644 index 000000000000..85f9d8998b3a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/b66e5c69-e2eb-422a-81c3-002de57059f3/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "name": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "etag": "d30049a2-0000-0800-0000-658ca2270000", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "lookbackPeriod": "2023-12-26T22:16:07Z", + "requiredSKUsPresent": false, + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a PremiumMicrosoftDefenderForThreatIntelligence data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetRestApiPollerById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetRestApiPollerById.json new file mode 100644 index 000000000000..aaa1d65f9f28 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetRestApiPollerById.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "RestApiPoller_fce27b90-d6f5-4d30-991a-af509a2b50a1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/RestApiPoller_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "RestApiPoller_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "RestApiPoller", + "properties": { + "connectorDefinitionName": "RestApiPollerDefinition", + "auth": { + "type": "APIKey", + "apiKey": "6bec40cf957de430a6f1f2baa056b99a4fac9ea0", + "apiKeyName": "X-Cisco-Meraki-API-Key" + }, + "dcrConfig": { + "streamName": "Meraki", + "dataCollectionEndpoint": "data collection Endpoint", + "dataCollectionRuleImmutableId": "data collection rule immutableId" + }, + "request": { + "apiEndpoint": "https://api.meraki.com/api/v1/organizations/573083052582915028/networks", + "rateLimitQPS": 10, + "queryWindowInMin": 6, + "httpMethod": "GET", + "queryTimeFormat": "UnixTimestamp", + "startTimeAttributeName": "t0", + "endTimeAttributeName": "t1", + "retryCount": 3, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "perPage": 1000 + } + }, + "paging": { + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a RestApiPoller data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..2c2d273b5ecd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/dataConnectors/GetThreatIntelligenceById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a TI data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/CreateIncident.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/CreateIncident.json new file mode 100644 index 000000000000..e143cd528d31 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/CreateIncident.json @@ -0,0 +1,110 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incident": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [] + } + } + } + } + }, + "operationId": "Incidents_CreateOrUpdate", + "title": "Creates or updates an incident." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/DeleteIncident.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/DeleteIncident.json new file mode 100644 index 000000000000..32ac83ceb48c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/DeleteIncident.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Incidents_Delete", + "title": "Delete an incident." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentAlerts.json new file mode 100644 index 000000000000..90d1a51b3c01 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentAlerts.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "tactics": [], + "alertDisplayName": "myAlert", + "confidenceLevel": "Unknown", + "severity": "Low", + "vendorName": "Microsoft", + "productName": "Azure Security Center", + "alertType": "myAlert", + "processingEndTime": "2020-07-20T18:21:53.6158361Z", + "status": "New", + "endTimeUtc": "2020-07-20T18:21:53.6158361Z", + "startTimeUtc": "2020-07-20T18:21:53.6158361Z", + "timeGenerated": "2020-07-20T18:21:53.6158361Z", + "resourceIdentifiers": [ + { + "type": "LogAnalytics", + "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroup": "myRG" + } + ], + "additionalData": { + "AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" + }, + "friendlyName": "myAlert" + } + } + ] + } + } + }, + "operationId": "Incidents_ListAlerts", + "title": "Get all incident alerts." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentBookmarks.json new file mode 100644 index 000000000000..1237931f5ad4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentBookmarks.json @@ -0,0 +1,79 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.4265524+00:00", + "updated": "2020-06-17T15:34:01.4265524+00:00", + "createdBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.4265524+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "bbbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.4265524+00:00", + "updated": "2020-06-17T15:34:01.4265524+00:00", + "createdBy": { + "objectId": "303ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.4265524+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + } + ] + } + } + }, + "operationId": "Incidents_ListBookmarks", + "title": "Get all incident bookmarks." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentEntities.json new file mode 100644 index 000000000000..e684352f744f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetAllIncidentEntities.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain" + } + } + ], + "metaData": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + }, + "operationId": "Incidents_ListEntities", + "title": "Gets all incident related entities" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetIncidentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetIncidentById.json new file mode 100644 index 000000000000..1861aca57608 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetIncidentById.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ] + } + } + } + } + }, + "operationId": "Incidents_Get", + "title": "Get an incident." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetIncidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetIncidents.json new file mode 100644 index 000000000000..66f8065270bd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/GetIncidents.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "Persistence" + ] + } + } + } + ] + } + } + }, + "operationId": "Incidents_List", + "title": "Get all incidents." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/CreateIncidentComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/CreateIncidentComment.json new file mode 100644 index 000000000000..448d8980f60f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/CreateIncidentComment.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentComment": { + "properties": { + "message": "Some message" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-04T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + } + }, + "operationId": "IncidentComments_CreateOrUpdate", + "title": "Creates or updates an incident comment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/DeleteIncidentComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/DeleteIncidentComment.json new file mode 100644 index 000000000000..3de47c58b4ac --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/DeleteIncidentComment.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "IncidentComments_Delete", + "title": "Delete the incident comment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/GetAllIncidentComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/GetAllIncidentComments.json new file mode 100644 index 000000000000..1c655eecf718 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/GetAllIncidentComments.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + ] + } + } + }, + "operationId": "IncidentComments_List", + "title": "Get all incident comments." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/GetIncidentCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/GetIncidentCommentById.json new file mode 100644 index 000000000000..6b93d9924440 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/comments/GetIncidentCommentById.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + } + }, + "operationId": "IncidentComments_Get", + "title": "Get an incident comment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/CreateIncidentRelation.json new file mode 100644 index 000000000000..e201973ec8ca --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/CreateIncidentRelation.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + }, + "operationId": "IncidentRelations_CreateOrUpdate", + "title": "Creates or updates an incident relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/DeleteIncidentRelation.json new file mode 100644 index 000000000000..e5f7e1d8c81a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/DeleteIncidentRelation.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "IncidentRelations_Delete", + "title": "Delete the incident relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/GetAllIncidentRelations.json new file mode 100644 index 000000000000..8abbb1d7ca94 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/GetAllIncidentRelations.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceType": "Microsoft.SecurityInsights/entities", + "relatedResourceKind": "SecurityAlert" + } + } + ] + } + } + }, + "operationId": "IncidentRelations_List", + "title": "Get all incident relations." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/GetIncidentRelationByName.json new file mode 100644 index 000000000000..da9acd439ee0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/relations/GetIncidentRelationByName.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + }, + "operationId": "IncidentRelations_Get", + "title": "Get an incident relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_CreateOrUpdate.json new file mode 100644 index 000000000000..43a38164869e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_CreateOrUpdate.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentTask": { + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + }, + "operationId": "IncidentTasks_CreateOrUpdate", + "title": "IncidentTasks_CreateOrUpdate" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_Delete.json new file mode 100644 index 000000000000..8450cea7adae --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_Delete.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "IncidentTasks_Delete", + "title": "IncidentTasks_Delete" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_Get.json new file mode 100644 index 000000000000..c0998ba35664 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_Get.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + }, + "operationId": "IncidentTasks_Get", + "title": "IncidentTasks_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_List.json new file mode 100644 index 000000000000..03e85900ee10 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/incidents/tasks/IncidentTasks_List.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + }, + "operationId": "IncidentTasks_List", + "title": "IncidentTasks_List" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/manualTrigger/Entities_RunPlaybook.json new file mode 100644 index 000000000000..f523ed0a8c64 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/manualTrigger/Entities_RunPlaybook.json @@ -0,0 +1,19 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityIdentifier": "72e01a22-5cd2-4139-a149-9f2736ff2ar2", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd", + "incidentArmId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5" + } + }, + "responses": { + "204": {} + }, + "operationId": "Entities_RunPlaybook", + "title": "Entities_RunPlaybook" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/manualTrigger/Incidents_RunPlaybook.json new file mode 100644 index 000000000000..b4385e860728 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/manualTrigger/Incidents_RunPlaybook.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentIdentifier": "73e01a99-5cd7-4139-a149-9f2736ff2ar4", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" + } + }, + "responses": { + "204": {} + }, + "operationId": "Incidents_RunPlaybook", + "title": "Incidents_RunPlaybook" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/DeleteMetadata.json new file mode 100644 index 000000000000..d1fcce457be2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/DeleteMetadata.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Metadata_Delete", + "title": "Delete metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetAllMetadata.json new file mode 100644 index 000000000000..d4c35b51958f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetAllMetadata.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName3", + "name": "metadataName3", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f593501d-ec01-4057-8146-a1de35c461ef", + "version": "1.0.0.0", + "kind": "Workbook", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/workbookName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + } + ] + } + } + }, + "operationId": "Metadata_List", + "title": "Get all metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetAllMetadataOData.json new file mode 100644 index 000000000000..05c202272be5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetAllMetadataOData.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ODataFilter": "properties/kind eq 'AnalyticsRule'", + "ODataOrderBy": "properties/parentId desc", + "ODataSkip": "2", + "ODataTop": "2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName1", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + } + ] + } + } + }, + "operationId": "Metadata_List", + "title": "Get all metadata with OData filter/orderby/skip/top" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetMetadata.json new file mode 100644 index 000000000000..a94c22a48faa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/GetMetadata.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + } + }, + "operationId": "Metadata_Get", + "title": "Get single metadata by name" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PatchMetadata.json new file mode 100644 index 000000000000..15b64548dd5c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PatchMetadata.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadataPatch": { + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + } + } + }, + "operationId": "Metadata_Update", + "title": "Update metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PutMetadata.json new file mode 100644 index 000000000000..fb91d0a08d12 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PutMetadata.json @@ -0,0 +1,288 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector", + "name": "Microsoft Defender for Endpoint" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + } + }, + "operationId": "Metadata_Create", + "title": "Create/update full metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PutMetadataMinimal.json new file mode 100644 index 000000000000..ff0ac95ad620 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/metadata/PutMetadataMinimal.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + } + }, + "operationId": "Metadata_Create", + "title": "Create/update minimal metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/CreateSentinelOnboardingState.json new file mode 100644 index 000000000000..f5869560df6b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/CreateSentinelOnboardingState.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "sentinelOnboardingStateName": "default", + "sentinelOnboardingStateParameter": { + "properties": { + "customerManagedKey": false + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + } + }, + "operationId": "SentinelOnboardingStates_Create", + "title": "Create Sentinel onboarding state" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/DeleteSentinelOnboardingState.json new file mode 100644 index 000000000000..777fa941f79f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/DeleteSentinelOnboardingState.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "sentinelOnboardingStateName": "default" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "SentinelOnboardingStates_Delete", + "title": "Delete Sentinel onboarding state" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/GetAllSentinelOnboardingStates.json new file mode 100644 index 000000000000..05e24fea5dfc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/GetAllSentinelOnboardingStates.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + ] + } + } + }, + "operationId": "SentinelOnboardingStates_List", + "title": "Get all Sentinel onboarding states" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/GetSentinelOnboardingState.json new file mode 100644 index 000000000000..6c4563838d60 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/onboardingStates/GetSentinelOnboardingState.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "sentinelOnboardingStateName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + } + }, + "operationId": "SentinelOnboardingStates_Get", + "title": "Get Sentinel onboarding state" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/operations/ListOperations.json new file mode 100644 index 000000000000..1733838bc635 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/operations/ListOperations.json @@ -0,0 +1,565 @@ +{ + "parameters": { + "api-version": "2025-09-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "Microsoft.SecurityInsights/operations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Operations", + "operation": "Get Operations", + "description": "Gets operations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Get Automation Rules", + "description": "Gets an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Update Automation Rules", + "description": "Updates an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Delete Automation Rules", + "description": "Deletes an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Get Bookmarks", + "description": "Gets bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Update Bookmarks", + "description": "Updates bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Delete Bookmarks", + "description": "Deletes bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/expand/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Expand on entity", + "description": "Gets related entities of an entity by a specific expansion" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Get Bookmark Relations", + "description": "Gets a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Update Bookmark Relations", + "description": "Updates a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Delete Bookmark Relations", + "description": "Deletes a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Get Alert Rules", + "description": "Gets the alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Update Alert Rules", + "description": "Updates alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Delete Alert Rules", + "description": "Deletes alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Get Alert Rule Response Actions", + "description": "Gets the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Update Alert Rule Response Actions", + "description": "Updates the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Delete Alert Rule Response Actions", + "description": "Deletes the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Get Data Connectors", + "description": "Gets the data connectors" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Update Data Connectors", + "description": "Updates a data connector" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Delete a Data Connector", + "description": "Deletes a data connector" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectorsCheckRequirements", + "operation": "Check user authorization and license", + "description": "Check user authorization and license" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Get Incidents", + "description": "Gets an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Update Incidents", + "description": "Updates an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Delete Incidents", + "description": "Deletes an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Get Incident Comments", + "description": "Gets the incident comments" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Create Incident Comments", + "description": "Creates a comment on the incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Delete Incident Comment", + "description": "Deletes a comment on the incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Get Incident Relations", + "description": "Gets a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Update Incident Relations", + "description": "Updates a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Delete Incident Relations", + "description": "Deletes a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence", + "description": "Gets Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Update Threat Intelligence", + "description": "Updates Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Delete Threat Intelligence", + "description": "Deletes Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/query/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence", + "description": "Query Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Collect Threat Intelligence Metrics", + "description": "Collect Threat Intelligence Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkDelete/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Delete Threat Intelligence", + "description": "Bulk Delete Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkTag/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Tags Threat Intelligence", + "description": "Bulk Tags Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Update Threat Intelligence Indicators", + "description": "Updates Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Delete Threat Intelligence Indicators", + "description": "Deletes Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/query/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence Indicators", + "description": "Query Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence Indicator Metrics", + "description": "Get Threat Intelligence Indicator Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Delete Threat Intelligence Indicators", + "description": "Bulk Delete Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Tags Threat Intelligence Indicators", + "description": "Bulk Tags Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence Indicators", + "description": "Gets Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Collect Threat Intelligence Metrics", + "description": "Collect Threat Intelligence Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/createIndicator/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Create Threat Intelligence Indicator", + "description": "Create Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Append tags to Threat Intelligence Indicator", + "description": "Append tags to Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Replace Tags of Threat Intelligence Indicator", + "description": "Replace Tags of Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/queryIndicators/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence Indicators", + "description": "Query Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Get Watchlists", + "description": "Gets Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Create Watchlists", + "description": "Create Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Delete Watchlists", + "description": "Deletes Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Get Onboarding States", + "description": "Gets an onboarding state" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Update Onboarding States", + "description": "Updates an onboarding state" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Delete Onboarding States", + "description": "Deletes an onboarding state" + }, + "origin": "user" + } + ] + } + } + }, + "operationId": "Operations_List", + "title": "Get all operations." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/repositories/GetRepositories.json new file mode 100644 index 000000000000..47709bb8d569 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/repositories/GetRepositories.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "repoType": "Github", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "repositoryAccess": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } + } + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "url": "https://api.github.com/repos/user/reponame", + "fullName": "reponame", + "installationId": 42424242, + "branches": [ + "master", + "develop" + ] + } + ] + } + } + }, + "operationId": "SourceControl_listRepositories", + "title": "Get repository list." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..9796a3275c25 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,247 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db", + "securityMLAnalyticsSetting": { + "kind": "Anomaly", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "kind": "Anomaly", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "kind": "Anomaly", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + } + }, + "operationId": "SecurityMLAnalyticsSettings_CreateOrUpdate", + "title": "Creates or updates a Anomaly Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..0eef880a5b2c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "SecurityMLAnalyticsSettings_Delete", + "title": "Delete a Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json new file mode 100644 index 000000000000..6ae81d2a442e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -0,0 +1,96 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "kind": "Anomaly", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + ] + } + } + }, + "operationId": "SecurityMLAnalyticsSettings_List", + "title": "Get all Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..26dbba0d5cee --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,93 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "myFirstAnomalySettings" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "kind": "Anomaly", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + } + }, + "operationId": "SecurityMLAnalyticsSettings_Get", + "title": "Get a Anomaly Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/CreateSourceControl.json new file mode 100644 index 000000000000..59b2224044bd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/CreateSourceControl.json @@ -0,0 +1,178 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "sourceControl": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My Source Control", + "description": "This is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo" + }, + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce", + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d" + }, + "workloadIdentityFederation": { + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce", + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "subject": "repo:user/repo:ref:refs/heads/branch", + "issuer": "https://token.actions.githubusercontent.com" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce", + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d" + }, + "workloadIdentityFederation": { + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce", + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "subject": "repo:user/repo:ref:refs/heads/branch", + "issuer": "https://token.actions.githubusercontent.com" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + } + }, + "operationId": "SourceControls_Create", + "title": "Creates or updates a source control." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/DeleteSourceControl.json new file mode 100644 index 000000000000..0d4d928fa31f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/DeleteSourceControl.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "repositoryAccess": { + "properties": { + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } + } + } + }, + "responses": { + "200": { + "body": { + "warning": { + "code": "SourceControlWarning_DeleteServicePrincipal", + "message": "ServicePrincipal has not been removed due to insufficient permissions." + } + } + } + }, + "operationId": "SourceControls_Delete", + "title": "Delete a source control." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/GetSourceControlById.json new file mode 100644 index 000000000000..eb5fef743d59 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/GetSourceControlById.json @@ -0,0 +1,84 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce", + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d" + }, + "workloadIdentityFederation": { + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce", + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "subject": "repo:user/repo:ref:refs/heads/branch", + "issuer": "https://token.actions.githubusercontent.com" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + } + }, + "operationId": "SourceControls_Get", + "title": "Get a source control." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/GetSourceControls.json new file mode 100644 index 000000000000..fdc50821112f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/sourcecontrols/GetSourceControls.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce", + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d" + }, + "workloadIdentityFederation": { + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce", + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "subject": "repo:user/repo:ref:refs/heads/branch", + "issuer": "https://token.actions.githubusercontent.com" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + ] + } + } + }, + "operationId": "SourceControls_List", + "title": "Get all source controls." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/AppendTagsThreatIntelligence.json new file mode 100644 index 000000000000..8098c65eed69 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/AppendTagsThreatIntelligence.json @@ -0,0 +1,21 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceAppendTags": { + "threatIntelligenceTags": [ + "tag1", + "tag2" + ] + } + }, + "responses": { + "200": {} + }, + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "title": "Append tags to a threat intelligence indicator" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/CollectThreatIntelligenceMetrics.json new file mode 100644 index 000000000000..aa694061d3f3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "lastUpdatedTimeUtc": "2020-09-01T19:44:44.117403Z", + "threatTypeMetrics": [ + { + "metricName": "compromised", + "metricValue": 20 + } + ], + "patternTypeMetrics": [ + { + "metricName": "url", + "metricValue": 20 + } + ], + "sourceMetrics": [ + { + "metricName": "Azure Sentinel", + "metricValue": 10315 + }, + { + "metricName": "zinga", + "metricValue": 2 + } + ] + } + } + ] + } + } + }, + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "title": "Get threat intelligence indicators metrics." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/CreateThreatIntelligence.json new file mode 100644 index 000000000000..870708c1d659 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/CreateThreatIntelligence.json @@ -0,0 +1,103 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "title": "Create a new Threat Intelligence" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/DeleteThreatIntelligence.json new file mode 100644 index 000000000000..cbf7ab22e809 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/DeleteThreatIntelligence.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ThreatIntelligenceIndicator_Delete", + "title": "Delete a threat intelligence indicator" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/GetThreatIntelligence.json new file mode 100644 index 000000000000..2aa8a201c3b5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/GetThreatIntelligence.json @@ -0,0 +1,79 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2020-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + ] + } + } + }, + "operationId": "ThreatIntelligenceIndicators_List", + "title": "Get all threat intelligence indicators" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..9cb36b6a361b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/GetThreatIntelligenceById.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:18:49.2259902Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_Get", + "title": "View a threat intelligence indicator by name" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/QueryThreatIntelligence.json new file mode 100644 index 000000000000..78e88b0731ef --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/QueryThreatIntelligence.json @@ -0,0 +1,110 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ThreatIntelligenceFilteringCriteria": { + "pageSize": 100, + "minConfidence": 25, + "maxConfidence": 80, + "minValidUntil": "2020-04-05T17:44:00.114052Z", + "maxValidUntil": "2020-04-25T17:44:00.114052Z", + "sources": [ + "Azure Sentinel" + ], + "sortBy": [ + { + "itemKey": "lastUpdatedTimeUtc", + "sortOrder": "descending" + } + ] + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2020-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators 2", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z", + "parsedPattern": [ + { + "patternTypeKey": "network-traffic", + "patternTypeValues": [ + { + "valueType": "0", + "value": "SSH-2.0-PuTTY_Release_0.64" + }, + { + "valueType": "1", + "value": "194.88.106.146" + } + ] + } + ] + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + ] + } + } + }, + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "title": "Query threat intelligence indicators as per filtering criteria" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/ReplaceTagsThreatIntelligence.json new file mode 100644 index 000000000000..dc7fe8f245f1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceReplaceTags": { + "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", + "kind": "indicator", + "properties": { + "threatIntelligenceTags": [ + "patching tags" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T19:56:08.828946Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "title": "Replace tags to a Threat Intelligence" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/UpdateThreatIntelligence.json new file mode 100644 index 000000000000..240d2d14003a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/threatintelligence/UpdateThreatIntelligence.json @@ -0,0 +1,104 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_Create", + "title": "Update a threat Intelligence indicator" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlist.json new file mode 100644 index 000000000000..dafa79837c74 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlist.json @@ -0,0 +1,91 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "watchlist.csv", + "sourceType": "Local", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "itemsSearchKey": "header1" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + }, + "operationId": "Watchlists_CreateOrUpdate", + "title": "Create or update a watchlist." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlistAndWatchlistItems.json new file mode 100644 index 000000000000..f6e7718ad702 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlistAndWatchlistItems.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "watchlist.csv", + "sourceType": "Local", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "numberOfLinesToSkip": 1, + "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", + "itemsSearchKey": "header1", + "contentType": "text/csv" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + }, + "operationId": "Watchlists_CreateOrUpdate", + "title": "Create or update a watchlist and bulk creates watchlist items." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlistItem.json new file mode 100644 index 000000000000..65014b946cc3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/CreateWatchlistItem.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItem": { + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + } + }, + "operationId": "WatchlistItems_CreateOrUpdate", + "title": "Create or update a watchlist item." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/DeleteWatchlist.json new file mode 100644 index 000000000000..f3e6ce697002 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/DeleteWatchlist.json @@ -0,0 +1,20 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "202": { + "headers": { + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2025-09-01" + } + }, + "204": {} + }, + "operationId": "Watchlists_Delete", + "title": "Delete a watchlist." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/DeleteWatchlistItem.json new file mode 100644 index 000000000000..a490fb47f40c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/DeleteWatchlistItem.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WatchlistItems_Delete", + "title": "Delete a watchlist item." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistByAlias.json new file mode 100644 index 000000000000..6f99692342d9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistByAlias.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + }, + "operationId": "Watchlists_Get", + "title": "Get a watchlist." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistItemById.json new file mode 100644 index 000000000000..a316617bd025 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistItemById.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "watchlistAlias": "highValueAsset", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + } + }, + "operationId": "WatchlistItems_Get", + "title": "Get a watchlist item." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistItems.json new file mode 100644 index 000000000000..6c41edaa8c85 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlistItems.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + ] + } + } + }, + "operationId": "WatchlistItems_List", + "title": "Get all watchlist Items." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlists.json new file mode 100644 index 000000000000..f3c0c1709439 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-09-01/watchlists/GetWatchlists.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2025-09-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + }, + "operationId": "Watchlists_List", + "title": "Get all watchlists." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/CreateActionOfAlertRule.json new file mode 100644 index 000000000000..904a708a9307 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/CreateActionOfAlertRule.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "action": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", + "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" + } + }, + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "properties": { + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", + "workflowId": "cd3765391efd48549fd7681ded1d48d7" + } + } + }, + "201": { + "body": { + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "properties": { + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", + "workflowId": "cd3765391efd48549fd7681ded1d48d7" + } + } + } + }, + "operationId": "Actions_CreateOrUpdate", + "title": "Creates or updates an action of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/DeleteActionOfAlertRule.json new file mode 100644 index 000000000000..50a35e1faa08 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/DeleteActionOfAlertRule.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Actions_Delete", + "title": "Delete an action of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetActionOfAlertRuleById.json new file mode 100644 index 000000000000..e20a17f7e113 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetActionOfAlertRuleById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "properties": { + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", + "workflowId": "cd3765391efd48549fd7681ded1d48d7" + } + } + } + }, + "operationId": "Actions_Get", + "title": "Get an action of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetAllActionsByAlertRule.json new file mode 100644 index 000000000000..c714a8c19cbb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetAllActionsByAlertRule.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "properties": { + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", + "workflowId": "cd3765391efd48549fd7681ded1d48d7" + } + } + ] + } + } + }, + "operationId": "Actions_ListByAlertRule", + "title": "Get all actions of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplateById.json new file mode 100644 index 000000000000..496c91335378 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "kind": "Scheduled", + "properties": { + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "alertRulesCreatedByTemplateCount": 0, + "createdDateUTC": "2019-02-27T00:00:00Z", + "displayName": "Changes to Amazon VPC settings", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "severity": "Low", + "status": "Available", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "version": "1.0.2" + } + } + } + }, + "operationId": "AlertRuleTemplates_Get", + "title": "Get alert rule template by Id." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplates.json new file mode 100644 index 000000000000..c668f6fb25b5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplates.json @@ -0,0 +1,240 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "kind": "Scheduled", + "properties": { + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "alertRulesCreatedByTemplateCount": 0, + "createdDateUTC": "2019-02-27T00:00:00Z", + "displayName": "Changes to Amazon VPC settings", + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "severity": "Low", + "status": "Available", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "version": "1.0.1" + } + }, + { + "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", + "kind": "Fusion", + "properties": { + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRulesCreatedByTemplateCount": 0, + "createdDateUTC": "2019-07-25T00:00:00Z", + "displayName": "Advanced Multi-Stage Attack Detection", + "lastUpdatedDateUTC": "2021-06-09T00:00:00Z", + "severity": "High", + "sourceSettings": [ + { + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "severityFilter": { + "enabled": false, + "isSupported": false, + "severityFilters": null + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "status": "Available", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + }, + { + "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", + "alertRulesCreatedByTemplateCount": 0, + "createdDateUTC": "2019-07-16T00:00:00Z", + "displayName": "Create incidents based on Microsoft Cloud App Security alerts", + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "productFilter": "Microsoft Cloud App Security", + "status": "Available" + } + } + ] + } + } + }, + "operationId": "AlertRuleTemplates_List", + "title": "Get all alert rule templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRule.json new file mode 100644 index 000000000000..de859447a683 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRule.json @@ -0,0 +1,847 @@ +{ + "parameters": { + "alertRule": { + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "kind": "Fusion", + "properties": { + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "enabled": true, + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ] + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "myFirstFusionRule", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z", + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + }, + "201": { + "body": { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z", + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Fusion alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json new file mode 100644 index 000000000000..8704695ada31 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json @@ -0,0 +1,853 @@ +{ + "parameters": { + "alertRule": { + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "kind": "Fusion", + "properties": { + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "enabled": true, + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ] + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "myFirstFusionRule", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z", + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + }, + "201": { + "body": { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z", + "scenarioExclusionPatterns": [ + { + "dateAddedInUTC": "2021-10-01T15:26:44.9429806Z", + "exclusionPattern": "Alert providers:Azure Active Directory Identity Protection:Infected Device;Alert providers:Azure Defender:Crypto-mining activity" + } + ], + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Fusion alert rule with scenario exclusion pattern." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..8a4dc53bdcde --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "alertRule": { + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "displayName": "testing displayname", + "enabled": true, + "productFilter": "Microsoft Cloud App Security" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "microsoftSecurityIncidentCreationRuleExample", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "description": null, + "alertRuleTemplateName": null, + "displayName": "testing displayname", + "displayNamesFilter": null, + "enabled": true, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z", + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null + } + } + }, + "201": { + "body": { + "name": "microsoftSecurityIncidentCreationRuleExample", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "description": null, + "alertRuleTemplateName": null, + "displayName": "testing displayname", + "displayNamesFilter": null, + "enabled": true, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z", + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a MicrosoftSecurityIncidentCreation rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateNrtAlertRule.json new file mode 100644 index 000000000000..0dcb19cffe8f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateNrtAlertRule.json @@ -0,0 +1,138 @@ +{ + "parameters": { + "alertRule": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "NRT", + "properties": { + "description": "", + "displayName": "Rule2", + "enabled": true, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByEntities": [ + "Host", + "Account" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "NRT", + "properties": { + "description": "", + "alertRuleTemplateName": null, + "displayName": "Rule2", + "enabled": true, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByEntities": [ + "Host", + "Account" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "NRT", + "properties": { + "description": "", + "alertRuleTemplateName": null, + "displayName": "Rule2", + "enabled": true, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByEntities": [ + "Host", + "Account" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Nrt alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateScheduledAlertRule.json new file mode 100644 index 000000000000..fcdf6f051351 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateScheduledAlertRule.json @@ -0,0 +1,272 @@ +{ + "parameters": { + "alertRule": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Scheduled", + "properties": { + "description": "An example for a scheduled rule", + "alertDetailsOverride": { + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDynamicProperties": [ + { + "alertProperty": "ProductComponentName", + "value": "ProductComponentNameCustomColumn" + }, + { + "alertProperty": "ProductName", + "value": "ProductNameCustomColumn" + }, + { + "alertProperty": "AlertLink", + "value": "Link" + } + ] + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "displayName": "My scheduled rule", + "enabled": true, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Computer", + "identifier": "FullName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "ComputerIP", + "identifier": "Address" + } + ] + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ], + "groupByEntities": [ + "Host" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "sentinelEntitiesMappings": [ + { + "columnName": "Entities" + } + ], + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Scheduled", + "properties": { + "description": "An example for a scheduled rule", + "alertDetailsOverride": { + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertSeverityColumnName": null, + "alertTacticsColumnName": null + }, + "alertRuleTemplateName": null, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "displayName": "My scheduled rule", + "enabled": true, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Computer", + "identifier": "FullName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "ComputerIP", + "identifier": "Address" + } + ] + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ], + "groupByEntities": [ + "Host" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Scheduled", + "properties": { + "description": "An example for a scheduled rule", + "alertDetailsOverride": { + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertSeverityColumnName": null, + "alertTacticsColumnName": null + }, + "alertRuleTemplateName": null, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "displayName": "My scheduled rule", + "enabled": true, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Computer", + "identifier": "FullName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "ComputerIP", + "identifier": "Address" + } + ] + } + ], + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ], + "groupByEntities": [ + "Host" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2021-03-01T13:15:30Z", + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Scheduled alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/DeleteAlertRule.json new file mode 100644 index 000000000000..e36b7ad6cf72 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/DeleteAlertRule.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "AlertRules_Delete", + "title": "Delete an alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetAllAlertRules.json new file mode 100644 index 000000000000..6898cf34c528 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetAllAlertRules.json @@ -0,0 +1,414 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Scheduled", + "properties": { + "description": "An example for a scheduled rule", + "alertDetailsOverride": { + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertSeverityColumnName": null, + "alertTacticsColumnName": null + }, + "alertRuleTemplateName": null, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "displayName": "My scheduled rule", + "enabled": true, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Computer", + "identifier": "FullName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "ComputerIP", + "identifier": "Address" + } + ] + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ], + "groupByEntities": [ + "Host" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + }, + { + "name": "microsoftSecurityIncidentCreationRuleExample", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "description": null, + "alertRuleTemplateName": null, + "displayName": "testing displayname", + "displayNamesFilter": null, + "enabled": true, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z", + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null + } + }, + { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2021-10-22T07:12:34.9065092Z", + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Azure Active Directory Identity Protection", + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Cloud", + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for IoT", + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft 365 Defender", + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Cloud App Security", + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Endpoint", + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Identity", + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Office 365", + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Azure Sentinel scheduled analytics rules", + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeDisplayName": "Palo Alto Networks", + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + ] + } + } + }, + "operationId": "AlertRules_List", + "title": "Get all alert rules." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetFusionAlertRule.json new file mode 100644 index 000000000000..a197f6d4b2cc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetFusionAlertRule.json @@ -0,0 +1,312 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "myFirstFusionRule", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Azure Active Directory Identity Protection", + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Cloud", + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for IoT", + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft 365 Defender", + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Cloud App Security", + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Endpoint", + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Identity", + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Office 365", + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Azure Sentinel scheduled analytics rules", + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeDisplayName": "Palo Alto Networks", + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get a Fusion alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..255c88719473 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "microsoftSecurityIncidentCreationRuleExample", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "description": null, + "alertRuleTemplateName": null, + "displayName": "testing displayname", + "displayNamesFilter": null, + "enabled": true, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z", + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get a MicrosoftSecurityIncidentCreation rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetNrtAlertRule.json new file mode 100644 index 000000000000..1c442acce98a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetNrtAlertRule.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "NRT", + "properties": { + "description": "", + "alertRuleTemplateName": null, + "displayName": "Rule2", + "enabled": true, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByEntities": [ + "Host", + "Account" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get an Nrt alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetScheduledAlertRule.json new file mode 100644 index 000000000000..20b0d6faffd4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetScheduledAlertRule.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Scheduled", + "properties": { + "description": "An example for a scheduled rule", + "alertDetailsOverride": { + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertSeverityColumnName": null, + "alertTacticsColumnName": null + }, + "alertRuleTemplateName": null, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "displayName": "My scheduled rule", + "enabled": true, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Computer", + "identifier": "FullName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "ComputerIP", + "identifier": "Address" + } + ] + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ], + "groupByEntities": [ + "Host" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get a Scheduled alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_CreateOrUpdate.json new file mode 100644 index 000000000000..bc9e6ba3ba25 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_CreateOrUpdate.json @@ -0,0 +1,197 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "automationRule": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "actions": [ + { + "actionConfiguration": { + "description": "Reset passwords for compromised users.", + "title": "Reset user passwords" + }, + "actionType": "AddIncidentTask", + "order": 1 + } + ], + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:00:00Z", + "displayName": "Suspicious user sign-in events", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "order": 1, + "triggeringLogic": { + "conditions": [ + { + "conditionProperties": { + "arrayConditionType": "AnyItem", + "arrayType": "IncidentLabels", + "itemConditions": [ + { + "conditionProperties": { + "operator": "Equals", + "propertyName": "IncidentLabel", + "propertyValues": [ + "myLabel" + ] + }, + "conditionType": "Property" + } + ] + }, + "conditionType": "PropertyArray" + } + ], + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created" + } + } + }, + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "actions": [ + { + "actionConfiguration": { + "description": "Reset passwords for compromised users.", + "title": "Reset user passwords" + }, + "actionType": "AddIncidentTask", + "order": 1 + } + ], + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:00:00Z", + "displayName": "Suspicious user sign-in events", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "order": 1, + "triggeringLogic": { + "conditions": [ + { + "conditionProperties": { + "arrayConditionType": "AnyItem", + "arrayType": "IncidentLabels", + "itemConditions": [ + { + "conditionProperties": { + "operator": "Equals", + "propertyName": "IncidentLabel", + "propertyValues": [ + "myLabel" + ] + }, + "conditionType": "Property" + } + ] + }, + "conditionType": "PropertyArray" + } + ], + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created" + } + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "actions": [ + { + "actionConfiguration": { + "description": "Reset passwords for compromised users.", + "title": "Reset user passwords" + }, + "actionType": "AddIncidentTask", + "order": 1 + } + ], + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:00:00Z", + "displayName": "Suspicious user sign-in events", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "order": 1, + "triggeringLogic": { + "conditions": [ + { + "conditionProperties": { + "arrayConditionType": "AnyItem", + "arrayType": "IncidentLabels", + "itemConditions": [ + { + "conditionProperties": { + "operator": "Equals", + "propertyName": "IncidentLabel", + "propertyValues": [ + "myLabel" + ] + }, + "conditionType": "Property" + } + ] + }, + "conditionType": "PropertyArray" + } + ], + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created" + } + } + } + } + }, + "operationId": "AutomationRules_CreateOrUpdate", + "title": "AutomationRules_CreateOrUpdate" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Delete.json new file mode 100644 index 000000000000..30b0a0750183 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Delete.json @@ -0,0 +1,19 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": {} + }, + "204": { + "body": {} + } + }, + "operationId": "AutomationRules_Delete", + "title": "AutomationRules_Delete" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Get.json new file mode 100644 index 000000000000..25dd678a62c1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Get.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "actions": [ + { + "actionConfiguration": { + "description": "Reset passwords for compromised users.", + "title": "Reset user passwords" + }, + "actionType": "AddIncidentTask", + "order": 1 + } + ], + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:00:00Z", + "displayName": "Suspicious user sign-in events", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "order": 1, + "triggeringLogic": { + "conditions": [ + { + "conditionProperties": { + "arrayConditionType": "AnyItem", + "arrayType": "IncidentLabels", + "itemConditions": [ + { + "conditionProperties": { + "operator": "Equals", + "propertyName": "IncidentLabel", + "propertyValues": [ + "myLabel" + ] + }, + "conditionType": "Property" + } + ] + }, + "conditionType": "PropertyArray" + } + ], + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created" + } + } + } + } + }, + "operationId": "AutomationRules_Get", + "title": "AutomationRules_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_List.json new file mode 100644 index 000000000000..06938a8edaf3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_List.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "actions": [ + { + "actionConfiguration": { + "description": "Reset passwords for compromised users.", + "title": "Reset user passwords" + }, + "actionType": "AddIncidentTask", + "order": 1 + } + ], + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:00:00Z", + "displayName": "Suspicious user sign-in events", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "order": 1, + "triggeringLogic": { + "conditions": [ + { + "conditionProperties": { + "arrayConditionType": "AnyItem", + "arrayType": "IncidentLabels", + "itemConditions": [ + { + "conditionProperties": { + "operator": "Equals", + "propertyName": "IncidentLabel", + "propertyValues": [ + "myLabel" + ] + }, + "conditionType": "Property" + } + ] + }, + "conditionType": "PropertyArray" + } + ], + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created" + } + } + } + ] + } + } + }, + "operationId": "AutomationRules_List", + "title": "AutomationRules_List" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetAllBillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetAllBillingStatistics.json new file mode 100644 index 000000000000..c313c69cd08b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetAllBillingStatistics.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "sapSolutionUsage", + "type": "Microsoft.SecurityInsights/billingStatistics", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/billingStatistics/sapUsage", + "kind": "SapSolutionUsage", + "properties": { + "activeSystemIdCount": 5 + } + } + ] + } + } + }, + "operationId": "BillingStatistics_List", + "title": "Get all Microsoft Sentinel billing statistics." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetBillingStatistic.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetBillingStatistic.json new file mode 100644 index 000000000000..b87f2405268d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetBillingStatistic.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "billingStatisticName": "sapSolutionUsage", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "sapSolutionUsage", + "type": "Microsoft.SecurityInsights/billingStatistics", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/billingStatistics/sapUsage", + "kind": "SapSolutionUsage", + "properties": { + "activeSystemIdCount": 5 + } + } + } + }, + "operationId": "BillingStatistics_Get", + "title": "Get a billing statistic." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/CreateBookmark.json new file mode 100644 index 000000000000..e4cd4ee0d9e0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/CreateBookmark.json @@ -0,0 +1,145 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmark": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "created": "2021-09-01T13:15:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "My bookmark", + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ], + "labels": [ + "Tag1", + "Tag2" + ], + "notes": "Found a suspicious activity", + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "updated": "2021-09-01T13:15:30Z", + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + } + } + }, + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "created": "2021-09-01T13:15:30Z", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "My bookmark", + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ], + "labels": [ + "Tag1", + "Tag2" + ], + "notes": "Found a suspicious activity", + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "updated": "2021-09-01T13:15:30Z", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + } + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "created": "2021-09-01T13:15:30Z", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "My bookmark", + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ], + "labels": [ + "Tag1", + "Tag2" + ], + "notes": "Found a suspicious activity", + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "updated": "2021-09-01T13:15:30Z", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + } + } + } + } + }, + "operationId": "Bookmarks_CreateOrUpdate", + "title": "Creates or updates a bookmark." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/DeleteBookmark.json new file mode 100644 index 000000000000..7267218ea596 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/DeleteBookmark.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Bookmarks_Delete", + "title": "Delete a bookmark." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarkById.json new file mode 100644 index 000000000000..42e7903ad67e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarkById.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "created": "2021-09-01T13:15:30Z", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "My bookmark", + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ], + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018", + "severity": "Low", + "title": "New case 1" + }, + "labels": [ + "Tag1", + "Tag2" + ], + "notes": "Found a suspicious activity", + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "updated": "2021-09-01T13:15:30Z", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + } + } + } + } + }, + "operationId": "Bookmarks_Get", + "title": "Get a bookmark." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarks.json new file mode 100644 index 000000000000..1245a2723ee0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarks.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "created": "2021-09-01T13:15:30Z", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "My bookmark", + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ], + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018", + "severity": "Low", + "title": "New case 1" + }, + "labels": [ + "Tag1", + "Tag2" + ], + "notes": "Found a suspicious activity", + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "updated": "2021-09-01T13:15:30Z", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + } + } + } + ] + } + } + }, + "operationId": "Bookmarks_List", + "title": "Get all bookmarks." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/expand/PostExpandBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/expand/PostExpandBookmark.json new file mode 100644 index 000000000000..86aaaa2f7efd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/expand/PostExpandBookmark.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "parameters": { + "endTime": "2020-01-24T17:21:00.000Z", + "expansionId": "27f76e63-c41b-480f-bb18-12ad2e011d49", + "startTime": "2019-12-25T17:21:00.000Z" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "metaData": { + "aggregations": [ + { + "count": 1, + "entityKind": "Account" + } + ] + }, + "value": { + "entities": [ + { + "name": "fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "kind": "Account", + "properties": { + "accountName": "administrator", + "friendlyName": "administrator", + "ntDomain": "domain" + } + } + ] + } + } + } + }, + "operationId": "Bookmark_Expand", + "title": "Expand an bookmark" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/CreateBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/CreateBookmarkRelation.json new file mode 100644 index 000000000000..1098ef7804b8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/CreateBookmarkRelation.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812" + } + }, + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + }, + "201": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + }, + "operationId": "BookmarkRelations_CreateOrUpdate", + "title": "Creates or updates a bookmark relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/DeleteBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/DeleteBookmarkRelation.json new file mode 100644 index 000000000000..a5df79a55a5f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/DeleteBookmarkRelation.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "BookmarkRelations_Delete", + "title": "Delete the bookmark relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetAllBookmarkRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetAllBookmarkRelations.json new file mode 100644 index 000000000000..dd54eb3403f5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetAllBookmarkRelations.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + }, + "operationId": "BookmarkRelations_List", + "title": "Get all bookmark relations." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetBookmarkRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetBookmarkRelationByName.json new file mode 100644 index 000000000000..f62ee44a9e95 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetBookmarkRelationByName.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + }, + "operationId": "BookmarkRelations_Get", + "title": "Get a bookmark relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackageById.json new file mode 100644 index 000000000000..27e5dcd98604 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackageById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "packageId": "str.azure-sentinel-solution-str", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "displayName": "str", + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ContentPackages_Get", + "title": "Get installed packages by id." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackages.json new file mode 100644 index 000000000000..93c2dcf43017 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackages.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "packageId": "str.azure-sentinel-solution-str", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentSchemaVersion": "3.0.0", + "displayName": "str", + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + ] + } + } + }, + "operationId": "ContentPackages_List", + "title": "Get all available packages." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackageById.json new file mode 100644 index 000000000000..22893b851531 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackageById.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "packageId": "str.azure-sentinel-solution-str", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentproductpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductPackages/str.azure-sentinel-solution-str", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "str", + "firstPublishDate": "2022-04-01", + "installedVersion": "2.0.0", + "packageContent": "JSON string of the package", + "providers": [ + "Microsoft" + ], + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ProductPackage_Get", + "title": "Get a package." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackages.json new file mode 100644 index 000000000000..aca44ad14b43 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackages.json @@ -0,0 +1,80 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentproductpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductPackages/str.azure-sentinel-solution-str", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "str", + "firstPublishDate": "2022-04-01", + "installedVersion": "2.0.0", + "providers": [ + "Microsoft" + ], + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + ] + } + } + }, + "operationId": "ProductPackages_List", + "title": "Get all available packages." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/InstallPackage.json new file mode 100644 index 000000000000..efb0fb10a224 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/InstallPackage.json @@ -0,0 +1,153 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "packageId": "str.azure-sentinel-solution-str", + "packageInstallationProperties": { + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "displayName": "str", + "version": "2.0.0" + }, + "tags": { + "tag1": "str" + } + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "str", + "firstPublishDate": "2022-04-01", + "installedVersion": "2.0.0", + "providers": [ + "Microsoft" + ], + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + }, + "201": { + "body": { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "str", + "firstPublishDate": "2022-04-01", + "installedVersion": "2.0.0", + "providers": [ + "Microsoft" + ], + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ContentPackage_Install", + "title": "Install a package to the workspace." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/UninstallPackage.json new file mode 100644 index 000000000000..eabb93b3efdf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/UninstallPackage.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "packageId": "str.azure-sentinel-solution-str", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ContentPackage_Uninstall", + "title": "Uninstall a package from the workspace." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/DeleteTemplate.json new file mode 100644 index 000000000000..f7db695affcd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/DeleteTemplate.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ContentTemplate_Delete", + "title": "Delete metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplateById.json new file mode 100644 index 000000000000..3100fa1caa9f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplateById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contentproducttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "properties": { + "contentId": "contentId", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "displayName": "My installed template", + "mainTemplate": {}, + "packageId": "packageId", + "packageKind": "Standalone", + "packageName": "package name", + "packageVersion": "1.0.0", + "source": { + "name": "Source name", + "kind": "Standalone" + }, + "version": "1.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ProductTemplate_Get", + "title": "Get a template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplates.json new file mode 100644 index 000000000000..1d5ea99396f8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplates.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contentproducttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "properties": { + "contentId": "contentId", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "displayName": "My installed template", + "packageId": "packageId", + "packageKind": "Standalone", + "packageName": "package name", + "packageVersion": "1.0.0", + "source": { + "name": "Source name", + "kind": "Standalone" + }, + "version": "1.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + ] + } + } + }, + "operationId": "ProductTemplates_List", + "title": "Get all installed templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplateById.json new file mode 100644 index 000000000000..f08c78ea65e4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplateById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "properties": { + "contentId": "contentId", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "displayName": "My installed template", + "mainTemplate": {}, + "packageId": "packageId", + "packageVersion": "1.0.0", + "source": { + "name": "Source name", + "kind": "Standalone" + }, + "version": "1.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ContentTemplate_Get", + "title": "Get a template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplates.json new file mode 100644 index 000000000000..e6cda61f8ab2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplates.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "properties": { + "contentId": "contentId", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "displayName": "My installed template", + "packageId": "packageId", + "packageVersion": "1.0.0", + "source": { + "name": "Source name", + "kind": "Standalone" + }, + "version": "1.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + ] + } + } + }, + "operationId": "ContentTemplates_List", + "title": "Get all installed templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/InstallTemplate.json new file mode 100644 index 000000000000..570e582f4123 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/InstallTemplate.json @@ -0,0 +1,230 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "templateId": "str.azure-sentinel-solution-str", + "templateInstallationProperties": { + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentKind": "AnalyticsRule", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "displayName": "API Protection workbook template", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.1", + "resources": [ + { + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user", + "displayName": "Critical or High Severity Detections by User", + "enabled": false, + "query": "...", + "queryFrequency": "PT1H", + "queryPeriod": "PT1H", + "severity": "High", + "status": "Available", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "properties": { + "description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1", + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "contentId": "4465ebde-b381-45f7-ad08-7d818070a11c", + "kind": "AnalyticsRule", + "parentId": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]", + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "1.0.0" + } + } + ] + }, + "packageId": "str.azure-sentinel-solution-str", + "packageKind": "Solution", + "packageName": "str", + "packageVersion": "1.0.0", + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "1.0.1" + }, + "tags": { + "tag1": "str" + } + }, + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentKind": "AnalyticsRule", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "API Protection workbook template", + "firstPublishDate": "2022-04-01", + "packageId": "str.azure-sentinel-solution-str", + "packageKind": "Solution", + "packageVersion": "1.0.0", + "providers": [ + "Microsoft" + ], + "source": { + "name": "CiscoUmbrella", + "kind": "Solution", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "1.0.1" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + }, + "201": { + "body": { + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentKind": "AnalyticsRule", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "API Protection workbook template", + "firstPublishDate": "2022-04-01", + "packageId": "str.azure-sentinel-solution-str", + "packageKind": "Solution", + "packageVersion": "1.0.0", + "providers": [ + "Microsoft" + ], + "source": { + "name": "CiscoUmbrella", + "kind": "Solution", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "1.0.1" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ContentTemplate_Install", + "title": "Get a template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json new file mode 100644 index 000000000000..276d43278fcf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -0,0 +1,260 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "connectorDefinitionInput": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": false, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "action": false, + "delete": false, + "read": false, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "title": "GitHub Enterprise Audit Log" + } + } + }, + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": false, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "action": false, + "delete": false, + "read": false, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "title": "GitHub Enterprise Audit Log" + } + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": false, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "action": false, + "delete": false, + "read": false, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "title": "GitHub Enterprise Audit Log" + } + } + } + } + }, + "operationId": "DataConnectorDefinitions_CreateOrUpdate", + "title": "Create data connector definition" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json new file mode 100644 index 000000000000..3f018795ab7f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectorDefinitions_Delete", + "title": "Delete data connector definition" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json new file mode 100644 index 000000000000..de82ef598b4d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorDefinitionName": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "kind": "Customizable", + "properties": { + "connectionsConfig": { + "templateSpecName": "templateNameMock", + "templateSpecVersion": "1.0.0" + }, + "connectorUiConfig": { + "availability": { + "isPreview": false, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "action": false, + "delete": false, + "read": false, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "title": "GitHub Enterprise Audit Log" + } + } + } + } + }, + "operationId": "DataConnectorDefinitions_Get", + "title": "Get customize data connector definition" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetDataConnectorDefinitions.json new file mode 100644 index 000000000000..0695b0478edc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -0,0 +1,96 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": false, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "action": false, + "delete": false, + "read": false, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "title": "GitHub Enterprise Audit Log" + } + } + } + ] + } + } + }, + "operationId": "DataConnectorDefinitions_List", + "title": "Get all data connector definitions." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectory.json new file mode 100644 index 000000000000..a17ed7b55380 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for AADIP (Azure Active Directory Identity Protection)." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json new file mode 100644 index 000000000000..33b0fdcebfc1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for AADIP (Azure Active Directory Identity Protection) - no authorization." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json new file mode 100644 index 000000000000..a65a42e1a9a8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for AADIP (Azure Active Directory Identity Protection) - no license." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureSecurityCenter.json new file mode 100644 index 000000000000..c3eba3a6f79b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "AzureSecurityCenter", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for ASC." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsDynamics365.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsDynamics365.json new file mode 100644 index 000000000000..25fdc437183e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsDynamics365.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "Dynamics365", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for Dynamics365." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsIoT.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsIoT.json new file mode 100644 index 000000000000..96d65519068f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsIoT.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "IOT", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for IoT." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMdatp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMdatp.json new file mode 100644 index 000000000000..7f29906a1ce4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMdatp.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for Mdatp." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json new file mode 100644 index 000000000000..81d953de9389 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for Mcas." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json new file mode 100644 index 000000000000..a652570cce55 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for MicrosoftPurviewInformationProtection." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json new file mode 100644 index 000000000000..18e55f0d1888 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for MicrosoftThreatIntelligence." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json new file mode 100644 index 000000000000..8a1edf169f78 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for MicrosoftThreatProtection." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOffice365Project.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOffice365Project.json new file mode 100644 index 000000000000..a82a9104c54b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOffice365Project.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "Office365Project", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for Office365Project." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeATP.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeATP.json new file mode 100644 index 000000000000..f3700725beae --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeATP.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "OfficeATP", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for OfficeATP." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeIRM.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeIRM.json new file mode 100644 index 000000000000..b3528f491472 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeIRM.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "OfficeIRM", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for OfficeIRM." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficePowerBI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficePowerBI.json new file mode 100644 index 000000000000..56a1de0cd2d4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficePowerBI.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "OfficePowerBI", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for OfficePowerBI." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsPurviewAudit.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsPurviewAudit.json new file mode 100644 index 000000000000..c48c1c30ee20 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsPurviewAudit.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "PurviewAudit", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for PurviewAudit." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligence.json new file mode 100644 index 000000000000..5a7e0877f770 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for TI." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json new file mode 100644 index 000000000000..ff35b1c6e3e4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for TI Taxii." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPolling.json new file mode 100644 index 000000000000..706796c34271 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPolling.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "connectBody": { + "apiKey": "123456789", + "kind": "APIKey", + "requestConfigUserInputValues": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint" + } + ] + }, + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {} + }, + "operationId": "DataConnectors_Connect", + "title": "Connect an APIPolling data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPollingV2Logs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPollingV2Logs.json new file mode 100644 index 000000000000..3d0746c25c48 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPollingV2Logs.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "connectBody": { + "apiKey": "123456789", + "dataCollectionEndpoint": "https://test.eastus.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-34adsj9o7d6f9de204478b9cgb43b631", + "kind": "APIKey", + "outputStream": "Custom-MyTableRawData", + "requestConfigUserInputValues": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint" + } + ] + }, + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {} + }, + "operationId": "DataConnectors_Connect", + "title": "Connect an APIPolling V2 logs data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateAPIPolling.json new file mode 100644 index 000000000000..18ffab7d617b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateAPIPolling.json @@ -0,0 +1,370 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "APIKey", + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint" + } + ] + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "title": "GitHub Enterprise Audit Log" + }, + "pollingConfig": { + "auth": { + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization", + "authType": "APIKey" + }, + "paging": { + "pageSizeParaName": "per_page", + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "Get", + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + }, + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "queryWindowInMin": 15, + "rateLimitQps": 50, + "retryCount": 2, + "timeoutInSeconds": 60 + } + } + } + }, + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "APIKey", + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint" + } + ] + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "title": "GitHub Enterprise Audit Log" + }, + "pollingConfig": { + "auth": { + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization", + "authType": "APIKey" + }, + "paging": { + "pageSizeParaName": "per_page", + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "Get", + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + }, + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "queryWindowInMin": 15, + "rateLimitQps": 50, + "retryCount": 2, + "timeoutInSeconds": 60 + } + } + } + } + }, + "201": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "APIKey", + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint" + } + ] + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "title": "GitHub Enterprise Audit Log" + }, + "pollingConfig": { + "auth": { + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization", + "authType": "APIKey" + }, + "paging": { + "pageSizeParaName": "per_page", + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "Get", + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + }, + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "queryWindowInMin": 15, + "rateLimitQps": 50, + "retryCount": 2, + "timeoutInSeconds": 60 + } + } + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a APIPolling data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateDynamics365DataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateDynamics365DataConnetor.json new file mode 100644 index 000000000000..ba1162e6ff90 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateDynamics365DataConnetor.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Dynamics365", + "properties": { + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Dynamics365", + "properties": { + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Dynamics365", + "properties": { + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a Dynamics365 data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGenericUI.json new file mode 100644 index 000000000000..b88373152062 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGenericUI.json @@ -0,0 +1,439 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "{{graphQueriesTableName}}", + "metricName": "Total data received" + } + ], + "graphQueriesTableName": "QualysHostDetection_CL", + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", + "title": "" + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", + "title": "" + }, + { + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", + "title": "" + }, + { + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + } + }, + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + } + } + ], + "title": "" + }, + { + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", + "title": "" + }, + { + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", + "title": "" + }, + { + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.", + "title": "" + }, + { + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)", + "title": "" + } + ], + "permissions": { + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + }, + { + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "providerDisplayName": "Keys", + "requiredPermissions": { + "action": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "Qualys", + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "title": "Qualys Vulnerability Management (CCP DEMO)" + } + } + }, + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "{{graphQueriesTableName}}", + "metricName": "Total data received" + } + ], + "graphQueriesTableName": "QualysHostDetection_CL", + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", + "title": "" + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", + "title": "" + }, + { + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", + "title": "" + }, + { + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + } + }, + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + } + } + ], + "title": "" + }, + { + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", + "title": "" + }, + { + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", + "title": "" + }, + { + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.", + "title": "" + }, + { + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)", + "title": "" + } + ], + "permissions": { + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + }, + { + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "providerDisplayName": "Keys", + "requiredPermissions": { + "action": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "Qualys", + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "title": "Qualys Vulnerability Management (CCP DEMO)" + } + } + } + }, + "201": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "{{graphQueriesTableName}}", + "metricName": "Total data received" + } + ], + "graphQueriesTableName": "QualysHostDetection_CL", + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", + "title": "" + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", + "title": "" + }, + { + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", + "title": "" + }, + { + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + } + }, + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + } + } + ], + "title": "" + }, + { + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", + "title": "" + }, + { + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", + "title": "" + }, + { + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.", + "title": "" + }, + { + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)", + "title": "" + } + ], + "permissions": { + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + }, + { + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "providerDisplayName": "Keys", + "requiredPermissions": { + "action": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "Qualys", + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "title": "Qualys Vulnerability Management (CCP DEMO)" + } + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a GenericUI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGoogleCloudPlatform.json new file mode 100644 index 000000000000..013828b0db9e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGoogleCloudPlatform.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "GCP", + "properties": { + "auth": { + "type": "GCP", + "projectNumber": "123456789012", + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "workloadIdentityProviderId": "sentinel-identity-provider" + }, + "connectorDefinitionName": "GcpConnector", + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + }, + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "GCP", + "properties": { + "auth": { + "type": "GCP", + "projectNumber": "123456789012", + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "workloadIdentityProviderId": "sentinel-identity-provider" + }, + "connectorDefinitionName": "GcpConnector", + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + } + }, + "201": { + "body": { + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "GCP", + "properties": { + "auth": { + "type": "GCP", + "projectNumber": "123456789012", + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "workloadIdentityProviderId": "sentinel-identity-provider" + }, + "connectorDefinitionName": "GcpConnector", + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a GCP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json new file mode 100644 index 000000000000..36b05de8f57e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an MicrosoftPurviewInformationProtection data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..bfe4029ef57c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "dataTypes": { + "microsoftEmergingThreatFeed": { + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + }, + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "dataTypes": { + "microsoftEmergingThreatFeed": { + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + } + }, + "201": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "dataTypes": { + "microsoftEmergingThreatFeed": { + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a Microsoft Threat Intelligence data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json new file mode 100644 index 000000000000..e0d8c784b0db --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json @@ -0,0 +1,83 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "MicrosoftThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "incidents": { + "state": "Disabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + }, + "tenantId": "178265c4-3136-4ff6-8ed1-b5b62b4cb5f5" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "595c870a-5b74-4a23-984c-9ddba29cefe3", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3", + "kind": "MicrosoftThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "incidents": { + "state": "Disabled55" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "595c870a-5b74-4a23-984c-9ddba29cefe3", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3", + "kind": "MicrosoftThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "incidents": { + "state": "Disabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a MicrosoftThreatProtection data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOffice365ProjectDataConnetor.json new file mode 100644 index 000000000000..c52fa5e303a9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOffice365ProjectDataConnetor.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Office365Project", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365Project", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365Project", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Office365 Project data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficeDataConnetor.json new file mode 100644 index 000000000000..5bbc97a44fdb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficeDataConnetor.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Office365", + "properties": { + "dataTypes": { + "exchange": { + "state": "Enabled" + }, + "sharePoint": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365", + "properties": { + "dataTypes": { + "exchange": { + "state": "Enabled" + }, + "sharePoint": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365", + "properties": { + "dataTypes": { + "exchange": { + "state": "Enabled" + }, + "sharePoint": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Office365 data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficePowerBIDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficePowerBIDataConnector.json new file mode 100644 index 000000000000..9a6eb564bab0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficePowerBIDataConnector.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "OfficePowerBI", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "OfficePowerBI", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "OfficePowerBI", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Office PowerBI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..042a6d8d0eb8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + }, + "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "resourceGroupName": "myRg", + "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "56003401-0000-0100-0000-67314b0b0000", + "id": "/subscriptions/b66e5c69-e2eb-422a-81c3-002de57059f3/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "lookbackPeriod": "2024-11-01T00:00:00Z", + "requiredSKUsPresent": true, + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + } + }, + "201": { + "body": { + "name": "3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "56003401-0000-0100-0000-67314b0b0000", + "id": "/subscriptions/b66e5c69-e2eb-422a-81c3-002de57059f3/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "lookbackPeriod": "2024-11-01T00:00:00Z", + "requiredSKUsPresent": true, + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a PremiumMicrosoftDefenderForThreatIntelligence data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePurviewAuditDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePurviewAuditDataConnector.json new file mode 100644 index 000000000000..cdeeed502215 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePurviewAuditDataConnector.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "PurviewAudit", + "properties": { + "connectorDefinitionName": "PowerAutomate", + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "OFFICEPOWERAUTOMATE_RESTAPI" + }, + "sourceType": "MicrosoftFlow", + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "PurviewAudit", + "properties": { + "connectorDefinitionName": "PowerAutomate", + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "dcrConfig": null, + "sourceType": "MicrosoftFlow", + "tenantId": "MicrosoftFlow" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "PurviewAudit", + "properties": { + "connectorDefinitionName": "PowerAutomate", + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "dcrConfig": null, + "sourceType": "MicrosoftFlow", + "tenantId": "MicrosoftFlow" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a PurviewAudit data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..fd604155a11b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "dataTypes": { + "indicators": { + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "ThreatIntelligence", + "properties": { + "dataTypes": { + "indicators": { + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "ThreatIntelligence", + "properties": { + "dataTypes": { + "indicators": { + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Threat Intelligence Platform data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json new file mode 100644 index 000000000000..ffbf6247cef8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -0,0 +1,83 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "collectionId": "135", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + }, + "friendlyName": "testTaxii", + "password": "--", + "pollingFrequency": "OnceADay", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "userName": "--", + "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "collectionId": "135", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + }, + "friendlyName": "testTaxii", + "password": null, + "pollingFrequency": "OnceADay", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "userName": null, + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "collectionId": "135", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + }, + "friendlyName": "testTaxii", + "password": null, + "pollingFrequency": "OnceADay", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "userName": null, + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a Threat Intelligence Taxii data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteAPIPolling.json new file mode 100644 index 000000000000..133a3dfa341d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteAPIPolling.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete a APIPolling data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGenericUI.json new file mode 100644 index 000000000000..953a92a9e054 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGenericUI.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete a GenericUI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGoogleCloudPlatform.json new file mode 100644 index 000000000000..dc5648def492 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGoogleCloudPlatform.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete a GCP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json new file mode 100644 index 000000000000..87a923780d9a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an MicrosoftPurviewInformationProtection data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..993e741d87f1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an MicrosoftThreatIntelligence data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOffice365ProjectDataConnetor.json new file mode 100644 index 000000000000..072360884a5b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOffice365ProjectDataConnetor.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an Office365 Project data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficeDataConnetor.json new file mode 100644 index 000000000000..e6366574dbf6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficeDataConnetor.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an Office365 data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficePowerBIDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficePowerBIDataConnetor.json new file mode 100644 index 000000000000..0f697fb5bab7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficePowerBIDataConnetor.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an Office PowerBI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..ef5fd2b3fcd0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "resourceGroupName": "myRg", + "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Deletes a PremiumMicrosoftDefenderForThreatIntelligence data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePurviewAuditDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePurviewAuditDataConnector.json new file mode 100644 index 000000000000..a75742fcd00a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePurviewAuditDataConnector.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete a PurviewAudit data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DisconnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DisconnectAPIPolling.json new file mode 100644 index 000000000000..566a535f329a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DisconnectAPIPolling.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "disconnectBody": {}, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {} + }, + "operationId": "DataConnectors_Disconnect", + "title": "Disconnect an APIPolling data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAPIPolling.json new file mode 100644 index 000000000000..5454f3b02034 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAPIPolling.json @@ -0,0 +1,135 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "customImage": "The image connector content", + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "APIKey", + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint" + } + ] + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "title": "GitHub Enterprise Audit Log" + }, + "pollingConfig": { + "auth": { + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization", + "authType": "APIKey" + }, + "paging": { + "pageSizeParaName": "per_page", + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "Get", + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + }, + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "queryWindowInMin": 15, + "rateLimitQps": 50, + "retryCount": 2, + "timeoutInSeconds": 60 + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a APIPolling data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesCloudTrailById.json new file mode 100644 index 000000000000..f09d00672ba1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AwsCloudTrail data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesS3ById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesS3ById.json new file mode 100644 index 000000000000..4c66c3e77416 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesS3ById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "AmazonWebServicesS3", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "destinationTable": "AWSVPCFlow", + "roleArn": "arn:aws:iam::072643944673:role/RoleName", + "sqsUrls": [ + "https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName" + ] + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Aws S3 data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureActiveDirectoryById.json new file mode 100644 index 000000000000..e1bb71fe8ef9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureActiveDirectoryById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "kind": "AzureActiveDirectory", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AADIP (Azure Active Directory Identity Protection) data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..e78ee70d0c7c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "kind": "AzureAdvancedThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AATP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureSecurityCenterById.json new file mode 100644 index 000000000000..a703927809af --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureSecurityCenterById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "kind": "AzureSecurityCenter", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a ASC data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDataConnectors.json new file mode 100644 index 000000000000..4764fd4e2720 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDataConnectors.json @@ -0,0 +1,528 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "kind": "AzureSecurityCenter", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0" + } + }, + { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "ThreatIntelligence", + "properties": { + "dataTypes": { + "indicators": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + }, + "friendlyName": "My TI Taxii Connector", + "password": "", + "pollingFrequency": "OnceAMinute", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "userName": "", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2" + } + }, + { + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "kind": "AzureActiveDirectory", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365", + "properties": { + "dataTypes": { + "exchange": { + "state": "Enabled" + }, + "sharePoint": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "kind": "AzureAdvancedThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "name": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "AmazonWebServicesS3", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "destinationTable": "AWSVPCFlow", + "roleArn": "arn:aws:iam::072643944673:role/RoleName", + "sqsUrls": [ + "https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName" + ] + } + }, + { + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "OfficeATP", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "Office365Project", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "OfficePowerBI", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "Dynamics365", + "properties": { + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "PurviewAudit", + "properties": { + "connectorDefinitionName": "PowerAutomate", + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "dcrConfig": null, + "sourceType": "MicrosoftFlow", + "tenantId": "MicrosoftFlow" + } + }, + { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "customImage": "The image connector content", + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "{{graphQueriesTableName}}", + "metricName": "Total data received" + } + ], + "graphQueriesTableName": "QualysHostDetection_CL", + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", + "title": "" + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", + "title": "" + }, + { + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", + "title": "" + }, + { + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + } + }, + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + } + } + ], + "title": "" + }, + { + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", + "title": "" + }, + { + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", + "title": "" + }, + { + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.", + "title": "" + }, + { + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)", + "title": "" + } + ], + "permissions": { + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + }, + { + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "providerDisplayName": "Keys", + "requiredPermissions": { + "action": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "Qualys", + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "title": "Qualys Vulnerability Management (CCP DEMO)" + } + } + }, + { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "APIKey", + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint" + } + ] + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "title": "GitHub Enterprise Audit Log" + }, + "pollingConfig": { + "auth": { + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization", + "authType": "APIKey" + }, + "paging": { + "pageSizeParaName": "per_page", + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "Get", + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + }, + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "queryWindowInMin": 15, + "rateLimitQps": 50, + "retryCount": 2, + "timeoutInSeconds": 60 + } + } + } + } + ] + } + } + }, + "operationId": "DataConnectors_List", + "title": "Get all data connectors." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDynamics365DataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDynamics365DataConnectorById.json new file mode 100644 index 000000000000..5fa1f3f4e081 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDynamics365DataConnectorById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "Dynamics365", + "properties": { + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a Dynamics365 data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGenericUI.json new file mode 100644 index 000000000000..56f2bd9f6b66 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGenericUI.json @@ -0,0 +1,158 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "customImage": "The image connector content", + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "{{graphQueriesTableName}}", + "metricName": "Total data received" + } + ], + "graphQueriesTableName": "QualysHostDetection_CL", + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", + "title": "" + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", + "title": "" + }, + { + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", + "title": "" + }, + { + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + } + }, + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + } + } + ], + "title": "" + }, + { + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", + "title": "" + }, + { + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", + "title": "" + }, + { + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.", + "title": "" + }, + { + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)", + "title": "" + } + ], + "permissions": { + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + }, + { + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "providerDisplayName": "Keys", + "requiredPermissions": { + "action": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "Qualys", + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "title": "Qualys Vulnerability Management (CCP DEMO)" + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a GenericUI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGoogleCloudPlatformById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGoogleCloudPlatformById.json new file mode 100644 index 000000000000..c13e6713d5f7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGoogleCloudPlatformById.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "GCP", + "properties": { + "auth": { + "type": "GCP", + "projectNumber": "123456789012", + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "workloadIdentityProviderId": "sentinel-identity-provider" + }, + "connectorDefinitionName": "GcpConnector", + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a GCP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetIoTById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetIoTById.json new file mode 100644 index 000000000000..15e0c7ef86b8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetIoTById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "kind": "IOT", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a IoT data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftCloudAppSecurityById.json new file mode 100644 index 000000000000..a7d731f16965 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MCAS data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..f9c359e48ccd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MDATP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftInsiderRiskManagementById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftInsiderRiskManagementById.json new file mode 100644 index 000000000000..589c84e48df7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftInsiderRiskManagementById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "OfficeIRM", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office IRM data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json new file mode 100644 index 000000000000..2c8ddc5321ad --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MicrosoftPurviewInformationProtection data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatIntelligenceById.json new file mode 100644 index 000000000000..de5e448c5321 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "dataTypes": { + "microsoftEmergingThreatFeed": { + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MicrosoftThreatIntelligence data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatProtectionById.json new file mode 100644 index 000000000000..7f6a4865694d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "MicrosoftThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "incidents": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MicrosoftThreatProtection data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365AdvancedThreatProtectionById.json new file mode 100644 index 000000000000..0af1417f716f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "OfficeATP", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office ATP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365ProjectDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365ProjectDataConnetorById.json new file mode 100644 index 000000000000..215594eeab46 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365ProjectDataConnetorById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365Project", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office365 Project data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficeDataConnetorById.json new file mode 100644 index 000000000000..01486ac3c6ed --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficeDataConnetorById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365", + "properties": { + "dataTypes": { + "exchange": { + "state": "Enabled" + }, + "sharePoint": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office365 data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficePowerBIDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficePowerBIDataConnetorById.json new file mode 100644 index 000000000000..1c06fc94e372 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficePowerBIDataConnetorById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "OfficePowerBI", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office365 PowerBI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json new file mode 100644 index 000000000000..549b92b7dccb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "resourceGroupName": "myRg", + "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d30049a2-0000-0800-0000-658ca2270000", + "id": "/subscriptions/b66e5c69-e2eb-422a-81c3-002de57059f3/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "lookbackPeriod": "2023-12-26T22:16:07Z", + "requiredSKUsPresent": false, + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a PremiumMicrosoftDefenderForThreatIntelligence data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPurviewAuditDataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPurviewAuditDataConnectorById.json new file mode 100644 index 000000000000..f8479de0daf7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPurviewAuditDataConnectorById.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "PurviewAudit", + "properties": { + "connectorDefinitionName": "PowerAutomate", + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "dcrConfig": null, + "sourceType": "MicrosoftFlow", + "tenantId": "MicrosoftFlow" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a PurviewAudit data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetRestApiPollerById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetRestApiPollerById.json new file mode 100644 index 000000000000..68853ae70016 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetRestApiPollerById.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "RestApiPoller_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "RestApiPoller_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/RestApiPoller_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "APIKey", + "apiKey": "6bec40cf957de430a6f1f2baa056b99a4fac9ea0", + "apiKeyName": "X-Cisco-Meraki-API-Key" + }, + "connectorDefinitionName": "RestApiPollerDefinition", + "dcrConfig": { + "dataCollectionEndpoint": "data collection Endpoint", + "dataCollectionRuleImmutableId": "data collection rule immutableId", + "streamName": "Meraki" + }, + "paging": { + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.meraki.com/api/v1/organizations/573083052582915028/networks", + "endTimeAttributeName": "t1", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "GET", + "queryParameters": { + "perPage": 1000 + }, + "queryTimeFormat": "UnixTimestamp", + "queryWindowInMin": 6, + "rateLimitQPS": 10, + "retryCount": 3, + "startTimeAttributeName": "t0", + "timeoutInSeconds": 60 + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a RestApiPoller data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..4afc00f7709b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "ThreatIntelligence", + "properties": { + "dataTypes": { + "indicators": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a TI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceTaxiiById.json new file mode 100644 index 000000000000..fc6bce29fc75 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + }, + "friendlyName": "My TI Taxii Connector", + "password": "", + "pollingFrequency": "OnceADay", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "userName": "", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a TI Taxii data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetGeodataWithWorkspaceByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetGeodataWithWorkspaceByIp.json new file mode 100644 index 000000000000..65e9ecde256c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetGeodataWithWorkspaceByIp.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "enrichmentType": "main", + "ipAddressBody": { + "ipAddress": "1.2.3.4" + }, + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "asn": "12345", + "carrier": "Microsoft", + "city": "Redmond", + "cityCf": 90, + "continent": "north america", + "country": "united states", + "countryCf": 99, + "ipAddr": "1.2.3.4", + "ipRoutingType": "fixed", + "latitude": "40.2436", + "longitude": "-100.8891", + "organization": "Microsoft", + "organizationType": "tech", + "region": "western usa", + "state": "washington", + "stateCf": null, + "stateCode": "wa" + } + } + }, + "operationId": "ListGeodataByIp", + "title": "Get geodata for a single IP address" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetWhoisWithWorkspaceByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetWhoisWithWorkspaceByDomainName.json new file mode 100644 index 000000000000..8fffd157fcd0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetWhoisWithWorkspaceByDomainName.json @@ -0,0 +1,93 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "domainBody": { + "domain": "microsoft.com" + }, + "enrichmentType": "main", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "created": "2021-09-01T16:15:01.187045Z", + "domain": "microsoft.com", + "expires": null, + "parsedWhois": { + "contacts": { + "admin": { + "name": "Administrator", + "city": null, + "country": "United States", + "email": "mail@microsoft.com", + "fax": null, + "org": "Microsoft", + "phone": "1-800-555-1234", + "postal": "98052", + "state": "WA", + "street": [ + "One Microsoft Way" + ] + }, + "billing": { + "name": "Administrator", + "city": null, + "country": "United States", + "email": "mail@microsoft.com", + "fax": null, + "org": "Microsoft", + "phone": "1-800-555-1234", + "postal": "98052", + "state": "WA", + "street": [ + "One Microsoft Way" + ] + }, + "registrant": null, + "tech": { + "name": "Administrator", + "city": null, + "country": "United States", + "email": "mail@microsoft.com", + "fax": null, + "org": "Microsoft", + "phone": "1-800-555-1234", + "postal": "98052", + "state": "WA", + "street": [ + "One Microsoft Way" + ] + } + }, + "nameServers": [ + "ns1-205.azure-dns.com", + "ns2-205.azure-dns.net", + "ns3-205.azure-dns.org", + "ns4-205.azure-dns.info" + ], + "registrar": { + "name": "MarkMonitor, Inc", + "abuseContactEmail": "abuse@microsoft.com", + "abuseContactPhone": "12083895770", + "url": "http://www.markmonitor.com", + "whoisServer": "whois.markmonitor.com" + }, + "statuses": [ + "clientUpdateProhibited", + "clientTransferProhibited", + "clientDeleteProhibited", + "serverUpdateProhibited", + "serverTransferProhibited", + "serverDeleteProhibited" + ] + }, + "server": null, + "updated": "2021-09-01T16:15:01.187045Z" + } + } + }, + "operationId": "ListWhoisByDomain", + "title": "Get whois information for a single domain name" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAccountEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAccountEntityById.json new file mode 100644 index 000000000000..18384d06a41d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAccountEntityById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Account", + "properties": { + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "accountName": "administrator", + "dnsDomain": "contoso.com", + "friendlyName": "administrator", + "isDomainJoined": true, + "ntDomain": "domain", + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "sid": "S-1-5-18", + "upnSuffix": "contoso" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get an account entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAzureResourceEntityById.json new file mode 100644 index 000000000000..5f75c80c157a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAzureResourceEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "AzureResource", + "properties": { + "friendlyName": "vm1", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get an azure resource entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetCloudApplicationEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetCloudApplicationEntityById.json new file mode 100644 index 000000000000..6fbcf4dfc2a5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetCloudApplicationEntityById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "CloudApplication", + "properties": { + "appId": 1, + "appName": "AppName", + "friendlyName": "AppName", + "instanceName": "InstanceName" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a cloud application entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetDnsEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetDnsEntityById.json new file mode 100644 index 000000000000..67caffabe17b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetDnsEntityById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "kind": "DnsResolution", + "properties": { + "domainName": "domain", + "friendlyName": "domain", + "ipAddressEntityIds": [ + "475d3120-33e0-4841-9f1c-a8f15a801d19" + ] + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a dns entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetEntities.json new file mode 100644 index 000000000000..0a2a9715c814 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetEntities.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Account", + "properties": { + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "accountName": "administrator", + "friendlyName": "administrator", + "isDomainJoined": true, + "ntDomain": "domain", + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "sid": "S-1-5-18", + "upnSuffix": "contoso" + } + }, + { + "name": "fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "kind": "Host", + "properties": { + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "dnsDomain": "contoso", + "friendlyName": "vm1", + "hostName": "vm1", + "isDomainJoined": true, + "netBiosName": "contoso", + "ntDomain": "domain", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0" + } + }, + { + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "kind": "File", + "properties": { + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe", + "friendlyName": "cmd.exe" + } + } + ] + } + } + }, + "operationId": "Entities_List", + "title": "Get all entities." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileEntityById.json new file mode 100644 index 000000000000..d8b9d15b57d6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "kind": "File", + "properties": { + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe", + "friendlyName": "cmd.exe" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a file entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileHashEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileHashEntityById.json new file mode 100644 index 000000000000..146bdf4137eb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileHashEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "ea359fa6-c1e5-f878-e105-6344f3e399a1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "ea359fa6-c1e5-f878-e105-6344f3e399a1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/ea359fa6-c1e5-f878-e105-6344f3e399a1", + "kind": "FileHash", + "properties": { + "algorithm": "SHA256", + "friendlyName": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0(SHA256)", + "hashValue": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a file hash entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetHostEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetHostEntityById.json new file mode 100644 index 000000000000..7933acdd0cee --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetHostEntityById.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Host", + "properties": { + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "dnsDomain": "contoso", + "friendlyName": "vm1", + "hostName": "vm1", + "isDomainJoined": true, + "netBiosName": "contoso", + "ntDomain": "domain", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a host entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIoTDeviceEntityById.json new file mode 100644 index 000000000000..dc1bf231340a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIoTDeviceEntityById.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "IoTDevice", + "properties": { + "deviceId": "device1", + "deviceName": "device1", + "deviceType": "Industrial", + "firmwareVersion": "20.11", + "friendlyName": "device1", + "importance": "Normal", + "iotHubEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c", + "isAuthorized": true, + "isProgramming": false, + "isScanner": false, + "model": "demo-model", + "nicEntityIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/6ee379bd-ace8-44cf-ab10-ee669a1b71e2" + ], + "operatingSystem": "Windows", + "protocols": [ + "CIP", + "EtherNet/IP" + ], + "purdueLayer": "ProcessControl", + "sensor": "demo-sensor", + "site": "demo-site", + "vendor": "demo-vendor", + "zone": "zone" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get an IoT device entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIpEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIpEntityById.json new file mode 100644 index 000000000000..facf3c88998b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIpEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Ip", + "properties": { + "address": "10.3.2.8", + "friendlyName": "10.3.2.8" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get an ip entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailClusterEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailClusterEntityById.json new file mode 100644 index 000000000000..4061962acf8b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailClusterEntityById.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "MailCluster", + "properties": { + "clusterGroup": "cluster group", + "clusterSourceIdentifier": "cluster source identifier", + "clusterSourceType": "Similarity", + "countByDeliveryStatus": { + "deliveryStatus": 5 + }, + "countByProtectionStatus": { + "protectionStatus": 65 + }, + "countByThreatType": { + "threatType": 6 + }, + "friendlyName": "ClusterSourceIdentifier", + "networkMessageIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "query": "kqlFilter", + "queryTime": "2021-09-01T01:42:01.6026755Z", + "source": "ClusterSourceIdentifier", + "threats": [ + "thrreat1", + "thread2" + ] + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a mailCluster entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailMessageEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailMessageEntityById.json new file mode 100644 index 000000000000..21cfe5b46dec --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailMessageEntityById.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "MailMessage", + "properties": { + "deliveryAction": "Blocked", + "fileEntityIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "friendlyName": "cmd.exe", + "internetMessageId": "message id", + "p1Sender": "email@fake.com", + "p1SenderDisplayName": "p1 sender display name", + "p1SenderDomain": "p1 sender domain", + "p2Sender": "the sender", + "p2SenderDisplayName": "p2 sender display name", + "p2SenderDomain": "p2 Sender Domain", + "recipient": "recipient", + "senderIP": "1.23.34.43", + "subject": "subject", + "threatDetectionMethods": [ + "thrreat1", + "thread2" + ], + "threats": [ + "thrreat1", + "thread2" + ], + "urls": [ + "http://moqbrarcwmnk.banxhdcojlg.biz" + ], + "language": "language" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a mailMessage entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailboxEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailboxEntityById.json new file mode 100644 index 000000000000..b746ebacbab2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailboxEntityById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Mailbox", + "properties": { + "displayName": "display name", + "externalDirectoryObjectId": "18cc8fdc-e169-4451-983a-bd027db286eb", + "friendlyName": "emailAddress1", + "mailboxPrimaryAddress": "emailAddress1", + "upn": "upn1" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a mailbox entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMalwareEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMalwareEntityById.json new file mode 100644 index 000000000000..1379e3c0c026 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMalwareEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "kind": "Malware", + "properties": { + "category": "Trojan", + "friendlyName": "Win32/Toga!rfn", + "malwareName": "Win32/Toga!rfn" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a malware entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetProcessEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetProcessEntityById.json new file mode 100644 index 000000000000..767493a80ad0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetProcessEntityById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "7264685c-038c-42c6-948c-38e14ef1fb98", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "7264685c-038c-42c6-948c-38e14ef1fb98", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/7264685c-038c-42c6-948c-38e14ef1fb98", + "kind": "Process", + "properties": { + "commandLine": "\"cmd\"", + "friendlyName": "cmd.exe", + "imageFileEntityId": "bba7b47b-c1c1-4021-b568-5b07b9292f5e", + "processId": "0x2aa48" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a process entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetQueries.json new file mode 100644 index 000000000000..589b412b6acd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetQueries.json @@ -0,0 +1,458 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Insight", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "6db7f5d1-f41e-46c2-b935-230b36a569e6", + "type": "Microsoft.SecurityInsights/entities/queries", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/6db7f5d1-f41e-46c2-b935-230b36a569e6", + "kind": "Insight", + "properties": { + "description": "Summary of actions taken on the specified account, grouped by action: password resets and changes, account lockouts (policy or admin), account creation and deletion, account enabled and disabled\n", + "additionalQuery": { + "query": "project TimeGenerated, UserPrincipalName, Account_Name, OperationName, Activity, DisableUser, TargetSid, AADUserId, InitiatedBy, AADTenantId, AccountType, Computer, SubjectAccount, SubjectUserSid, EventData", + "text": "See all account activity" + }, + "baseQuery": "let GetAccountActions = (v_Account_Name:string, v_Account_NTDomain:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string, v_Account_SID:string){\nAuditLogs\n| where OperationName in~ ('Delete user', 'Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', 'Update user')\n| extend UserPrincipalName = tostring(TargetResources[0].userPrincipalName)\n| extend Account_Name = tostring(split(UserPrincipalName, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserPrincipalName, '@')[1])\n| extend Action = tostring(parse_json(tostring(parse_json(tostring(TargetResources[0].modifiedProperties))[0])))\n| extend ModifiedProperty = parse_json(Action).displayName\n| extend ModifiedValue = parse_json(Action).newValue\n| extend Account_AADUserId = tostring(TargetResources[0].id)\n| extend DisableUser = iif(ModifiedProperty =~ 'AccountEnabled' and ModifiedValue =~ '[false]', 'True', 'False')\n| union isfuzzy=true (\nSecurityEvent\n| where EventID in (4720, 4722, 4723, 4724, 4725, 4726, 4740)\n| extend OperationName = tostring(EventID)\n| where AccountType =~ \"user\" or isempty(AccountType)\n| extend Account_Name = TargetUserName, Account_NTDomain = TargetDomainName, Account_SID = TargetSid\n)\n| where (Account_Name =~ v_Account_Name and (Account_UPNSuffix =~ v_Account_UPNSuffix or Account_NTDomain =~ v_Account_NTDomain)) or Account_AADUserId =~ v_Account_AADUserId or Account_SID =~ v_Account_SID\n};\nGetAccountActions('CTFFUser4', '', 'seccxp.ninja', '', '')\n", + "chartQuery": { + "type": "BarChart", + "dataSets": [ + { + "legendColumnName": "OperationName", + "query": "summarize Count = count() by bin(TimeGenerated, 1h), OperationName", + "xColumnName": "TimeGenerated", + "yColumnName": "Count" + } + ], + "title": "Actions by type" + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "defaultTimeRange": { + "afterRange": "12h", + "beforeRange": "12h" + }, + "displayName": "Actions on account", + "entitiesFilter": {}, + "inputEntityType": "Account", + "referenceTimeRange": null, + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_NTDomain" + ], + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ], + [ + "Account_SID" + ] + ], + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Action", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Most Recent", + "outputType": "Date", + "supportDeepLink": false + }, + { + "header": "Count", + "outputType": "Number", + "supportDeepLink": true + } + ], + "queriesDefinitions": [ + { + "filter": "where OperationName in~ ('Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', '4724', '4723')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('Blocked from self-service password reset', '4740')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName == '4725' or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('Add user', '4720')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('Delete user', '4726')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('4725', 'Blocked from self-service password reset', '4740') or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('4722', '4767') or (OperationName =~ 'Update user' and DisableUser =~ 'False')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('Update user','4738')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + } + ] + } + } + }, + { + "name": "0a5d7b14-b485-450a-a0ac-4100c860ac32", + "type": "Microsoft.SecurityInsights/entities/queries", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/0a5d7b14-b485-450a-a0ac-4100c860ac32", + "kind": "Insight", + "properties": { + "description": "Highlight office operations of the user with anomalously high count compared to those observed in the preceding 14 days.", + "additionalQuery": { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh | order by maxAnomalyScorePost desc \n| project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n", + "text": "Query all anomalous operations" + }, + "baseQuery": "let AScoreThresh = 3; \nlet maxAnomalies = 3;\nlet BeforeRange = 12d; \nlet EndTime = todatetime('{{EndTimeUTC}}'); \nlet StartTime = todatetime('{{StartTimeUTC}}');\nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string) { \n OfficeActivity \n | extend splitUserId=split(UserId, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix }; \nuserData('CTFFUser4', 'seccxp.ninja')\n", + "chartQuery": { + "type": "LineChart", + "dataSets": [ + { + "legendColumnName": "Operation", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project Operation, TimeGenerated, count_\n| mvexpand TimeGenerated, count_ | project todatetime(TimeGenerated), toint(count_), Operation\n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_" + } + ], + "title": "Anomalous operation timeline" + }, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "defaultTimeRange": { + "afterRange": "0d", + "beforeRange": "1d" + }, + "displayName": "Anomalously high office operation count", + "entitiesFilter": {}, + "inputEntityType": "Account", + "referenceTimeRange": { + "beforeRange": "12d" + }, + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ] + ], + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Operation", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where Operation == ''\n", + "projectedName": "Operation" + } + ], + "project": "project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "summarize": "take 1" + } + ] + } + } + }, + { + "name": "e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "type": "Microsoft.SecurityInsights/entities/queries", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "kind": "Insight", + "properties": { + "description": "Provides the count and distinct resource accesses by a given user account\n", + "additionalQuery": { + "query": "where Operation in~ (Operations)", + "text": "See all resource activity" + }, + "baseQuery": "let Operations = dynamic([\"FileDownloaded\", \"FileUploaded\"]);\nlet UserOperationToSharePoint = (v_Account_Name:string, v_Account_UPNSuffix:string) {\nOfficeActivity\n// Select sharepoint activity that is relevant\n| where RecordType in~ ('SharePointFileOperation')\n| where Operation in~ (Operations)\n| extend Account_Name = tostring(split(UserId, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserId, '@')[1])\n| where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix\n| project TimeGenerated, Account_Name, Account_UPNSuffix, UserId, OfficeId, RecordType, Operation, OrganizationId, UserType, UserKey, OfficeWorkload, OfficeObjectId, ClientIP, ItemType, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension , Start_Time , ElevationTime , TenantId, SourceSystem , Type\n};\nUserOperationToSharePoint ('CTFFUser4','seccxp.ninja')\n", + "chartQuery": { + "type": "LineChart", + "dataSets": [ + { + "legendColumnName": "Legend", + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileUploaded'), TotalResources = countif(Operation =~ 'FileUploaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Uploads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources" + }, + { + "legendColumnName": "Legend", + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileDownloaded'), TotalResources = countif(Operation =~ 'FileDownloaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Downloads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources" + } + ], + "title": "Resource access over time" + }, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "defaultTimeRange": { + "afterRange": "12h", + "beforeRange": "12h" + }, + "displayName": "Resource access", + "entitiesFilter": {}, + "inputEntityType": "Account", + "referenceTimeRange": null, + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Resource Type", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Distinct Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "Total Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "IPAddress(es)", + "outputType": "String", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "where Operation =~ 'FileUploaded'", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "DistinctResources" + }, + { + "Query": "{{BaseQuery}} | ", + "projectedName": "TotalResources" + } + ], + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation" + }, + { + "filter": "where Operation =~ 'FileDownloaded'", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "DistinctResources" + }, + { + "Query": "{{BaseQuery}} | ", + "projectedName": "TotalResources" + } + ], + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation" + } + ] + } + } + }, + { + "name": "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "type": "Microsoft.SecurityInsights/entities/queries", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "kind": "Insight", + "properties": { + "description": "Highlight Azure sign-in results by the user principal with anomalously high count compared to those observed in the preceding 14 days.", + "additionalQuery": { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n", + "text": "Query all anomalous sign-in results" + }, + "baseQuery": "let AScoreThresh=3; \nlet maxAnomalies=3; \nlet BeforeRange = 12d; \nlet EndTime=todatetime('{{EndTimeUTC}}');\nlet StartTime = todatetime('{{StartTimeUTC}}'); \nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string) { \n SigninLogs \n | where TimeGenerated between ((StartTime-BeforeRange) .. EndTime)\n | extend splitUserId=split(UserPrincipalName, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where (Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix) or UserId =~ v_Account_AADUserId };\nuserData('CTFFUser4', 'seccxp.ninja', '')\n", + "chartQuery": { + "type": "LineChart", + "dataSets": [ + { + "legendColumnName": "ResultDescription", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project ResultDescription, TimeGenerated, count_ \n| mvexpand TimeGenerated, count_ \n| project todatetime(TimeGenerated), toint(count_), ResultDescription \n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_" + } + ], + "title": "Anomalous sign-in result timeline" + }, + "dataTypes": [ + { + "dataType": "SigninLogs" + } + ], + "defaultTimeRange": { + "afterRange": "0d", + "beforeRange": "1d" + }, + "displayName": "Anomalously high Azure sign-in result count", + "entitiesFilter": {}, + "inputEntityType": "Account", + "referenceTimeRange": { + "beforeRange": "12d" + }, + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Result Description", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where ResultDescription == ''\n", + "projectedName": "ResultDescription" + } + ], + "project": "project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "summarize": "take 1" + } + ] + } + } + } + ] + } + } + }, + "operationId": "Entities_Queries", + "title": "Get Entity Query" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryKeyEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryKeyEntityById.json new file mode 100644 index 000000000000..97b0af202cc2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryKeyEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "RegistryKey", + "properties": { + "friendlyName": "SOFTWARE", + "hive": "HKEY_LOCAL_MACHINE", + "key": "SOFTWARE" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a registry key entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryValueEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryValueEntityById.json new file mode 100644 index 000000000000..1ea4061210fb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryValueEntityById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "dc44bd11-b348-4d76-ad29-37bf7aa41356", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "dc44bd11-b348-4d76-ad29-37bf7aa41356", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/dc44bd11-b348-4d76-ad29-37bf7aa41356", + "kind": "RegistryValue", + "properties": { + "friendlyName": "Data", + "keyEntityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "valueData": "Data", + "valueName": "Name", + "valueType": "String" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a registry value entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityAlertEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityAlertEntityById.json new file mode 100644 index 000000000000..ec2ef6b36d2f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityAlertEntityById.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "kind": "SecurityAlert", + "properties": { + "description": "", + "additionalData": { + "Query": "Heartbeat \n| extend AccountCustomEntity = \"administrator\"", + "Query Period": "05:00:00", + "Search Query Results Overall Count": "203", + "Total Account Entities": "1", + "Trigger Operator": "GreaterThan", + "Trigger Threshold": "200" + }, + "alertDisplayName": "Suspicious account detected", + "alertLink": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518119885989999999_4aa486e0-6f85-41af-99ea-7acdce7be6c8/subscriptionId/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/myRg/myWorkspace/referencedFrom/alertDeepLink/location/centralus", + "alertType": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b_46c7b6c0-ff43-44dd-8b4d-ceffff7aa7df", + "confidenceLevel": "Unknown", + "endTimeUtc": "2021-09-01T13:21:45.926185Z", + "friendlyName": "Suspicious account detected", + "intent": "Unknown", + "processingEndTime": "2019-07-06T13:56:53.5392366Z", + "productComponentName": "Scheduled Alerts", + "productName": "Azure Sentinel", + "providerAlertId": "c2bafff9-fb31-41d0-a177-ecbff7a02ffe", + "severity": "Medium", + "startTimeUtc": "2021-09-01T08:21:45.926185Z", + "status": "New", + "systemAlertId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "tactics": [ + "Persistence", + "LateralMovement" + ], + "timeGenerated": "2021-09-01T13:56:53.5392366Z", + "vendorName": "Microsoft" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a security alert entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityGroupEntityById.json new file mode 100644 index 000000000000..61c65e82fea6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityGroupEntityById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "SecurityGroup", + "properties": { + "distinguishedName": "Name", + "friendlyName": "Name", + "objectGuid": "fb1b8e04-d944-4986-b39a-1ce9adedcd98", + "sid": "Sid" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a security group entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSubmissionMailEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSubmissionMailEntityById.json new file mode 100644 index 000000000000..c75910cfe173 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSubmissionMailEntityById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "SubmissionMail", + "properties": { + "friendlyName": "recipient", + "recipient": "recipient", + "reportType": "report type", + "sender": "sender", + "senderIp": "1.4.35.34", + "subject": "subject", + "submissionId": "5bb3d8fe-54bc-499c-bc21-86fe8df2a184", + "submitter": "submitter" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a submissionMail entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetUrlEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetUrlEntityById.json new file mode 100644 index 000000000000..288ccdadd996 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetUrlEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Url", + "properties": { + "friendlyName": "https://bing.com", + "url": "https://bing.com" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a url entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/expand/PostExpandEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/expand/PostExpandEntity.json new file mode 100644 index 000000000000..50ba865db62f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/expand/PostExpandEntity.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "endTime": "2019-05-26T00:00:00.000Z", + "expansionId": "a77992f3-25e9-4d01-99a4-5ff606cc410a", + "startTime": "2019-04-25T00:00:00.000Z" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "metaData": { + "aggregations": [ + { + "count": 1, + "entityKind": "Account" + } + ] + }, + "value": { + "edges": [ + { + "additionalData": { + "EpochTimestamp": "1608289949", + "FirstSeen": "2021-09-01T11:12:29.597Z", + "Source": "Heartbeat" + }, + "targetEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/c1d60d86-5988-11eb-ae93-0242ac130002" + } + ], + "entities": [ + { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Ip", + "properties": { + "address": "13.89.108.248", + "friendlyName": "13.89.108.248" + } + } + ] + } + } + } + }, + "operationId": "Entities_Expand", + "title": "Expand an entity" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/insights/PostGetInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/insights/PostGetInsights.json new file mode 100644 index 000000000000..2d1b6d865efb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/insights/PostGetInsights.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "addDefaultExtendedTimeRange": false, + "endTime": "2021-10-01T00:00:00.000Z", + "insightQueryIds": [ + "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4" + ], + "startTime": "2021-09-01T00:00:00.000Z" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "metaData": { + "errors": [ + { + "errorMessage": "Internal server error", + "kind": "Insight", + "queryId": "4a70a63d-25c4-6312-b73e-4f302a90c06a" + } + ], + "totalCount": 7 + }, + "value": [ + { + "chartQueryResults": [ + { + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime" + }, + { + "name": "Count", + "type": "long" + }, + { + "name": "Legend", + "type": "string" + } + ], + "rows": [ + [ + "2021-09-01T00:00:00.000Z", + "55", + "SomeLegend" + ] + ] + } + ], + "queryId": "e29ee1ef-7445-455e-85f1-269f2d536d61", + "queryTimeInterval": { + "endTime": "2021-09-01T23:35:20Z", + "startTime": "2021-09-01T23:35:20Z" + }, + "tableQueryResults": { + "columns": [ + { + "name": "Title", + "type": "string" + }, + { + "name": "NameCount", + "type": "long" + }, + { + "name": "SIDCount", + "type": "long" + }, + { + "name": "InternalOrder", + "type": "long" + }, + { + "name": "Index", + "type": "long" + } + ], + "rows": [ + [ + "MyTitle", + "15", + "SID", + "1", + "1" + ] + ] + } + } + ] + } + } + }, + "operationId": "Entities_GetInsights", + "title": "Entity Insight" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetAllEntityRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetAllEntityRelations.json new file mode 100644 index 000000000000..4dc687cc4828 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetAllEntityRelations.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + }, + "operationId": "EntitiesRelations_List", + "title": "Get all relations of an entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetEntityRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetEntityRelationByName.json new file mode 100644 index 000000000000..277ac631aead --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetEntityRelationByName.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + }, + "operationId": "EntityRelations_GetRelation", + "title": "Get an entity relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/timeline/PostTimelineEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/timeline/PostTimelineEntity.json new file mode 100644 index 000000000000..4c55d6896157 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/timeline/PostTimelineEntity.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "endTime": "2021-10-01T00:00:00.000Z", + "numberOfBucket": 4, + "startTime": "2021-09-01T00:00:00.000Z" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "metaData": { + "aggregations": [ + { + "count": 4, + "kind": "Activity" + }, + { + "count": 2, + "kind": "SecurityAlert" + }, + { + "count": 1, + "kind": "Anomaly" + } + ], + "errors": [ + { + "errorMessage": "syntax error", + "kind": "Activity", + "queryId": "11067f9f-d6a7-4488-887f-0ba564268879" + }, + { + "errorMessage": "internal server error", + "kind": "SecurityAlert" + } + ], + "totalCount": 6 + }, + "value": [ + { + "description": "The alert description", + "Intent": "Discovery", + "alertType": "4467341f-fb73-4f99-a9b3-29473532cf5a_c93bf33e-055e-4972-9e7d-f84fe3fb61ae", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_bf7c3a2f-b743-6410-3ff0-ec64b5995d50", + "displayName": "Alert display name", + "endTimeUtc": "2021-09-01T23:31:28.02Z", + "kind": "SecurityAlert", + "productName": "Azure Sentinel", + "severity": "Medium", + "startTimeUtc": "2021-09-01T23:32:28.01Z", + "timeGenerated": "2021-09-01T23:37:25.8136594Z" + }, + { + "bucketEndTimeUTC": "2021-09-01T23:31:28.02Z", + "bucketStartTimeUTC": "2021-09-01T21:31:28.02Z", + "content": "he user has deleted the account 3 time(s)", + "firstActivityTimeUTC": "2021-09-01T21:35:28.02Z", + "kind": "Activity", + "lastActivityTimeUTC": "2021-09-01T21:35:28.02Z", + "queryId": "e0459780-ac9d-4b72-8bd4-fecf6b46a0a1", + "title": "The user has deleted an account" + }, + { + "description": "Anomalous private to public port scanning activity with high destination port count along with low port ratio. The ratios are normalized by multiplying them by 10,000 to get them to a more usable value between 0.0 and 1.0.", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_d56430ef-f421-2c9c-0b7d-d082285843c6", + "displayName": "(Preview) Anomalous scanning activity", + "endTimeUtc": "2021-09-01T23:31:28.02Z", + "intent": "Discovery", + "kind": "Anomaly", + "productName": "Azure Sentinel", + "reasons": [ + "High destination port count", + "Low port ratio" + ], + "startTimeUtc": "2021-09-01T23:32:28.01Z", + "techniques": [ + "T1046" + ], + "timeGenerated": "2021-09-01T23:37:25.8136594Z", + "vendor": "Microsoft" + } + ] + } + } + }, + "operationId": "EntitiesGetTimeline_list", + "title": "Entity timeline" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/CreateEntityQueryActivity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/CreateEntityQueryActivity.json new file mode 100644 index 000000000000..771abd7b056a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/CreateEntityQueryActivity.json @@ -0,0 +1,135 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityQuery": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "enabled": true, + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "templateName": null, + "title": "An account was deleted on this host" + } + }, + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "enabled": true, + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "templateName": null, + "title": "An account was deleted on this host" + } + } + }, + "201": { + "body": { + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "enabled": true, + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "templateName": null, + "title": "An account was deleted on this host" + } + } + } + }, + "operationId": "EntityQueries_CreateOrUpdate", + "title": "Creates or updates an Activity entity query." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/DeleteEntityQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/DeleteEntityQuery.json new file mode 100644 index 000000000000..097ca34b93ec --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/DeleteEntityQuery.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "EntityQueries_Delete", + "title": "Delete an entity query." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetActivityEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetActivityEntityQueryById.json new file mode 100644 index 000000000000..88a6d5caa8fc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetActivityEntityQueryById.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "enabled": true, + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "templateName": null, + "title": "An account was deleted on this host" + } + } + } + }, + "operationId": "EntityQueries_Get", + "title": "Get an Activity entity query." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetEntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetEntityQueries.json new file mode 100644 index 000000000000..ffc121f91ef7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetEntityQueries.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "kind": "Expansion", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "kind": "Expansion", + "properties": { + "dataSources": [ + "AzureActivity" + ], + "displayName": "Least active accounts on Azure from this IP", + "inputEntityType": "IP", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count asc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')" + } + }, + { + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91", + "kind": "Expansion", + "properties": { + "dataSources": [ + "AzureActivity" + ], + "displayName": "Most active accounts on Azure from this IP", + "inputEntityType": "IP", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count desc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')" + } + } + ] + } + } + }, + "operationId": "EntityQueries_List", + "title": "Get all entity queries." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetExpansionEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetExpansionEntityQueryById.json new file mode 100644 index 000000000000..b30861c2762b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetExpansionEntityQueryById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "kind": "Expansion", + "properties": { + "dataSources": [ + "SecurityEvent" + ], + "displayName": "Parent processes running on host", + "inputEntityType": "Host", + "inputFields": [ + "hostName" + ], + "outputEntityTypes": [ + "Process" + ], + "queryTemplate": "let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n SecurityEvent \r\n | where EventID == 4688 \r\n | where isnotempty(ParentProcessName)\r\n | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n | top 10 by min_TimeGenerated asc};\r\n GetParentProcessesOnHost(toupper(''))" + } + } + } + }, + "operationId": "EntityQueries_Get", + "title": "Get an Expansion entity query." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetActivityEntityQueryTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetActivityEntityQueryTemplateById.json new file mode 100644 index 000000000000..8a4bc8db0d4d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetActivityEntityQueryTemplateById.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityQueryTemplateId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueryTemplate", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "title": "An account was deleted on this host" + } + } + } + }, + "operationId": "EntityQueryTemplates_Get", + "title": "Get an Activity entity query template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetEntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetEntityQueryTemplates.json new file mode 100644 index 000000000000..5bafe95375bc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetEntityQueryTemplates.json @@ -0,0 +1,107 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "kind": "Activity", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueryTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "title": "An account was deleted on this host" + } + }, + { + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueryTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/97a1d515-abf2-4231-9a35-985f9de0bb91", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "title": "An account was deleted on this host" + } + } + ] + } + } + }, + "operationId": "EntityQueryTemplates_List", + "title": "Get all entity query templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/CreateFileImport.json new file mode 100644 index 000000000000..49535a9726c9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/CreateFileImport.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "fileImport": { + "properties": { + "contentType": "StixIndicator", + "importFile": { + "fileFormat": "JSON", + "fileName": "myFile.json", + "fileSize": 4653 + }, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource" + } + }, + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "contentType": "StixIndicator", + "createdTimeUTC": "2022-04-04T20:05:59.847136Z", + "filesValidUntilTimeUTC": "2022-04-05T20:05:59.8471361Z", + "importFile": { + "deleteStatus": "NotDeleted", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/fileName.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "fileFormat": "JSON", + "fileName": "myFile.json", + "fileSize": 4653 + }, + "importValidUntilTimeUTC": "2022-05-04T20:05:59.8471366Z", + "ingestedRecordCount": null, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource", + "state": "WaitingForUpload", + "totalRecordCount": null, + "validRecordCount": null + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "contentType": "StixIndicator", + "createdTimeUTC": "2022-04-04T20:05:59.847136Z", + "filesValidUntilTimeUTC": "2022-04-05T20:05:59.8471361Z", + "importFile": { + "deleteStatus": "NotDeleted", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/fileName.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "fileFormat": "JSON", + "fileName": "myFile.json", + "fileSize": 4653 + }, + "importValidUntilTimeUTC": "2022-05-04T20:05:59.8471366Z", + "ingestedRecordCount": null, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource", + "state": "WaitingForUpload", + "totalRecordCount": null, + "validRecordCount": null + } + } + } + }, + "operationId": "FileImports_Create", + "title": "Create a file import." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/DeleteFileImport.json new file mode 100644 index 000000000000..cc102b63196f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/DeleteFileImport.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "202": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "contentType": "StixIndicator", + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importFile": { + "deleteStatus": "NotDeleted", + "fileContentUri": null, + "fileFormat": "JSON", + "fileName": "myFile.json", + "fileSize": 5146 + }, + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "ingestedRecordCount": 5, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource", + "state": "Ingested", + "totalRecordCount": 5, + "validRecordCount": 5 + } + }, + "headers": { + "location": "https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5" + } + }, + "204": {} + }, + "operationId": "FileImports_Delete", + "title": "Delete a file import." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImportById.json new file mode 100644 index 000000000000..f0f0e736620f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImportById.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "contentType": "StixIndicator", + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importFile": { + "deleteStatus": "NotDeleted", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/myFile.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "fileFormat": "JSON", + "fileName": "myFile.json", + "fileSize": 5146 + }, + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "ingestedRecordCount": 5, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource", + "state": "Ingested", + "totalRecordCount": 5, + "validRecordCount": 5 + } + } + } + }, + "operationId": "FileImports_Get", + "title": "Get a file import." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImports.json new file mode 100644 index 000000000000..134a41293012 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImports.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "$orderby": "properties/createdTimeUtc desc", + "$top": 1, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "contentType": "StixIndicator", + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importFile": { + "deleteStatus": "NotDeleted", + "fileContentUri": null, + "fileFormat": "JSON", + "fileName": "fileName.json", + "fileSize": 5146 + }, + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "ingestedRecordCount": 5, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource", + "state": "Ingested", + "totalRecordCount": 5, + "validRecordCount": 5 + } + } + ] + } + } + }, + "operationId": "FileImports_List", + "title": "Get all file imports." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHunt.json new file mode 100644 index 000000000000..6e083f526fd7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHunt.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "hunt": { + "properties": { + "description": "Log4J Hunt Description", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "displayName": "Log4J new hunt", + "hypothesisStatus": "Unknown", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123" + }, + "status": "New" + } + }, + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "type": "Microsoft.SecurityInsights/hunts", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "properties": { + "description": "Log4J Hunt Description", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "displayName": "Log4J new hunt", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "hypothesisStatus": "Unknown", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "assignedTo": null, + "email": "testemail@microsoft.com", + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "ownerType": "User", + "userPrincipalName": "John Doe" + }, + "status": "New" + } + } + }, + "201": { + "body": { + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "type": "Microsoft.SecurityInsights/hunts", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "properties": { + "description": "Log4J Hunt Description", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "displayName": "Log4J new hunt", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "huntSequenceNumber": 0, + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "hypothesisStatus": "Unknown", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "assignedTo": null, + "email": "testemail@microsoft.com", + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "ownerType": "User", + "userPrincipalName": "John Doe" + }, + "status": "New" + } + } + } + }, + "operationId": "Hunts_CreateOrUpdate", + "title": "Creates or updates a hunt." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntComment.json new file mode 100644 index 000000000000..eed52869f4a0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntComment.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntComment": { + "properties": { + "message": "This is a test comment." + } + }, + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "type": "Microsoft.SecurityInsights/hunts/comments", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "properties": { + "message": "This is a test comment." + }, + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + } + } + }, + "201": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "type": "Microsoft.SecurityInsights/hunts/comments", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "properties": { + "message": "This is a test comment." + }, + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "HuntComments_CreateOrUpdate", + "title": "Creates or updates a hunt comment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntRelation.json new file mode 100644 index 000000000000..fb92cd36d507 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntRelation.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelation": { + "properties": { + "labels": [ + "Test Label" + ], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + }, + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "type": "Microsoft.SecurityInsights/hunts/relations", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "properties": { + "labels": [ + "Test Label" + ], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks" + } + } + }, + "201": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "type": "Microsoft.SecurityInsights/hunts/relations", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "properties": { + "labels": [ + "Test Label" + ], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks" + } + } + } + }, + "operationId": "HuntRelations_CreateOrUpdate", + "title": "Creates or updates a hunt relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHunt.json new file mode 100644 index 000000000000..2567eb7cae0e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHunt.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Hunts_Delete", + "title": "Delete a hunt." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntComment.json new file mode 100644 index 000000000000..a8fc45ed9073 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntComment.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "HuntComments_Delete", + "title": "Delete a hunt comment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntRelation.json new file mode 100644 index 000000000000..90c13f3a0f0c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntRelation.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "HuntRelations_Delete", + "title": "Delete a hunt relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntById.json new file mode 100644 index 000000000000..648d0c797dd3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "type": "Microsoft.SecurityInsights/hunts", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "properties": { + "description": "Log4J Hunt Description", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "displayName": "Log4J new hunt ", + "hypothesisStatus": "Unknown", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "assignedTo": null, + "email": "testemail@microsoft.com", + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "ownerType": "User", + "userPrincipalName": "John Doe" + }, + "status": "New" + } + } + } + }, + "operationId": "Hunts_Get", + "title": "Get a hunt." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntCommentById.json new file mode 100644 index 000000000000..827bbe4722da --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntCommentById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "type": "Microsoft.SecurityInsights/hunts/comments", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "properties": { + "message": "This is a comment." + }, + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "HuntComments_Get", + "title": "Get a hunt comment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntComments.json new file mode 100644 index 000000000000..a21748e1174b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntComments.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "type": "Microsoft.SecurityInsights/hunts/comments", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "properties": { + "message": "This is a test comment." + } + } + ] + } + } + }, + "operationId": "HuntComments_List", + "title": "Get all hunt comments." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelationById.json new file mode 100644 index 000000000000..c5ac24495f27 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelationById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "type": "Microsoft.SecurityInsights/hunts/relations", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "properties": { + "labels": [ + "label1" + ], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks" + } + } + } + }, + "operationId": "HuntRelations_Get", + "title": "Get a hunt relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelations.json new file mode 100644 index 000000000000..fa3becf05462 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelations.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "type": "Microsoft.SecurityInsights/hunts/relations", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "properties": { + "labels": [ + "label1" + ], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks" + } + } + ] + } + } + }, + "operationId": "HuntRelations_List", + "title": "Get all hunt relations." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHunts.json new file mode 100644 index 000000000000..e9aee2f1db91 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHunts.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "b372ee75-2cad-4b71-8917-d5d5df9315b5", + "type": "Microsoft.SecurityInsights/hunts", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/b372ee75-2cad-4b71-8917-d5d5df9315b5", + "properties": { + "description": "Log4J Hunt Description", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "displayName": "Log4J new hunt", + "hypothesisStatus": "Unknown", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "assignedTo": null, + "email": "testemail@microsoft.com", + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "ownerType": "User", + "userPrincipalName": "John Doe" + }, + "status": "New" + } + } + ] + } + } + }, + "operationId": "Hunts_List", + "title": "Get all hunts." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentAlerts/Incidents_ListAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentAlerts/Incidents_ListAlerts.json new file mode 100644 index 000000000000..4e084ad486c0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentAlerts/Incidents_ListAlerts.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "type": "Microsoft.SecurityInsights/Entities", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "kind": "SecurityAlert", + "properties": { + "additionalData": { + "alertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" + }, + "alertDisplayName": "myAlert", + "alertType": "myAlert", + "confidenceLevel": "Unknown", + "endTimeUtc": "2020-07-20T18:21:53.615Z", + "friendlyName": "myAlert", + "processingEndTime": "2020-07-20T18:21:53.615Z", + "productName": "Azure Security Center", + "resourceIdentifiers": [ + { + "type": "LogAnalytics", + "resourceGroup": "myRG", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b" + } + ], + "severity": "Low", + "startTimeUtc": "2020-07-20T18:21:53.615Z", + "status": "New", + "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "tactics": [], + "timeGenerated": "2020-07-20T18:21:53.615Z", + "vendorName": "Microsoft" + } + } + ] + } + } + }, + "operationId": "Incidents_ListAlerts", + "title": "Incidents_ListAlerts" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentBookmarks/Incidents_ListBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentBookmarks/Incidents_ListBookmarks.json new file mode 100644 index 000000000000..4174fe0e2fb4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentBookmarks/Incidents_ListBookmarks.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", + "kind": "Bookmark", + "properties": { + "additionalData": { + "eTag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "created": "2020-06-17T15:34:01.426+00:00", + "createdBy": { + "name": "user", + "email": "user@contoso.com", + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd" + }, + "displayName": "SecurityEvent - 868f40f4698d", + "eventTime": "2020-06-17T15:34:01.426+00:00", + "friendlyName": "SecurityEvent - 868f40f4698d", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "updated": "2020-06-17T15:34:01.426+00:00", + "updatedBy": { + "name": "user", + "email": "user@contoso.com", + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd" + } + } + } + ] + } + } + }, + "operationId": "Incidents_ListBookmarks", + "title": "Incidents_ListBookmarks" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json new file mode 100644 index 000000000000..4489d56a1b5a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentComment": { + "properties": { + "message": "Some message" + } + }, + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "author": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T13:15:30Z", + "message": "Some message" + } + } + }, + "201": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "author": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T13:15:30Z", + "message": "Some message" + } + } + } + }, + "operationId": "IncidentComments_CreateOrUpdate", + "title": "IncidentComments_CreateOrUpdate" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Delete.json new file mode 100644 index 000000000000..43916a3ca5b2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Delete.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "IncidentComments_Delete", + "title": "IncidentComments_Delete" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Get.json new file mode 100644 index 000000000000..f03d0025da19 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Get.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "author": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "message": "Some message" + } + } + } + }, + "operationId": "IncidentComments_Get", + "title": "IncidentComments_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_List.json new file mode 100644 index 000000000000..cbd1f139b004 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_List.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "author": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "message": "Some message" + } + } + ] + } + } + }, + "operationId": "IncidentComments_List", + "title": "IncidentComments_List" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentEntities/Incidents_ListEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentEntities/Incidents_ListEntities.json new file mode 100644 index 000000000000..285ef6bd77d7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentEntities/Incidents_ListEntities.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "entities": [ + { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/Entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Account", + "properties": { + "accountName": "administrator", + "friendlyName": "administrator", + "ntDomain": "domain" + } + } + ], + "metaData": [ + { + "count": 1, + "entityKind": "Account" + } + ] + } + } + }, + "operationId": "Incidents_ListEntities", + "title": "Incidents_ListEntities" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json new file mode 100644 index 000000000000..fc2e97491beb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTask": { + "properties": { + "description": "Task description", + "status": "New", + "title": "Task title" + } + }, + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "description": "Task description", + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "status": "New", + "title": "Task title" + } + } + }, + "201": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "description": "Task description", + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "status": "New", + "title": "Task title" + } + } + } + }, + "operationId": "IncidentTasks_CreateOrUpdate", + "title": "IncidentTasks_CreateOrUpdate" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Delete.json new file mode 100644 index 000000000000..d03a76564479 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Delete.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "IncidentTasks_Delete", + "title": "IncidentTasks_Delete" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Get.json new file mode 100644 index 000000000000..67839638080e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Get.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "description": "Task description", + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "status": "New", + "title": "Task title" + } + } + } + }, + "operationId": "IncidentTasks_Get", + "title": "IncidentTasks_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_List.json new file mode 100644 index 000000000000..cf70ef063fa2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_List.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "description": "Task description", + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "status": "New", + "title": "Task title" + } + } + ] + } + } + }, + "operationId": "IncidentTasks_List", + "title": "IncidentTasks_List" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_CreateOrUpdate.json new file mode 100644 index 000000000000..9feb5c4b6ce0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_CreateOrUpdate.json @@ -0,0 +1,138 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incident": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "description": "This is a demo incident", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "owner": { + "assignedTo": null, + "email": null, + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "ownerType": null, + "userPrincipalName": null + }, + "severity": "High", + "status": "Closed", + "title": "My incident" + } + }, + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "description": "This is a demo incident", + "additionalData": { + "alertProductNames": [], + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ] + }, + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "incidentNumber": 3177, + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "labels": [], + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "owner": { + "assignedTo": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "ownerType": "User", + "userPrincipalName": "john@contoso.com" + }, + "providerIncidentId": "3177", + "providerName": "Azure Sentinel", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "severity": "High", + "status": "Closed", + "title": "My incident" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "description": "This is a demo incident", + "additionalData": { + "alertProductNames": [], + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ] + }, + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "incidentNumber": 3177, + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "labels": [], + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "owner": { + "assignedTo": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "ownerType": "User", + "userPrincipalName": "john@contoso.com" + }, + "providerIncidentId": "3177", + "providerName": "Azure Sentinel", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "severity": "High", + "status": "Closed", + "title": "My incident" + } + } + } + }, + "operationId": "Incidents_CreateOrUpdate", + "title": "Incidents_CreateOrUpdate" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Delete.json new file mode 100644 index 000000000000..c0c098b6528f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Delete.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Incidents_Delete", + "title": "Incidents_Delete" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Get.json new file mode 100644 index 000000000000..eb8fb21cbb30 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Get.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "description": "This is a demo incident", + "additionalData": { + "alertProductNames": [], + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ] + }, + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "incidentNumber": 3177, + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "labels": [], + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "owner": { + "assignedTo": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "ownerType": "User", + "userPrincipalName": "john@contoso.com" + }, + "providerIncidentId": "3177", + "providerName": "Azure Sentinel", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "severity": "High", + "status": "Closed", + "title": "My incident" + } + } + } + }, + "operationId": "Incidents_Get", + "title": "Incidents_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_List.json new file mode 100644 index 000000000000..a030f71b61d2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_List.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "$orderby": "properties/createdTimeUtc desc", + "$top": 1, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "description": "This is a demo incident", + "additionalData": { + "alertProductNames": [], + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ] + }, + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "incidentNumber": 3177, + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "labels": [], + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "owner": { + "assignedTo": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "ownerType": "User", + "userPrincipalName": "john@contoso.com" + }, + "providerIncidentId": "3177", + "providerName": "Azure Sentinel", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "severity": "High", + "status": "Closed", + "title": "My incident" + } + } + ] + } + } + }, + "operationId": "Incidents_List", + "title": "Incidents_List" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/CreateIncidentRelation.json new file mode 100644 index 000000000000..bd8aa5e22d0a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/CreateIncidentRelation.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + }, + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + }, + "201": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + }, + "operationId": "IncidentRelations_CreateOrUpdate", + "title": "Creates or updates a relation for a given incident." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/DeleteIncidentRelation.json new file mode 100644 index 000000000000..ee1162ee4af1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/DeleteIncidentRelation.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "IncidentRelations_Delete", + "title": "Delete the incident relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetAllIncidentRelations.json new file mode 100644 index 000000000000..a4c096aae44b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetAllIncidentRelations.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + }, + { + "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceKind": "SecurityAlert", + "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceType": "Microsoft.SecurityInsights/entities" + } + } + ] + } + } + }, + "operationId": "IncidentRelations_List", + "title": "Get all incident relations." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetIncidentRelationByName.json new file mode 100644 index 000000000000..965f54d79df4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetIncidentRelationByName.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + }, + "operationId": "IncidentRelations_Get", + "title": "Get an incident relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Entities_RunPlaybook.json new file mode 100644 index 000000000000..605fa10c8ce9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Entities_RunPlaybook.json @@ -0,0 +1,19 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityIdentifier": "72e01a22-5cd2-4139-a149-9f2736ff2ar2", + "manualTriggerRequestBody": { + "incidentArmId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "204": {} + }, + "operationId": "Entities_RunPlaybook", + "title": "Entities_RunPlaybook" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Incidents_RunPlaybook.json new file mode 100644 index 000000000000..c1067705d428 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Incidents_RunPlaybook.json @@ -0,0 +1,20 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentIdentifier": "73e01a99-5cd7-4139-a149-9f2736ff2ar4", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "204": { + "body": {} + } + }, + "operationId": "Incidents_RunPlaybook", + "title": "Incidents_RunPlaybook" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/DeleteMetadata.json new file mode 100644 index 000000000000..134825dedea2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/DeleteMetadata.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "metadataName": "metadataName", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Metadata_Delete", + "title": "Delete metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadata.json new file mode 100644 index 000000000000..a64076781215 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadata.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "version": "1.0.0.0" + } + }, + { + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "version": "1.0.0.0" + } + }, + { + "name": "metadataName3", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName3", + "properties": { + "contentId": "f593501d-ec01-4057-8146-a1de35c461ef", + "kind": "Workbook", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/workbookName", + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "version": "1.0.0.0" + } + } + ] + } + } + }, + "operationId": "Metadata_List", + "title": "Get all metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadataOData.json new file mode 100644 index 000000000000..a03824d80dac --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadataOData.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "ODataFilter": "properties/kind eq 'AnalyticsRule'", + "ODataOrderBy": "properties/parentId desc", + "ODataSkip": "2", + "ODataTop": "2", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName1", + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "version": "1.0.0.0" + } + }, + { + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "version": "1.0.0.0" + } + } + ] + } + } + }, + "operationId": "Metadata_List", + "title": "Get all metadata with OData filter/orderby/skip/top" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetMetadata.json new file mode 100644 index 000000000000..2fffd8881f8f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetMetadata.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "metadataName": "metadataName", + "resourceGroupName": "myRg", + "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "dependencies": { + "criteria": [ + { + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ], + "operator": "OR" + }, + { + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "kind": "Playbook", + "version": "1.0" + }, + { + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b", + "kind": "Parser" + } + ], + "operator": "AND" + }, + "firstPublishDate": "2021-05-18", + "kind": "AnalyticsRule", + "lastPublishDate": "2021-05-18", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "providers": [ + "Amazon", + "Microsoft" + ], + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ], + "version": "1.0.0.0" + } + } + } + }, + "operationId": "Metadata_Get", + "title": "Get single metadata by name" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PatchMetadata.json new file mode 100644 index 000000000000..7afe099fca4f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PatchMetadata.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "metadataName": "metadataName", + "metadataPatch": { + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + } + }, + "operationId": "Metadata_Update", + "title": "Update metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadata.json new file mode 100644 index 000000000000..ed25f53edb7e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadata.json @@ -0,0 +1,288 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "metadata": { + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "dependencies": { + "criteria": [ + { + "criteria": [ + { + "name": "Microsoft Defender for Endpoint", + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ], + "operator": "OR" + }, + { + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "kind": "Playbook", + "version": "1.0" + }, + { + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b", + "kind": "Parser" + } + ], + "operator": "AND" + }, + "firstPublishDate": "2021-05-18", + "kind": "AnalyticsRule", + "lastPublishDate": "2021-05-18", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "providers": [ + "Amazon", + "Microsoft" + ], + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ], + "version": "1.0.0.0" + } + }, + "metadataName": "metadataName", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "dependencies": { + "criteria": [ + { + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ], + "operator": "OR" + }, + { + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "kind": "Playbook", + "version": "1.0" + }, + { + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b", + "kind": "Parser" + } + ], + "operator": "AND" + }, + "firstPublishDate": "2021-05-18", + "kind": "AnalyticsRule", + "lastPublishDate": "2021-05-18", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "providers": [ + "Amazon", + "Microsoft" + ], + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ], + "version": "1.0.0.0" + } + } + }, + "201": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "dependencies": { + "criteria": [ + { + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ], + "operator": "OR" + }, + { + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "kind": "Playbook", + "version": "1.0" + }, + { + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b", + "kind": "Parser" + } + ], + "operator": "AND" + }, + "firstPublishDate": "2021-05-18", + "kind": "AnalyticsRule", + "lastPublishDate": "2021-05-18", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "providers": [ + "Amazon", + "Microsoft" + ], + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ], + "version": "1.0.0.0" + } + } + } + }, + "operationId": "Metadata_Create", + "title": "Create/update full metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadataMinimal.json new file mode 100644 index 000000000000..5cf6cfa7b708 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadataMinimal.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + }, + "metadataName": "metadataName", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "201": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + } + }, + "operationId": "Metadata_Create", + "title": "Create/update minimal metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/DeleteOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/DeleteOfficeConsents.json new file mode 100644 index 000000000000..433c82f96995 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/DeleteOfficeConsents.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "OfficeConsents_Delete", + "title": "Delete an office consent." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsents.json new file mode 100644 index 000000000000..a0dde26a2d68 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsents.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "properties": { + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252" + } + } + ] + } + } + }, + "operationId": "OfficeConsents_List", + "title": "Get all office consents." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsentsById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsentsById.json new file mode 100644 index 000000000000..b3bbae88aa4f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsentsById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "properties": { + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252" + } + } + } + }, + "operationId": "OfficeConsents_Get", + "title": "Get an office consent." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/CreateSentinelOnboardingState.json new file mode 100644 index 000000000000..b7b98d55bbd6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/CreateSentinelOnboardingState.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "sentinelOnboardingStateName": "default", + "sentinelOnboardingStateParameter": { + "properties": { + "customerManagedKey": false + } + }, + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "properties": { + "customerManagedKey": false + } + } + }, + "201": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "properties": { + "customerManagedKey": false + } + } + } + }, + "operationId": "SentinelOnboardingStates_Create", + "title": "Create Sentinel onboarding state" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/DeleteSentinelOnboardingState.json new file mode 100644 index 000000000000..de2bdddfa3fd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/DeleteSentinelOnboardingState.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "sentinelOnboardingStateName": "default", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "SentinelOnboardingStates_Delete", + "title": "Delete Sentinel onboarding state" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetAllSentinelOnboardingStates.json new file mode 100644 index 000000000000..c80511e7bf8b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetAllSentinelOnboardingStates.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "properties": { + "customerManagedKey": false + } + } + ] + } + } + }, + "operationId": "SentinelOnboardingStates_List", + "title": "Get all Sentinel onboarding states" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetSentinelOnboardingState.json new file mode 100644 index 000000000000..9c0b1436c694 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetSentinelOnboardingState.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "sentinelOnboardingStateName": "default", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "properties": { + "customerManagedKey": false + } + } + } + }, + "operationId": "SentinelOnboardingStates_Get", + "title": "Get Sentinel onboarding state" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/operations/ListOperations.json new file mode 100644 index 000000000000..721daa53a65a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/operations/ListOperations.json @@ -0,0 +1,565 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "Microsoft.SecurityInsights/operations/read", + "display": { + "description": "Gets operations", + "operation": "Get Operations", + "provider": "Microsoft Security Insights", + "resource": "Operations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/read", + "display": { + "description": "Gets an automation rule", + "operation": "Get Automation Rules", + "provider": "Microsoft Security Insights", + "resource": "AutomationRules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/write", + "display": { + "description": "Updates an automation rule", + "operation": "Update Automation Rules", + "provider": "Microsoft Security Insights", + "resource": "AutomationRules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/delete", + "display": { + "description": "Deletes an automation rule", + "operation": "Delete Automation Rules", + "provider": "Microsoft Security Insights", + "resource": "AutomationRules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/read", + "display": { + "description": "Gets bookmarks", + "operation": "Get Bookmarks", + "provider": "Microsoft Security Insights", + "resource": "Bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/write", + "display": { + "description": "Updates bookmarks", + "operation": "Update Bookmarks", + "provider": "Microsoft Security Insights", + "resource": "Bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/delete", + "display": { + "description": "Deletes bookmarks", + "operation": "Delete Bookmarks", + "provider": "Microsoft Security Insights", + "resource": "Bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/expand/action", + "display": { + "description": "Gets related entities of an entity by a specific expansion", + "operation": "Expand on entity", + "provider": "Microsoft Security Insights", + "resource": "Bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/read", + "display": { + "description": "Gets a bookmark relation", + "operation": "Get Bookmark Relations", + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/write", + "display": { + "description": "Updates a bookmark relation", + "operation": "Update Bookmark Relations", + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/delete", + "display": { + "description": "Deletes a bookmark relation", + "operation": "Delete Bookmark Relations", + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/read", + "display": { + "description": "Gets the alert rules", + "operation": "Get Alert Rules", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/write", + "display": { + "description": "Updates alert rules", + "operation": "Update Alert Rules", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/delete", + "display": { + "description": "Deletes alert rules", + "operation": "Delete Alert Rules", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/read", + "display": { + "description": "Gets the response actions of an alert rule", + "operation": "Get Alert Rule Response Actions", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/write", + "display": { + "description": "Updates the response actions of an alert rule", + "operation": "Update Alert Rule Response Actions", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/delete", + "display": { + "description": "Deletes the response actions of an alert rule", + "operation": "Delete Alert Rule Response Actions", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/read", + "display": { + "description": "Gets the data connectors", + "operation": "Get Data Connectors", + "provider": "Microsoft Security Insights", + "resource": "DataConnectors" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/write", + "display": { + "description": "Updates a data connector", + "operation": "Update Data Connectors", + "provider": "Microsoft Security Insights", + "resource": "DataConnectors" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/delete", + "display": { + "description": "Deletes a data connector", + "operation": "Delete a Data Connector", + "provider": "Microsoft Security Insights", + "resource": "DataConnectors" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action", + "display": { + "description": "Check user authorization and license", + "operation": "Check user authorization and license", + "provider": "Microsoft Security Insights", + "resource": "DataConnectorsCheckRequirements" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/read", + "display": { + "description": "Gets an incident", + "operation": "Get Incidents", + "provider": "Microsoft Security Insights", + "resource": "Incidents" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/write", + "display": { + "description": "Updates an incident", + "operation": "Update Incidents", + "provider": "Microsoft Security Insights", + "resource": "Incidents" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/delete", + "display": { + "description": "Deletes an incident", + "operation": "Delete Incidents", + "provider": "Microsoft Security Insights", + "resource": "Incidents" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/read", + "display": { + "description": "Gets the incident comments", + "operation": "Get Incident Comments", + "provider": "Microsoft Security Insights", + "resource": "Incident Comments" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/write", + "display": { + "description": "Creates a comment on the incident", + "operation": "Create Incident Comments", + "provider": "Microsoft Security Insights", + "resource": "Incident Comments" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/delete", + "display": { + "description": "Deletes a comment on the incident", + "operation": "Delete Incident Comment", + "provider": "Microsoft Security Insights", + "resource": "Incident Comments" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/read", + "display": { + "description": "Gets a relation between the incident and related resources", + "operation": "Get Incident Relations", + "provider": "Microsoft Security Insights", + "resource": "Incident Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/write", + "display": { + "description": "Updates a relation between the incident and related resources", + "operation": "Update Incident Relations", + "provider": "Microsoft Security Insights", + "resource": "Incident Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/delete", + "display": { + "description": "Deletes a relation between the incident and related resources", + "operation": "Delete Incident Relations", + "provider": "Microsoft Security Insights", + "resource": "Incident Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/read", + "display": { + "description": "Gets Threat Intelligence", + "operation": "Get Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/write", + "display": { + "description": "Updates Threat Intelligence", + "operation": "Update Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/delete", + "display": { + "description": "Deletes Threat Intelligence", + "operation": "Delete Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/query/action", + "display": { + "description": "Query Threat Intelligence", + "operation": "Query Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/action", + "display": { + "description": "Collect Threat Intelligence Metrics", + "operation": "Collect Threat Intelligence Metrics", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkDelete/action", + "display": { + "description": "Bulk Delete Threat Intelligence", + "operation": "Bulk Delete Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkTag/action", + "display": { + "description": "Bulk Tags Threat Intelligence", + "operation": "Bulk Tags Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/write", + "display": { + "description": "Updates Threat Intelligence Indicators", + "operation": "Update Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/delete", + "display": { + "description": "Deletes Threat Intelligence Indicators", + "operation": "Delete Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/query/action", + "display": { + "description": "Query Threat Intelligence Indicators", + "operation": "Query Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action", + "display": { + "description": "Get Threat Intelligence Indicator Metrics", + "operation": "Get Threat Intelligence Indicator Metrics", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action", + "display": { + "description": "Bulk Delete Threat Intelligence Indicators", + "operation": "Bulk Delete Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action", + "display": { + "description": "Bulk Tags Threat Intelligence Indicators", + "operation": "Bulk Tags Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/read", + "display": { + "description": "Gets Threat Intelligence Indicators", + "operation": "Get Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/read", + "display": { + "description": "Collect Threat Intelligence Metrics", + "operation": "Collect Threat Intelligence Metrics", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/createIndicator/action", + "display": { + "description": "Create Threat Intelligence Indicator", + "operation": "Create Threat Intelligence Indicator", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action", + "display": { + "description": "Append tags to Threat Intelligence Indicator", + "operation": "Append tags to Threat Intelligence Indicator", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action", + "display": { + "description": "Replace Tags of Threat Intelligence Indicator", + "operation": "Replace Tags of Threat Intelligence Indicator", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/queryIndicators/action", + "display": { + "description": "Query Threat Intelligence Indicators", + "operation": "Query Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/read", + "display": { + "description": "Gets Watchlists", + "operation": "Get Watchlists", + "provider": "Microsoft Security Insights", + "resource": "Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/write", + "display": { + "description": "Create Watchlists", + "operation": "Create Watchlists", + "provider": "Microsoft Security Insights", + "resource": "Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/delete", + "display": { + "description": "Deletes Watchlists", + "operation": "Delete Watchlists", + "provider": "Microsoft Security Insights", + "resource": "Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/read", + "display": { + "description": "Gets an onboarding state", + "operation": "Get Onboarding States", + "provider": "Microsoft Security Insights", + "resource": "Onboarding States" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/write", + "display": { + "description": "Updates an onboarding state", + "operation": "Update Onboarding States", + "provider": "Microsoft Security Insights", + "resource": "Onboarding States" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/delete", + "display": { + "description": "Deletes an onboarding state", + "operation": "Delete Onboarding States", + "provider": "Microsoft Security Insights", + "resource": "Onboarding States" + }, + "origin": "user" + } + ] + } + } + }, + "operationId": "Operations_List", + "title": "Get all operations." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendation.json new file mode 100644 index 000000000000..70200a5df457 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendation.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "type": "Microsoft.SecurityInsights/Recommendations", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Recommendations/ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "properties": { + "description": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "creationTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastModifiedTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "recommendationTypeId": "Swagger_Example", + "resourceId": "someId", + "state": "CompletedBySystem", + "suggestions": [ + { + "description": "someText", + "action": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "suggestionTypeId": "ThreatIntelligence_Example_Suggestion_Example", + "title": "someText" + } + ], + "title": "someText" + } + } + } + }, + "operationId": "Get_SingleRecommendation", + "title": "Get a recommendation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendations.json new file mode 100644 index 000000000000..26a410cd266e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendations.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "type": "Microsoft.SecurityInsights/Recommendations", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Recommendations/ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "properties": { + "description": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "creationTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastModifiedTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "recommendationTypeId": "ThreatIntelligence_Example", + "resourceId": "someId", + "state": "CompletedBySystem", + "suggestions": [ + { + "description": "someText", + "action": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "suggestionTypeId": "ThreatIntelligence_Example_Suggestion_Example", + "title": "someText" + } + ], + "title": "someText" + } + } + ] + } + } + }, + "operationId": "GetRecommendations_List", + "title": "Get Recommendations list." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/PatchRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/PatchRecommendation.json new file mode 100644 index 000000000000..ebf478498d1d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/PatchRecommendation.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "recommendationPatch": { + "properties": { + "state": "Active" + } + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "type": "Microsoft.SecurityInsights/Recommendations", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Recommendations/ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "properties": { + "description": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "creationTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastModifiedTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "recommendationTypeId": "ThreatIntelligence_Example", + "resourceId": "someId", + "state": "CompletedByUser", + "suggestions": [ + { + "description": "someText", + "action": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "suggestionTypeId": "ThreatIntelligence_Example_Suggestion_Example", + "title": "someText" + } + ], + "title": "someText" + } + } + } + }, + "operationId": "Update_Recommendation", + "title": "Creates a recommendation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/ReevaluateRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/ReevaluateRecommendation.json new file mode 100644 index 000000000000..a26c0f89f46e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/ReevaluateRecommendation.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "type": "Microsoft.SecurityInsights/Recommendations", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Recommendations/ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "properties": { + "lastEvaluatedTimeUtc": "2023-10-10T03:09:03.4888396+00:00" + } + } + } + }, + "operationId": "Reevaluate_Recommendation", + "title": "Reevaluate a recommendation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/repositories/GetRepositories.json new file mode 100644 index 000000000000..b2c20119393a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/repositories/GetRepositories.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "repoType": "Github", + "repositoryAccess": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state" + } + } + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "branches": [ + "master", + "develop" + ], + "fullName": "reponame", + "installationId": 42424242, + "url": "https://api.github.com/repos/user/reponame" + } + ] + } + } + }, + "operationId": "SourceControl_listRepositories", + "title": "Get repository list." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..2d5b6cd7cb23 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,247 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "securityMLAnalyticsSetting": { + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "kind": "Anomaly", + "properties": { + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "prioritizeExcludeObservations": null, + "singleSelectObservations": [ + { + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "supportedValuesKql": null, + "value": [ + "Palo Alto Networks" + ], + "valuesKql": null + } + ], + "singleValueObservations": null, + "thresholdObservations": [ + { + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25" + }, + { + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3" + } + ] + }, + "displayName": "Login from unusual region", + "enabled": true, + "frequency": "PT1H", + "isDefaultSettings": true, + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + }, + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "kind": "Anomaly", + "properties": { + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "prioritizeExcludeObservations": null, + "singleSelectObservations": [ + { + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "supportedValuesKql": null, + "value": [ + "Palo Alto Networks" + ], + "valuesKql": null + } + ], + "singleValueObservations": null, + "thresholdObservations": [ + { + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25" + }, + { + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3" + } + ] + }, + "displayName": "Login from unusual region", + "enabled": true, + "frequency": "PT1H", + "isDefaultSettings": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + }, + "201": { + "body": { + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "kind": "Anomaly", + "properties": { + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "prioritizeExcludeObservations": null, + "singleSelectObservations": [ + { + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "supportedValuesKql": null, + "value": [ + "Palo Alto Networks" + ], + "valuesKql": null + } + ], + "singleValueObservations": null, + "thresholdObservations": [ + { + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25" + }, + { + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3" + } + ] + }, + "displayName": "Login from unusual region", + "enabled": true, + "frequency": "PT1H", + "isDefaultSettings": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + } + }, + "operationId": "SecurityMLAnalyticsSettings_CreateOrUpdate", + "title": "Creates or updates a Anomaly Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..1c10d8407f62 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "SecurityMLAnalyticsSettings_Delete", + "title": "Delete a Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json new file mode 100644 index 000000000000..b0ec472444c0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -0,0 +1,96 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "kind": "Anomaly", + "properties": { + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "prioritizeExcludeObservations": null, + "singleSelectObservations": [ + { + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "supportedValuesKql": null, + "value": [ + "Palo Alto Networks" + ], + "valuesKql": null + } + ], + "singleValueObservations": null, + "thresholdObservations": [ + { + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25" + }, + { + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3" + } + ] + }, + "displayName": "Login from unusual region", + "enabled": true, + "frequency": "PT1H", + "isDefaultSettings": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + ] + } + } + }, + "operationId": "SecurityMLAnalyticsSettings_List", + "title": "Get all Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..b33055425acb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,93 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "settingsResourceName": "myFirstAnomalySettings", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "kind": "Anomaly", + "properties": { + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "prioritizeExcludeObservations": null, + "singleSelectObservations": [ + { + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "supportedValuesKql": null, + "value": [ + "Palo Alto Networks" + ], + "valuesKql": null + } + ], + "singleValueObservations": null, + "thresholdObservations": [ + { + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25" + }, + { + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3" + } + ] + }, + "displayName": "Login from unusual region", + "enabled": true, + "frequency": "PT1H", + "isDefaultSettings": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + } + }, + "operationId": "SecurityMLAnalyticsSettings_Get", + "title": "Get a Anomaly Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/DeleteEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/DeleteEyesOnSetting.json new file mode 100644 index 000000000000..211b8a26d65f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/DeleteEyesOnSetting.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "settingsName": "EyesOn", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ProductSettings_Delete", + "title": "Delete EyesOn settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetAllSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetAllSettings.json new file mode 100644 index 000000000000..2dd5534726b1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetAllSettings.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + ] + } + } + }, + "operationId": "ProductSettings_List", + "title": "Get all settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetEyesOnSetting.json new file mode 100644 index 000000000000..e7f3ac94cf4b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetEyesOnSetting.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "settingsName": "EyesOn", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + }, + "operationId": "ProductSettings_Get", + "title": "Get EyesOn settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/UpdateEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/UpdateEyesOnSetting.json new file mode 100644 index 000000000000..9a1e5035e535 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/UpdateEyesOnSetting.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "settings": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": {} + }, + "settingsName": "EyesOn", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + }, + "201": { + "body": { + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + }, + "operationId": "ProductSettings_Update", + "title": "Update EyesOn settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/CreateSourceControl.json new file mode 100644 index 000000000000..79dfa421de1e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/CreateSourceControl.json @@ -0,0 +1,178 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "sourceControl": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "description": "This is a source control", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "displayName": "My Source Control", + "repoType": "Github", + "repository": { + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "url": "https://github.com/user/repo" + }, + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state" + } + } + }, + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "properties": { + "description": "this is a source control", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "displayName": "My Source Control", + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "lastDeploymentInfo": { + "deployment": { + "deploymentId": "4985046420", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "deploymentResult": "Success", + "deploymentState": "Completed", + "deploymentTime": "2021-01-01T17:18:19.1234567Z" + }, + "deploymentFetchStatus": "Success", + "message": "Successful deployment" + }, + "pullRequest": { + "state": "Open", + "url": "https://github.com/user/repo/pull/123" + }, + "repoType": "Github", + "repository": { + "branch": "master", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "displayUrl": "https://github.com/user/repo", + "url": "https://github.com/user/repo" + }, + "repositoryResourceInfo": { + "azureDevOpsResourceInfo": null, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "webhook": { + "webhookId": "342768323", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a" + } + }, + "servicePrincipal": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + }, + "workloadIdentityFederation": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "issuer": "https://token.actions.githubusercontent.com", + "subject": "repo:user/repo:ref:refs/heads/branch", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + } + }, + "systemData": { + "createdAt": "2021-01-01T17:18:19.1234567Z", + "createdBy": "user1", + "createdByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User" + }, + "version": "V2" + } + }, + "201": { + "body": { + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "properties": { + "description": "this is a source control", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "displayName": "My Source Control", + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "lastDeploymentInfo": { + "deployment": { + "deploymentId": "4985046420", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "deploymentResult": "Success", + "deploymentState": "Completed", + "deploymentTime": "2021-01-01T17:18:19.1234567Z" + }, + "deploymentFetchStatus": "Success", + "message": "Successful deployment" + }, + "pullRequest": { + "state": "Open", + "url": "https://github.com/user/repo/pull/123" + }, + "repoType": "Github", + "repository": { + "branch": "master", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "displayUrl": "https://github.com/user/repo", + "url": "https://github.com/user/repo" + }, + "repositoryResourceInfo": { + "azureDevOpsResourceInfo": null, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "webhook": { + "webhookId": "342768323", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a" + } + }, + "servicePrincipal": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + }, + "workloadIdentityFederation": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "issuer": "https://token.actions.githubusercontent.com", + "subject": "repo:user/repo:ref:refs/heads/branch", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + } + }, + "systemData": { + "createdAt": "2021-01-01T17:18:19.1234567Z", + "createdBy": "user1", + "createdByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User" + }, + "version": "V2" + } + } + }, + "operationId": "SourceControls_Create", + "title": "Creates or updates a source control." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/DeleteSourceControl.json new file mode 100644 index 000000000000..2b35676dcefa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/DeleteSourceControl.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "repositoryAccess": { + "properties": { + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state" + } + } + }, + "resourceGroupName": "myRg", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "warning": { + "code": "SourceControlWarning_DeleteServicePrincipal", + "message": "ServicePrincipal has not been removed due to insufficient permissions." + } + } + } + }, + "operationId": "SourceControls_Delete", + "title": "Delete a source control." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControlById.json new file mode 100644 index 000000000000..61526607ae5b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControlById.json @@ -0,0 +1,84 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "properties": { + "description": "this is a source control", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "displayName": "My Source Control", + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "lastDeploymentInfo": { + "deployment": { + "deploymentId": "4985046420", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "deploymentResult": "Success", + "deploymentState": "Completed", + "deploymentTime": "2021-01-01T17:18:19.1234567Z" + }, + "deploymentFetchStatus": "Success", + "message": "Successful deployment" + }, + "pullRequest": { + "state": "Open", + "url": "https://github.com/user/repo/pull/123" + }, + "repoType": "Github", + "repository": { + "branch": "master", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "displayUrl": "https://github.com/user/repo", + "url": "https://github.com/user/repo" + }, + "repositoryResourceInfo": { + "azureDevOpsResourceInfo": null, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "webhook": { + "webhookId": "342768323", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a" + } + }, + "servicePrincipal": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + }, + "workloadIdentityFederation": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "issuer": "https://token.actions.githubusercontent.com", + "subject": "repo:user/repo:ref:refs/heads/branch", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + } + }, + "systemData": { + "createdAt": "2021-01-01T17:18:19.1234567Z", + "createdBy": "user1", + "createdByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User" + }, + "version": "V2" + } + } + }, + "operationId": "SourceControls_Get", + "title": "Get a source control." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControls.json new file mode 100644 index 000000000000..59fc1d9bf85a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControls.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "properties": { + "description": "this is a source control", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "displayName": "My Source Control", + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "lastDeploymentInfo": { + "deployment": { + "deploymentId": "4985046420", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "deploymentResult": "Success", + "deploymentState": "Completed", + "deploymentTime": "2021-01-01T17:18:19.1234567Z" + }, + "deploymentFetchStatus": "Success", + "message": "Successful deployment" + }, + "pullRequest": { + "state": "Open", + "url": "https://github.com/user/repo/pull/123" + }, + "repoType": "Github", + "repository": { + "branch": "master", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "displayUrl": "https://github.com/user/repo", + "url": "https://github.com/user/repo" + }, + "repositoryResourceInfo": { + "azureDevOpsResourceInfo": null, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "webhook": { + "webhookId": "342768323", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a" + } + }, + "servicePrincipal": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + }, + "workloadIdentityFederation": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "issuer": "https://token.actions.githubusercontent.com", + "subject": "repo:user/repo:ref:refs/heads/branch", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + } + }, + "systemData": { + "createdAt": "2021-01-01T17:18:19.1234567Z", + "createdBy": "user1", + "createdByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User" + }, + "version": "V2" + } + ] + } + } + }, + "operationId": "SourceControls_List", + "title": "Get all source controls." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/AppendTagsThreatIntelligence.json new file mode 100644 index 000000000000..2c48b3fb12a5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/AppendTagsThreatIntelligence.json @@ -0,0 +1,20 @@ +{ + "parameters": { + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceAppendTags": { + "threatIntelligenceTags": [ + "tag1", + "tag2" + ] + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {} + }, + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "title": "Append tags to a threat intelligence indicator" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CollectThreatIntelligenceMetrics.json new file mode 100644 index 000000000000..6c3e2d3b96e0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "lastUpdatedTimeUtc": "2021-09-01T19:44:44.117403Z", + "patternTypeMetrics": [ + { + "metricName": "url", + "metricValue": 20 + } + ], + "sourceMetrics": [ + { + "metricName": "Azure Sentinel", + "metricValue": 10315 + }, + { + "metricName": "zinga", + "metricValue": 2 + } + ], + "threatTypeMetrics": [ + { + "metricName": "compromised", + "metricValue": 20 + } + ] + } + } + ] + } + } + }, + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "title": "Get threat intelligence indicators metrics." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CreateThreatIntelligence.json new file mode 100644 index 000000000000..2d0a6fc24189 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CreateThreatIntelligence.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "displayName": "new schema", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-09-15T17:44:00.114052Z", + "validUntil": "" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-09-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "displayName": "new schema", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-09-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-09-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "displayName": "new schema", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-09-15T20:20:38.6161887Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-09-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "title": "Create a new Threat Intelligence" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/DeleteThreatIntelligence.json new file mode 100644 index 000000000000..66a673697d45 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/DeleteThreatIntelligence.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ThreatIntelligenceIndicator_Delete", + "title": "Delete a threat intelligence indicator" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligence.json new file mode 100644 index 000000000000..dad44c3dda85 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligence.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 90, + "created": "2021-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "displayName": "new schema 2", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.0746926Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + }, + { + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "displayName": "updated indicator", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.074903Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + ] + } + } + }, + "operationId": "ThreatIntelligenceIndicators_List", + "title": "Get all threat intelligence indicators" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..3798b2c3a4ca --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligenceById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "displayName": "updated indicator", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T20:18:49.2259902Z", + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_Get", + "title": "View a threat intelligence indicator by name" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceCount.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceCount.json new file mode 100644 index 000000000000..5ec0209a8821 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceCount.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "Query": { + "condition": { + "clauses": [ + { + "field": "lastUpdatedTimeUtc", + "operator": "OnOrBeforeAbsolute", + "values": [ + "2024-02-09T23:59:59.999Z" + ] + } + ], + "conditionConnective": null + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "tiType": "main", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "count": 3 + } + } + }, + "operationId": "ThreatIntelligence_Count", + "title": "Get TI object count" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceQuery.json new file mode 100644 index 000000000000..88460bbeff23 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceQuery.json @@ -0,0 +1,124 @@ +{ + "parameters": { + "Query": { + "condition": { + "clauses": [ + { + "field": "lastUpdatedTimeUtc", + "operator": "OnOrBeforeAbsolute", + "values": [ + "2024-02-09T23:59:59.999Z" + ] + } + ], + "conditionConnective": null, + "stixObjectType": "attack-pattern" + }, + "maxPageSize": 100, + "minPageSize": 100, + "sortBy": { + "direction": "DESC", + "field": "lastUpdatedTimeUtc" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "tiType": "main", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "dGxwLW1peGVkVHlwZXMtd2l0aC1SdWxlcy0y---attack-pattern--fb6aa549-c94a-4e45-b4fd-7e32602dad85", + "type": "Microsoft.SecurityInsights/threatintelligence", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/threatintelligence/dGxwLW1peGVkVHlwZXMtd2l0aC1SdWxlcy0y---attack-pattern--fb6aa549-c94a-4e45-b4fd-7e32602dad85", + "kind": "AttackPattern", + "properties": { + "createdBy": { + "name": "", + "email": "", + "objectId": "00000000-0000-0000-0000-000000000000" + }, + "data": { + "name": "Attack Pattern 2.1", + "type": "attack-pattern", + "description": "menuPass appears to favor spear phishing to deliver payloads to the intended targets. While the attackers behind menuPass have used other RATs in their campaign, it appears that they use PIVY as their primary persistence mechanism.", + "aliases": [ + "alias_1", + "alias_2" + ], + "confidence": 100, + "created": "2015-05-15T09:12:16.432Z", + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "external_references": [ + { + "description": "spear phishing", + "external_id": "CAPEC-163", + "hashes": null, + "source_name": "capec", + "url": null + } + ], + "granular_markings": [ + { + "lang": "en", + "marking_ref": "marking-definition--089a6ecb-cc15-43cc-9494-767639779123", + "selectors": [ + "description", + "labels" + ] + } + ], + "id": "attack-pattern--fb6aa549-c94a-4e45-b4fd-7e32602dad85", + "kill_chain_phases": [ + { + "kill_chain_name": "mandiant-attack-lifecycle-model", + "phase_name": "initial-compromise" + } + ], + "labels": [ + "heartbleed", + "has-logo" + ], + "lang": "en", + "modified": "2015-05-20T09:12:16.432Z", + "object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "revoked": true, + "spec_version": "2.1", + "extensions": { + "extension-definition--d83fce45-ef58-4c6c-a3f4-1fbc32e98c6e": { + "extension_type": "property-extension", + "rank": 5, + "toxicity": 8 + }, + "sentinel-ext": { + "severity": null + } + } + }, + "firstIngestedTimeUtc": "2024-02-05T22:47:29.4948816", + "ingestionRulesVersion": "00000000-0000-0000-0000-000000000000", + "lastIngestedTimeUtc": "2024-02-05T22:47:29.4948816", + "lastModifiedBy": { + "name": "", + "email": "", + "objectId": "00000000-0000-0000-0000-000000000000" + }, + "lastUpdateMethod": "File Import", + "lastUpdatedDateTimeUtc": "2024-02-05T22:47:29.4948816", + "relationshipHints": null, + "source": "mySource" + } + } + ] + } + } + }, + "operationId": "ThreatIntelligence_Query", + "title": "Get TI objects" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/QueryThreatIntelligence.json new file mode 100644 index 000000000000..2c42f3cd56d3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/QueryThreatIntelligence.json @@ -0,0 +1,109 @@ +{ + "parameters": { + "ThreatIntelligenceFilteringCriteria": { + "maxConfidence": 80, + "maxValidUntil": "2021-04-25T17:44:00.114052Z", + "minConfidence": 25, + "minValidUntil": "2021-04-05T17:44:00.114052Z", + "pageSize": 100, + "sortBy": [ + { + "itemKey": "lastUpdatedTimeUtc", + "sortOrder": "descending" + } + ], + "sources": [ + "Azure Sentinel" + ] + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "kind": "indicator", + "properties": { + "description": "debugging indicators 2", + "confidence": 90, + "created": "2021-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "displayName": "new schema 2", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "parsedPattern": [ + { + "patternTypeKey": "network-traffic", + "patternTypeValues": [ + { + "value": "SSH-2.0-PuTTY_Release_0.64", + "valueType": "0" + }, + { + "value": "194.88.106.146", + "valueType": "1" + } + ] + } + ], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + }, + { + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "displayName": "updated indicator", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.074903Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + ] + } + } + }, + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "title": "Query threat intelligence indicators as per filtering criteria" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/ReplaceTagsThreatIntelligence.json new file mode 100644 index 000000000000..e33f149d03e8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceReplaceTags": { + "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", + "kind": "indicator", + "properties": { + "threatIntelligenceTags": [ + "patching tags" + ] + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "displayName": "updated indicator", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T19:56:08.828946Z", + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "title": "Replace tags to a Threat Intelligence" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/UpdateThreatIntelligence.json new file mode 100644 index 000000000000..8342b286cc61 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/UpdateThreatIntelligence.json @@ -0,0 +1,103 @@ +{ + "parameters": { + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "displayName": "new schema", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "displayName": "new schema", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "displayName": "new schema", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T20:20:38.6161887Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_Create", + "title": "Update a threat Intelligence indicator" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json new file mode 100644 index 000000000000..02fe28e037f0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "analyticsRuleRunTriggerParameter": { + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "202": { + "headers": { + "Code": "202", + "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2025-07-01-preview", + "Message": "Accepted" + } + } + }, + "operationId": "alertRule_TriggerRuleRun", + "title": "triggerRuleRun_Post" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json new file mode 100644 index 000000000000..be2e3d433ee8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z", + "provisioningState": "InProgress", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "ruleRunAdditionalData": { + "auditCorrelationId": "b8540a76-cb05-4a9b-8d52-9959b509e4ad", + "createdBy": "user@microsoft.com", + "healthCorrelationId": "dadd8fdc-fc7a-4005-a289-4e164cb75093" + }, + "triggeredAnalyticsRuleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + } + } + } + }, + "operationId": "triggeredAnalyticsRuleRun_Get", + "title": "triggeredAnalyticsRuleRun_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json new file mode 100644 index 000000000000..1bdb624d845a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z", + "provisioningState": "InProgress", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "ruleRunAdditionalData": { + "auditCorrelationId": "b8540a76-cb05-4a9b-8d52-9959b509e4ad", + "createdBy": "user@microsoft.com", + "healthCorrelationId": "dadd8fdc-fc7a-4005-a289-4e164cb75093" + }, + "triggeredAnalyticsRuleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + } + }, + { + "name": "1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "properties": { + "executionTimeUtc": "2022-12-20T15:37:03.074Z", + "provisioningState": "Succeeded", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "ruleRunAdditionalData": { + "auditCorrelationId": "763f9dae-1027-44b9-a34a-589404693670", + "createdBy": "user2@microsoft.com", + "healthCorrelationId": "b3c165ec-f53e-48c1-9677-216d9e930912" + }, + "triggeredAnalyticsRuleRunId": "1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c" + } + } + ] + } + } + }, + "operationId": "getTriggeredAnalyticsRuleRuns_List", + "title": "triggeredAnalyticsRuleRuns_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlist.json new file mode 100644 index 000000000000..eeeb1477a776 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlist.json @@ -0,0 +1,90 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "description": "Watchlist from CSV content", + "displayName": "High Value Assets Watchlist", + "itemsSearchKey": "header1", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local" + } + }, + "watchlistAlias": "highValueAsset", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + }, + "201": { + "body": { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + } + }, + "operationId": "Watchlists_CreateOrUpdate", + "title": "Create or update a watchlist." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistAndWatchlistItems.json new file mode 100644 index 000000000000..0f61393d06a3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistAndWatchlistItems.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "description": "Watchlist from CSV content", + "contentType": "text/csv", + "displayName": "High Value Assets Watchlist", + "itemsSearchKey": "header1", + "numberOfLinesToSkip": 1, + "provider": "Microsoft", + "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", + "source": "watchlist.csv", + "sourceType": "Local" + } + }, + "watchlistAlias": "highValueAsset", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + }, + "201": { + "body": { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + } + }, + "operationId": "Watchlists_CreateOrUpdate", + "title": "Create or update a watchlist and bulk creates watchlist items." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistItem.json new file mode 100644 index 000000000000..947301fc9d02 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistItem.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "watchlistItem": { + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "itemsKeyValue": { + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Gateway subnet": "10.0.255.224/27", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27", + "Web Tier": "10.0.1.0/24" + } + } + }, + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "properties": { + "created": "2020-11-15T04:58:56.0748363+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "isDeleted": false, + "itemsKeyValue": { + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Gateway subnet": "10.0.255.224/27", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27", + "Web Tier": "10.0.1.0/24" + }, + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "updated": "2020-11-16T16:05:20+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItemType": "watchlist-item" + } + } + }, + "201": { + "body": { + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "properties": { + "created": "2020-11-15T04:58:56.0748363+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "isDeleted": false, + "itemsKeyValue": { + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Gateway subnet": "10.0.255.224/27", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27", + "Web Tier": "10.0.1.0/24" + }, + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "updated": "2020-11-16T16:05:20+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItemType": "watchlist-item" + } + } + } + }, + "operationId": "WatchlistItems_CreateOrUpdate", + "title": "Create or update a watchlist item." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlist.json new file mode 100644 index 000000000000..d63c7970b432 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlist.json @@ -0,0 +1,20 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "workspaceName": "myWorkspace" + }, + "responses": { + "202": { + "headers": { + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2025-07-01-preview" + } + }, + "204": {} + }, + "operationId": "Watchlists_Delete", + "title": "Delete a watchlist." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlistItem.json new file mode 100644 index 000000000000..8dbdf4e4351f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlistItem.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WatchlistItems_Delete", + "title": "Delete a watchlist item." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistByAlias.json new file mode 100644 index 000000000000..0896000a0d57 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistByAlias.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "defaultDuration": "P1279DT12H30M5S", + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "labels": [ + "Tag1", + "Tag2" + ], + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + } + }, + "operationId": "Watchlists_Get", + "title": "Get a watchlist." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItemById.json new file mode 100644 index 000000000000..9586d269d1d5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItemById.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "properties": { + "created": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "entityMapping": {}, + "isDeleted": false, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "watchlistItemType": "watchlist-item" + } + } + } + }, + "operationId": "WatchlistItems_Get", + "title": "Get a watchlist item." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItems.json new file mode 100644 index 000000000000..f9548e237c50 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItems.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "properties": { + "created": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "entityMapping": {}, + "isDeleted": false, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "watchlistItemType": "watchlist-item" + } + } + ] + } + } + }, + "operationId": "WatchlistItems_List", + "title": "Get all watchlist Items." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlists.json new file mode 100644 index 000000000000..220c68e3422e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlists.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "defaultDuration": "P1279DT12H30M5S", + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "labels": [ + "Tag1", + "Tag2" + ], + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + ] + } + } + }, + "operationId": "Watchlists_List", + "title": "Get all watchlists." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateJob.json new file mode 100644 index 000000000000..9f8551d604b2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateJob.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "properties": { + "provisioningState": "InProgress", + "startTime": "2022-06-14T04:47:52.9614956Z" + } + } + } + }, + "operationId": "WorkspaceManagerAssignmentJobs_Create", + "title": "Creates a job for the specified workspace manager assignment" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..07f98d6688ea --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignment": { + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + }, + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + }, + "201": { + "body": { + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + } + }, + "operationId": "WorkspaceManagerAssignments_CreateOrUpdate", + "title": "Creates or updates a workspace manager assignment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteJob.json new file mode 100644 index 000000000000..403b32cdd8d8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteJob.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WorkspaceManagerAssignmentJobs_Delete", + "title": "Delete a workspace manager job." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..6ae1d78ab35c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WorkspaceManagerAssignments_Delete", + "title": "Delete a workspace manager assignment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllJobs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllJobs.json new file mode 100644 index 000000000000..a3e328639e41 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllJobs.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "properties": { + "endTime": "2022-06-14T04:52:52.9614956Z", + "items": [ + { + "executionTime": "2022-06-14T04:49:52.9614956Z", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne", + "status": "Succeeded" + }, + { + "errors": [ + { + "errorMessage": "Failed to write. Status code: Forbidden.", + "memberResourceName": "f5fa104e-c0e3-4747-9182-d342dc048a9e" + } + ], + "executionTime": "2022-06-14T04:50:52.9614956Z", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo", + "status": "Failed" + } + ], + "provisioningState": "Failed", + "startTime": "2022-06-14T04:47:52.9614956Z" + } + } + ] + } + } + }, + "operationId": "WorkspaceManagerAssignmentJobs_List", + "title": "Get all jobs for the specified Sentinel workspace manager assignment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json new file mode 100644 index 000000000000..3c095b8b0ea9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "lastJobEndTime": "2022-06-14T04:52:52.9614956Z", + "lastJobProvisioningState": "Failed", + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + ] + } + } + }, + "operationId": "WorkspaceManagerAssignments_List", + "title": "Get all workspace manager assignments for the Sentinel workspace manager." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetJob.json new file mode 100644 index 000000000000..a97036a1ee94 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetJob.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "properties": { + "endTime": "2022-06-14T04:52:52.9614956Z", + "items": [ + { + "executionTime": "2022-06-14T04:49:52.9614956Z", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne", + "status": "Succeeded" + }, + { + "errors": [ + { + "errorMessage": "Failed to write. Status code: Forbidden.", + "memberResourceName": "f5fa104e-c0e3-4747-9182-d342dc048a9e" + } + ], + "executionTime": "2022-06-14T04:50:52.9614956Z", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo", + "status": "Failed" + } + ], + "provisioningState": "Failed", + "startTime": "2022-06-14T04:47:52.9614956Z" + } + } + } + }, + "operationId": "WorkspaceManagerAssignmentJobs_Get", + "title": "Get a workspace manager job" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..c606338137ed --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "lastJobEndTime": "2022-06-14T04:52:52.9614956Z", + "lastJobProvisioningState": "Failed", + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + } + }, + "operationId": "WorkspaceManagerAssignments_Get", + "title": "Get a workspace manager assignment" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..20d594abfdb2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerConfiguration": { + "properties": { + "mode": "Enabled" + } + }, + "workspaceManagerConfigurationName": "default", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "properties": { + "mode": "Enabled" + } + } + }, + "201": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "properties": { + "mode": "Enabled" + } + } + } + }, + "operationId": "WorkspaceManagerConfigurations_CreateOrUpdate", + "title": "Create or Update a workspace manager Configuration" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..41eb345d61d6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerConfigurationName": "default", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WorkspaceManagerConfigurations_Delete", + "title": "Delete a workspace manager configuration." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json new file mode 100644 index 000000000000..89c01951d8b8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "properties": { + "mode": "Enabled" + } + } + ] + } + } + }, + "operationId": "WorkspaceManagerConfigurations_List", + "title": "Get all workspace manager configurations for a Sentinel workspace." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..53302cb6bd0e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerConfigurationName": "default", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "properties": { + "mode": "Enabled" + } + } + } + }, + "operationId": "WorkspaceManagerConfigurations_Get", + "title": "Get a workspace manager configuration." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json new file mode 100644 index 000000000000..eaf4a4754b5e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerGroup": { + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + }, + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + }, + "201": { + "body": { + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + } + }, + "operationId": "WorkspaceManagerGroups_CreateOrUpdate", + "title": "Creates or updates a workspace manager group." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json new file mode 100644 index 000000000000..7b71dc835a9e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WorkspaceManagerGroups_Delete", + "title": "Delete a workspace manager group." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json new file mode 100644 index 000000000000..163a1cf83020 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + ] + } + } + }, + "operationId": "WorkspaceManagerGroups_List", + "title": "Get all workspace manager groups in the Sentinel workspace manager." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetWorkspaceManagerGroup.json new file mode 100644 index 000000000000..99a6b5193f14 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetWorkspaceManagerGroup.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + } + }, + "operationId": "WorkspaceManagerGroups_Get", + "title": "Get a workspace manager group" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json new file mode 100644 index 000000000000..32ac191cf60d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerMember": { + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + }, + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + } + }, + "operationId": "WorkspaceManagerMembers_CreateOrUpdate", + "title": "Create or Update a workspace manager member" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/DeleteWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/DeleteWorkspaceManagerMember.json new file mode 100644 index 000000000000..a7e64b8bb0a2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/DeleteWorkspaceManagerMember.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WorkspaceManagerMembers_Delete", + "title": "Delete a workspace manager member" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json new file mode 100644 index 000000000000..0a061dd98447 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + }, + "operationId": "WorkspaceManagerMembers_List", + "title": "Get all workspace manager members" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetWorkspaceManagerMember.json new file mode 100644 index 000000000000..e3b58839f6bf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetWorkspaceManagerMember.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + } + }, + "operationId": "WorkspaceManagerMembers_Get", + "title": "Get a workspace manager member" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/CreateActionOfAlertRule.json new file mode 100644 index 000000000000..904a708a9307 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/CreateActionOfAlertRule.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "action": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", + "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" + } + }, + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "properties": { + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", + "workflowId": "cd3765391efd48549fd7681ded1d48d7" + } + } + }, + "201": { + "body": { + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "properties": { + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", + "workflowId": "cd3765391efd48549fd7681ded1d48d7" + } + } + } + }, + "operationId": "Actions_CreateOrUpdate", + "title": "Creates or updates an action of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/DeleteActionOfAlertRule.json new file mode 100644 index 000000000000..50a35e1faa08 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/DeleteActionOfAlertRule.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Actions_Delete", + "title": "Delete an action of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetActionOfAlertRuleById.json new file mode 100644 index 000000000000..e20a17f7e113 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetActionOfAlertRuleById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "properties": { + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", + "workflowId": "cd3765391efd48549fd7681ded1d48d7" + } + } + } + }, + "operationId": "Actions_Get", + "title": "Get an action of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetAllActionsByAlertRule.json new file mode 100644 index 000000000000..c714a8c19cbb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetAllActionsByAlertRule.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "properties": { + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts", + "workflowId": "cd3765391efd48549fd7681ded1d48d7" + } + } + ] + } + } + }, + "operationId": "Actions_ListByAlertRule", + "title": "Get all actions of alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json new file mode 100644 index 000000000000..496c91335378 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "kind": "Scheduled", + "properties": { + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "alertRulesCreatedByTemplateCount": 0, + "createdDateUTC": "2019-02-27T00:00:00Z", + "displayName": "Changes to Amazon VPC settings", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "severity": "Low", + "status": "Available", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "version": "1.0.2" + } + } + } + }, + "operationId": "AlertRuleTemplates_Get", + "title": "Get alert rule template by Id." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json new file mode 100644 index 000000000000..c668f6fb25b5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -0,0 +1,240 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "kind": "Scheduled", + "properties": { + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "alertRulesCreatedByTemplateCount": 0, + "createdDateUTC": "2019-02-27T00:00:00Z", + "displayName": "Changes to Amazon VPC settings", + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "severity": "Low", + "status": "Available", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "version": "1.0.1" + } + }, + { + "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", + "kind": "Fusion", + "properties": { + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRulesCreatedByTemplateCount": 0, + "createdDateUTC": "2019-07-25T00:00:00Z", + "displayName": "Advanced Multi-Stage Attack Detection", + "lastUpdatedDateUTC": "2021-06-09T00:00:00Z", + "severity": "High", + "sourceSettings": [ + { + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "severityFilter": { + "enabled": false, + "isSupported": false, + "severityFilters": null + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "status": "Available", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + }, + { + "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", + "alertRulesCreatedByTemplateCount": 0, + "createdDateUTC": "2019-07-16T00:00:00Z", + "displayName": "Create incidents based on Microsoft Cloud App Security alerts", + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "productFilter": "Microsoft Cloud App Security", + "status": "Available" + } + } + ] + } + } + }, + "operationId": "AlertRuleTemplates_List", + "title": "Get all alert rule templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRule.json new file mode 100644 index 000000000000..de859447a683 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRule.json @@ -0,0 +1,847 @@ +{ + "parameters": { + "alertRule": { + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "kind": "Fusion", + "properties": { + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "enabled": true, + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ] + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "myFirstFusionRule", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z", + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + }, + "201": { + "body": { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z", + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Fusion alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json new file mode 100644 index 000000000000..8704695ada31 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json @@ -0,0 +1,853 @@ +{ + "parameters": { + "alertRule": { + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "kind": "Fusion", + "properties": { + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "enabled": true, + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ] + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ] + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "myFirstFusionRule", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z", + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + }, + "201": { + "body": { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z", + "scenarioExclusionPatterns": [ + { + "dateAddedInUTC": "2021-10-01T15:26:44.9429806Z", + "exclusionPattern": "Alert providers:Azure Active Directory Identity Protection:Infected Device;Alert providers:Azure Defender:Crypto-mining activity" + } + ], + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Fusion alert rule with scenario exclusion pattern." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..8a4dc53bdcde --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "alertRule": { + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "displayName": "testing displayname", + "enabled": true, + "productFilter": "Microsoft Cloud App Security" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "microsoftSecurityIncidentCreationRuleExample", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "description": null, + "alertRuleTemplateName": null, + "displayName": "testing displayname", + "displayNamesFilter": null, + "enabled": true, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z", + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null + } + } + }, + "201": { + "body": { + "name": "microsoftSecurityIncidentCreationRuleExample", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "description": null, + "alertRuleTemplateName": null, + "displayName": "testing displayname", + "displayNamesFilter": null, + "enabled": true, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z", + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a MicrosoftSecurityIncidentCreation rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateNrtAlertRule.json new file mode 100644 index 000000000000..0dcb19cffe8f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateNrtAlertRule.json @@ -0,0 +1,138 @@ +{ + "parameters": { + "alertRule": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "NRT", + "properties": { + "description": "", + "displayName": "Rule2", + "enabled": true, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByEntities": [ + "Host", + "Account" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "NRT", + "properties": { + "description": "", + "alertRuleTemplateName": null, + "displayName": "Rule2", + "enabled": true, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByEntities": [ + "Host", + "Account" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "NRT", + "properties": { + "description": "", + "alertRuleTemplateName": null, + "displayName": "Rule2", + "enabled": true, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByEntities": [ + "Host", + "Account" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Nrt alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json new file mode 100644 index 000000000000..fcdf6f051351 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json @@ -0,0 +1,272 @@ +{ + "parameters": { + "alertRule": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Scheduled", + "properties": { + "description": "An example for a scheduled rule", + "alertDetailsOverride": { + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDynamicProperties": [ + { + "alertProperty": "ProductComponentName", + "value": "ProductComponentNameCustomColumn" + }, + { + "alertProperty": "ProductName", + "value": "ProductNameCustomColumn" + }, + { + "alertProperty": "AlertLink", + "value": "Link" + } + ] + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "displayName": "My scheduled rule", + "enabled": true, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Computer", + "identifier": "FullName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "ComputerIP", + "identifier": "Address" + } + ] + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ], + "groupByEntities": [ + "Host" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "sentinelEntitiesMappings": [ + { + "columnName": "Entities" + } + ], + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Scheduled", + "properties": { + "description": "An example for a scheduled rule", + "alertDetailsOverride": { + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertSeverityColumnName": null, + "alertTacticsColumnName": null + }, + "alertRuleTemplateName": null, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "displayName": "My scheduled rule", + "enabled": true, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Computer", + "identifier": "FullName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "ComputerIP", + "identifier": "Address" + } + ] + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ], + "groupByEntities": [ + "Host" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Scheduled", + "properties": { + "description": "An example for a scheduled rule", + "alertDetailsOverride": { + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertSeverityColumnName": null, + "alertTacticsColumnName": null + }, + "alertRuleTemplateName": null, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "displayName": "My scheduled rule", + "enabled": true, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Computer", + "identifier": "FullName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "ComputerIP", + "identifier": "Address" + } + ] + } + ], + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ], + "groupByEntities": [ + "Host" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2021-03-01T13:15:30Z", + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + } + } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Scheduled alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/DeleteAlertRule.json new file mode 100644 index 000000000000..e36b7ad6cf72 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/DeleteAlertRule.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "AlertRules_Delete", + "title": "Delete an alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetAllAlertRules.json new file mode 100644 index 000000000000..6898cf34c528 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetAllAlertRules.json @@ -0,0 +1,414 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Scheduled", + "properties": { + "description": "An example for a scheduled rule", + "alertDetailsOverride": { + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertSeverityColumnName": null, + "alertTacticsColumnName": null + }, + "alertRuleTemplateName": null, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "displayName": "My scheduled rule", + "enabled": true, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Computer", + "identifier": "FullName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "ComputerIP", + "identifier": "Address" + } + ] + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ], + "groupByEntities": [ + "Host" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + }, + { + "name": "microsoftSecurityIncidentCreationRuleExample", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "description": null, + "alertRuleTemplateName": null, + "displayName": "testing displayname", + "displayNamesFilter": null, + "enabled": true, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z", + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null + } + }, + { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2021-10-22T07:12:34.9065092Z", + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Azure Active Directory Identity Protection", + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Cloud", + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for IoT", + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft 365 Defender", + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Cloud App Security", + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Endpoint", + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Identity", + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Office 365", + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Azure Sentinel scheduled analytics rules", + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeDisplayName": "Palo Alto Networks", + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + ] + } + } + }, + "operationId": "AlertRules_List", + "title": "Get all alert rules." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetFusionAlertRule.json new file mode 100644 index 000000000000..a197f6d4b2cc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetFusionAlertRule.json @@ -0,0 +1,312 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "myFirstFusionRule", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "myFirstFusionRule", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "kind": "Fusion", + "properties": { + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "displayName": "Advanced Multi-Stage Attack Detection", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "severity": "High", + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Azure Active Directory Identity Protection", + "sourceSubTypeName": "Azure Active Directory Identity Protection" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Cloud", + "sourceSubTypeName": "Azure Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for IoT", + "sourceSubTypeName": "Azure Defender for IoT" + }, + { + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft 365 Defender", + "sourceSubTypeName": "Microsoft 365 Defender" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Cloud App Security", + "sourceSubTypeName": "Microsoft Cloud App Security" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Endpoint", + "sourceSubTypeName": "Microsoft Defender for Endpoint" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Identity", + "sourceSubTypeName": "Microsoft Defender for Identity" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Microsoft Defender for Office 365", + "sourceSubTypeName": "Microsoft Defender for Office 365" + }, + { + "enabled": true, + "severityFilters": { + "filters": [ + { + "enabled": true, + "severity": "High" + }, + { + "enabled": true, + "severity": "Medium" + }, + { + "enabled": true, + "severity": "Low" + }, + { + "enabled": true, + "severity": "Informational" + } + ], + "isSupported": true + }, + "sourceSubTypeDisplayName": "Azure Sentinel scheduled analytics rules", + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules" + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "enabled": true, + "severityFilters": { + "filters": null, + "isSupported": false + }, + "sourceSubTypeDisplayName": "Palo Alto Networks", + "sourceSubTypeName": "Palo Alto Networks" + } + ] + } + ], + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ] + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get a Fusion alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..255c88719473 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "microsoftSecurityIncidentCreationRuleExample", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "description": null, + "alertRuleTemplateName": null, + "displayName": "testing displayname", + "displayNamesFilter": null, + "enabled": true, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z", + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get a MicrosoftSecurityIncidentCreation rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetNrtAlertRule.json new file mode 100644 index 000000000000..1c442acce98a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetNrtAlertRule.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "NRT", + "properties": { + "description": "", + "alertRuleTemplateName": null, + "displayName": "Rule2", + "enabled": true, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByEntities": [ + "Host", + "Account" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get an Nrt alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetScheduledAlertRule.json new file mode 100644 index 000000000000..20b0d6faffd4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetScheduledAlertRule.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Scheduled", + "properties": { + "description": "An example for a scheduled rule", + "alertDetailsOverride": { + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertSeverityColumnName": null, + "alertTacticsColumnName": null + }, + "alertRuleTemplateName": null, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "displayName": "My scheduled rule", + "enabled": true, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "columnName": "Computer", + "identifier": "FullName" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "columnName": "ComputerIP", + "identifier": "Address" + } + ] + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ], + "groupByEntities": [ + "Host" + ], + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "reopenClosedIncident": false + } + }, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + } + } + }, + "operationId": "AlertRules_Get", + "title": "Get a Scheduled alert rule." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json new file mode 100644 index 000000000000..bc9e6ba3ba25 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -0,0 +1,197 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "automationRule": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "actions": [ + { + "actionConfiguration": { + "description": "Reset passwords for compromised users.", + "title": "Reset user passwords" + }, + "actionType": "AddIncidentTask", + "order": 1 + } + ], + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:00:00Z", + "displayName": "Suspicious user sign-in events", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "order": 1, + "triggeringLogic": { + "conditions": [ + { + "conditionProperties": { + "arrayConditionType": "AnyItem", + "arrayType": "IncidentLabels", + "itemConditions": [ + { + "conditionProperties": { + "operator": "Equals", + "propertyName": "IncidentLabel", + "propertyValues": [ + "myLabel" + ] + }, + "conditionType": "Property" + } + ] + }, + "conditionType": "PropertyArray" + } + ], + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created" + } + } + }, + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "actions": [ + { + "actionConfiguration": { + "description": "Reset passwords for compromised users.", + "title": "Reset user passwords" + }, + "actionType": "AddIncidentTask", + "order": 1 + } + ], + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:00:00Z", + "displayName": "Suspicious user sign-in events", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "order": 1, + "triggeringLogic": { + "conditions": [ + { + "conditionProperties": { + "arrayConditionType": "AnyItem", + "arrayType": "IncidentLabels", + "itemConditions": [ + { + "conditionProperties": { + "operator": "Equals", + "propertyName": "IncidentLabel", + "propertyValues": [ + "myLabel" + ] + }, + "conditionType": "Property" + } + ] + }, + "conditionType": "PropertyArray" + } + ], + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created" + } + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "actions": [ + { + "actionConfiguration": { + "description": "Reset passwords for compromised users.", + "title": "Reset user passwords" + }, + "actionType": "AddIncidentTask", + "order": 1 + } + ], + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:00:00Z", + "displayName": "Suspicious user sign-in events", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "order": 1, + "triggeringLogic": { + "conditions": [ + { + "conditionProperties": { + "arrayConditionType": "AnyItem", + "arrayType": "IncidentLabels", + "itemConditions": [ + { + "conditionProperties": { + "operator": "Equals", + "propertyName": "IncidentLabel", + "propertyValues": [ + "myLabel" + ] + }, + "conditionType": "Property" + } + ] + }, + "conditionType": "PropertyArray" + } + ], + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created" + } + } + } + } + }, + "operationId": "AutomationRules_CreateOrUpdate", + "title": "AutomationRules_CreateOrUpdate" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Delete.json new file mode 100644 index 000000000000..30b0a0750183 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -0,0 +1,19 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": {} + }, + "204": { + "body": {} + } + }, + "operationId": "AutomationRules_Delete", + "title": "AutomationRules_Delete" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Get.json new file mode 100644 index 000000000000..25dd678a62c1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "actions": [ + { + "actionConfiguration": { + "description": "Reset passwords for compromised users.", + "title": "Reset user passwords" + }, + "actionType": "AddIncidentTask", + "order": 1 + } + ], + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:00:00Z", + "displayName": "Suspicious user sign-in events", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "order": 1, + "triggeringLogic": { + "conditions": [ + { + "conditionProperties": { + "arrayConditionType": "AnyItem", + "arrayType": "IncidentLabels", + "itemConditions": [ + { + "conditionProperties": { + "operator": "Equals", + "propertyName": "IncidentLabel", + "propertyValues": [ + "myLabel" + ] + }, + "conditionType": "Property" + } + ] + }, + "conditionType": "PropertyArray" + } + ], + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created" + } + } + } + } + }, + "operationId": "AutomationRules_Get", + "title": "AutomationRules_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_List.json new file mode 100644 index 000000000000..06938a8edaf3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "actions": [ + { + "actionConfiguration": { + "description": "Reset passwords for compromised users.", + "title": "Reset user passwords" + }, + "actionType": "AddIncidentTask", + "order": 1 + } + ], + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:00:00Z", + "displayName": "Suspicious user sign-in events", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "order": 1, + "triggeringLogic": { + "conditions": [ + { + "conditionProperties": { + "arrayConditionType": "AnyItem", + "arrayType": "IncidentLabels", + "itemConditions": [ + { + "conditionProperties": { + "operator": "Equals", + "propertyName": "IncidentLabel", + "propertyValues": [ + "myLabel" + ] + }, + "conditionType": "Property" + } + ] + }, + "conditionType": "PropertyArray" + } + ], + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created" + } + } + } + ] + } + } + }, + "operationId": "AutomationRules_List", + "title": "AutomationRules_List" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json new file mode 100644 index 000000000000..c313c69cd08b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "sapSolutionUsage", + "type": "Microsoft.SecurityInsights/billingStatistics", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/billingStatistics/sapUsage", + "kind": "SapSolutionUsage", + "properties": { + "activeSystemIdCount": 5 + } + } + ] + } + } + }, + "operationId": "BillingStatistics_List", + "title": "Get all Microsoft Sentinel billing statistics." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetBillingStatistic.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetBillingStatistic.json new file mode 100644 index 000000000000..b87f2405268d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetBillingStatistic.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "billingStatisticName": "sapSolutionUsage", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "sapSolutionUsage", + "type": "Microsoft.SecurityInsights/billingStatistics", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/billingStatistics/sapUsage", + "kind": "SapSolutionUsage", + "properties": { + "activeSystemIdCount": 5 + } + } + } + }, + "operationId": "BillingStatistics_Get", + "title": "Get a billing statistic." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/CreateBookmark.json new file mode 100644 index 000000000000..e4cd4ee0d9e0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/CreateBookmark.json @@ -0,0 +1,145 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmark": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "created": "2021-09-01T13:15:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "My bookmark", + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ], + "labels": [ + "Tag1", + "Tag2" + ], + "notes": "Found a suspicious activity", + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "updated": "2021-09-01T13:15:30Z", + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + } + } + }, + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "created": "2021-09-01T13:15:30Z", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "My bookmark", + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ], + "labels": [ + "Tag1", + "Tag2" + ], + "notes": "Found a suspicious activity", + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "updated": "2021-09-01T13:15:30Z", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + } + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "created": "2021-09-01T13:15:30Z", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "My bookmark", + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ], + "labels": [ + "Tag1", + "Tag2" + ], + "notes": "Found a suspicious activity", + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "updated": "2021-09-01T13:15:30Z", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + } + } + } + } + }, + "operationId": "Bookmarks_CreateOrUpdate", + "title": "Creates or updates a bookmark." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/DeleteBookmark.json new file mode 100644 index 000000000000..7267218ea596 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/DeleteBookmark.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Bookmarks_Delete", + "title": "Delete a bookmark." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarkById.json new file mode 100644 index 000000000000..42e7903ad67e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarkById.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "created": "2021-09-01T13:15:30Z", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "My bookmark", + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ], + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018", + "severity": "Low", + "title": "New case 1" + }, + "labels": [ + "Tag1", + "Tag2" + ], + "notes": "Found a suspicious activity", + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "updated": "2021-09-01T13:15:30Z", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + } + } + } + } + }, + "operationId": "Bookmarks_Get", + "title": "Get a bookmark." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarks.json new file mode 100644 index 000000000000..1245a2723ee0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarks.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "created": "2021-09-01T13:15:30Z", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "My bookmark", + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ], + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018", + "severity": "Low", + "title": "New case 1" + }, + "labels": [ + "Tag1", + "Tag2" + ], + "notes": "Found a suspicious activity", + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "updated": "2021-09-01T13:15:30Z", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + } + } + } + ] + } + } + }, + "operationId": "Bookmarks_List", + "title": "Get all bookmarks." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json new file mode 100644 index 000000000000..86aaaa2f7efd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "parameters": { + "endTime": "2020-01-24T17:21:00.000Z", + "expansionId": "27f76e63-c41b-480f-bb18-12ad2e011d49", + "startTime": "2019-12-25T17:21:00.000Z" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "metaData": { + "aggregations": [ + { + "count": 1, + "entityKind": "Account" + } + ] + }, + "value": { + "entities": [ + { + "name": "fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "kind": "Account", + "properties": { + "accountName": "administrator", + "friendlyName": "administrator", + "ntDomain": "domain" + } + } + ] + } + } + } + }, + "operationId": "Bookmark_Expand", + "title": "Expand an bookmark" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json new file mode 100644 index 000000000000..1098ef7804b8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812" + } + }, + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + }, + "201": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + }, + "operationId": "BookmarkRelations_CreateOrUpdate", + "title": "Creates or updates a bookmark relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json new file mode 100644 index 000000000000..a5df79a55a5f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "BookmarkRelations_Delete", + "title": "Delete the bookmark relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json new file mode 100644 index 000000000000..dd54eb3403f5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + }, + "operationId": "BookmarkRelations_List", + "title": "Get all bookmark relations." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json new file mode 100644 index 000000000000..f62ee44a9e95 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + }, + "operationId": "BookmarkRelations_Get", + "title": "Get a bookmark relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackageById.json new file mode 100644 index 000000000000..27e5dcd98604 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackageById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "packageId": "str.azure-sentinel-solution-str", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "displayName": "str", + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ContentPackages_Get", + "title": "Get installed packages by id." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackages.json new file mode 100644 index 000000000000..93c2dcf43017 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackages.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "packageId": "str.azure-sentinel-solution-str", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentSchemaVersion": "3.0.0", + "displayName": "str", + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + ] + } + } + }, + "operationId": "ContentPackages_List", + "title": "Get all available packages." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackageById.json new file mode 100644 index 000000000000..22893b851531 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackageById.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "packageId": "str.azure-sentinel-solution-str", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentproductpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductPackages/str.azure-sentinel-solution-str", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "str", + "firstPublishDate": "2022-04-01", + "installedVersion": "2.0.0", + "packageContent": "JSON string of the package", + "providers": [ + "Microsoft" + ], + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ProductPackage_Get", + "title": "Get a package." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackages.json new file mode 100644 index 000000000000..aca44ad14b43 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackages.json @@ -0,0 +1,80 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentproductpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductPackages/str.azure-sentinel-solution-str", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "str", + "firstPublishDate": "2022-04-01", + "installedVersion": "2.0.0", + "providers": [ + "Microsoft" + ], + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + ] + } + } + }, + "operationId": "ProductPackages_List", + "title": "Get all available packages." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/InstallPackage.json new file mode 100644 index 000000000000..efb0fb10a224 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/InstallPackage.json @@ -0,0 +1,153 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "packageId": "str.azure-sentinel-solution-str", + "packageInstallationProperties": { + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "displayName": "str", + "version": "2.0.0" + }, + "tags": { + "tag1": "str" + } + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "str", + "firstPublishDate": "2022-04-01", + "installedVersion": "2.0.0", + "providers": [ + "Microsoft" + ], + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + }, + "201": { + "body": { + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "str", + "firstPublishDate": "2022-04-01", + "installedVersion": "2.0.0", + "providers": [ + "Microsoft" + ], + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "2.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ContentPackage_Install", + "title": "Install a package to the workspace." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/UninstallPackage.json new file mode 100644 index 000000000000..eabb93b3efdf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/UninstallPackage.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "packageId": "str.azure-sentinel-solution-str", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ContentPackage_Uninstall", + "title": "Uninstall a package from the workspace." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/DeleteTemplate.json new file mode 100644 index 000000000000..f7db695affcd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/DeleteTemplate.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ContentTemplate_Delete", + "title": "Delete metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplateById.json new file mode 100644 index 000000000000..3100fa1caa9f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplateById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contentproducttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "properties": { + "contentId": "contentId", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "displayName": "My installed template", + "mainTemplate": {}, + "packageId": "packageId", + "packageKind": "Standalone", + "packageName": "package name", + "packageVersion": "1.0.0", + "source": { + "name": "Source name", + "kind": "Standalone" + }, + "version": "1.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ProductTemplate_Get", + "title": "Get a template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplates.json new file mode 100644 index 000000000000..1d5ea99396f8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplates.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contentproducttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentProductTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "properties": { + "contentId": "contentId", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "displayName": "My installed template", + "packageId": "packageId", + "packageKind": "Standalone", + "packageName": "package name", + "packageVersion": "1.0.0", + "source": { + "name": "Source name", + "kind": "Standalone" + }, + "version": "1.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + ] + } + } + }, + "operationId": "ProductTemplates_List", + "title": "Get all installed templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplateById.json new file mode 100644 index 000000000000..f08c78ea65e4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplateById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "properties": { + "contentId": "contentId", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "displayName": "My installed template", + "mainTemplate": {}, + "packageId": "packageId", + "packageVersion": "1.0.0", + "source": { + "name": "Source name", + "kind": "Standalone" + }, + "version": "1.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ContentTemplate_Get", + "title": "Get a template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplates.json new file mode 100644 index 000000000000..e6cda61f8ab2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplates.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "properties": { + "contentId": "contentId", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "displayName": "My installed template", + "packageId": "packageId", + "packageVersion": "1.0.0", + "source": { + "name": "Source name", + "kind": "Standalone" + }, + "version": "1.0.0" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + ] + } + } + }, + "operationId": "ContentTemplates_List", + "title": "Get all installed templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/InstallTemplate.json new file mode 100644 index 000000000000..570e582f4123 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/InstallTemplate.json @@ -0,0 +1,230 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "templateId": "str.azure-sentinel-solution-str", + "templateInstallationProperties": { + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentKind": "AnalyticsRule", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "displayName": "API Protection workbook template", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.1", + "resources": [ + { + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user", + "displayName": "Critical or High Severity Detections by User", + "enabled": false, + "query": "...", + "queryFrequency": "PT1H", + "queryPeriod": "PT1H", + "severity": "High", + "status": "Available", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0 + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "properties": { + "description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1", + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "contentId": "4465ebde-b381-45f7-ad08-7d818070a11c", + "kind": "AnalyticsRule", + "parentId": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]", + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "1.0.0" + } + } + ] + }, + "packageId": "str.azure-sentinel-solution-str", + "packageKind": "Solution", + "packageName": "str", + "packageVersion": "1.0.0", + "source": { + "name": "str", + "kind": "Solution", + "sourceId": "str.azure-sentinel-solution-str" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "1.0.1" + }, + "tags": { + "tag1": "str" + } + }, + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentKind": "AnalyticsRule", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "API Protection workbook template", + "firstPublishDate": "2022-04-01", + "packageId": "str.azure-sentinel-solution-str", + "packageKind": "Solution", + "packageVersion": "1.0.0", + "providers": [ + "Microsoft" + ], + "source": { + "name": "CiscoUmbrella", + "kind": "Solution", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "1.0.1" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + }, + "201": { + "body": { + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "properties": { + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentKind": "AnalyticsRule", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "displayName": "API Protection workbook template", + "firstPublishDate": "2022-04-01", + "packageId": "str.azure-sentinel-solution-str", + "packageKind": "Solution", + "packageVersion": "1.0.0", + "providers": [ + "Microsoft" + ], + "source": { + "name": "CiscoUmbrella", + "kind": "Solution", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Microsoft" + }, + "version": "1.0.1" + }, + "systemData": { + "createdAt": "2020-04-27T21:53:29.0928001Z", + "createdBy": "string", + "createdByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "ContentTemplate_Install", + "title": "Get a template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json new file mode 100644 index 000000000000..276d43278fcf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -0,0 +1,260 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "connectorDefinitionInput": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": false, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "action": false, + "delete": false, + "read": false, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "title": "GitHub Enterprise Audit Log" + } + } + }, + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": false, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "action": false, + "delete": false, + "read": false, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "title": "GitHub Enterprise Audit Log" + } + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": false, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "action": false, + "delete": false, + "read": false, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "title": "GitHub Enterprise Audit Log" + } + } + } + } + }, + "operationId": "DataConnectorDefinitions_CreateOrUpdate", + "title": "Create data connector definition" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json new file mode 100644 index 000000000000..3f018795ab7f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectorDefinitions_Delete", + "title": "Delete data connector definition" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json new file mode 100644 index 000000000000..de82ef598b4d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorDefinitionName": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "kind": "Customizable", + "properties": { + "connectionsConfig": { + "templateSpecName": "templateNameMock", + "templateSpecVersion": "1.0.0" + }, + "connectorUiConfig": { + "availability": { + "isPreview": false, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "action": false, + "delete": false, + "read": false, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "title": "GitHub Enterprise Audit Log" + } + } + } + } + }, + "operationId": "DataConnectorDefinitions_Get", + "title": "Get customize data connector definition" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json new file mode 100644 index 000000000000..0695b0478edc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -0,0 +1,96 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": false, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "GitHubAuditLogPolling_CL", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "action": false, + "delete": false, + "read": false, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "title": "GitHub Enterprise Audit Log" + } + } + } + ] + } + } + }, + "operationId": "DataConnectorDefinitions_List", + "title": "Get all data connector definitions." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json new file mode 100644 index 000000000000..a17ed7b55380 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for AADIP (Azure Active Directory Identity Protection)." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json new file mode 100644 index 000000000000..33b0fdcebfc1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for AADIP (Azure Active Directory Identity Protection) - no authorization." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json new file mode 100644 index 000000000000..a65a42e1a9a8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for AADIP (Azure Active Directory Identity Protection) - no license." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json new file mode 100644 index 000000000000..c3eba3a6f79b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "AzureSecurityCenter", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for ASC." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json new file mode 100644 index 000000000000..25fdc437183e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "Dynamics365", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for Dynamics365." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json new file mode 100644 index 000000000000..96d65519068f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "IOT", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for IoT." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json new file mode 100644 index 000000000000..7f29906a1ce4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for Mdatp." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json new file mode 100644 index 000000000000..81d953de9389 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for Mcas." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json new file mode 100644 index 000000000000..a652570cce55 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for MicrosoftPurviewInformationProtection." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json new file mode 100644 index 000000000000..18e55f0d1888 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for MicrosoftThreatIntelligence." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json new file mode 100644 index 000000000000..8a1edf169f78 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for MicrosoftThreatProtection." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json new file mode 100644 index 000000000000..a82a9104c54b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "Office365Project", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for Office365Project." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json new file mode 100644 index 000000000000..f3700725beae --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "OfficeATP", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for OfficeATP." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json new file mode 100644 index 000000000000..b3528f491472 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "OfficeIRM", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for OfficeIRM." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json new file mode 100644 index 000000000000..56a1de0cd2d4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "OfficePowerBI", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for OfficePowerBI." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsPurviewAudit.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsPurviewAudit.json new file mode 100644 index 000000000000..c48c1c30ee20 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsPurviewAudit.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "PurviewAudit", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for PurviewAudit." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json new file mode 100644 index 000000000000..5a7e0877f770 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for TI." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json new file mode 100644 index 000000000000..ff35b1c6e3e4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + }, + "operationId": "DataConnectorsCheckRequirements_Post", + "title": "Check requirements for TI Taxii." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json new file mode 100644 index 000000000000..706796c34271 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "connectBody": { + "apiKey": "123456789", + "kind": "APIKey", + "requestConfigUserInputValues": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint" + } + ] + }, + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {} + }, + "operationId": "DataConnectors_Connect", + "title": "Connect an APIPolling data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json new file mode 100644 index 000000000000..3d0746c25c48 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "connectBody": { + "apiKey": "123456789", + "dataCollectionEndpoint": "https://test.eastus.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-34adsj9o7d6f9de204478b9cgb43b631", + "kind": "APIKey", + "outputStream": "Custom-MyTableRawData", + "requestConfigUserInputValues": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint" + } + ] + }, + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {} + }, + "operationId": "DataConnectors_Connect", + "title": "Connect an APIPolling V2 logs data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateAPIPolling.json new file mode 100644 index 000000000000..18ffab7d617b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateAPIPolling.json @@ -0,0 +1,370 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "APIKey", + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint" + } + ] + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "title": "GitHub Enterprise Audit Log" + }, + "pollingConfig": { + "auth": { + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization", + "authType": "APIKey" + }, + "paging": { + "pageSizeParaName": "per_page", + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "Get", + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + }, + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "queryWindowInMin": 15, + "rateLimitQps": 50, + "retryCount": 2, + "timeoutInSeconds": 60 + } + } + } + }, + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "APIKey", + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint" + } + ] + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "title": "GitHub Enterprise Audit Log" + }, + "pollingConfig": { + "auth": { + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization", + "authType": "APIKey" + }, + "paging": { + "pageSizeParaName": "per_page", + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "Get", + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + }, + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "queryWindowInMin": 15, + "rateLimitQps": 50, + "retryCount": 2, + "timeoutInSeconds": 60 + } + } + } + } + }, + "201": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "APIKey", + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint" + } + ] + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "title": "GitHub Enterprise Audit Log" + }, + "pollingConfig": { + "auth": { + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization", + "authType": "APIKey" + }, + "paging": { + "pageSizeParaName": "per_page", + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "Get", + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + }, + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "queryWindowInMin": 15, + "rateLimitQps": 50, + "retryCount": 2, + "timeoutInSeconds": 60 + } + } + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a APIPolling data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json new file mode 100644 index 000000000000..ba1162e6ff90 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Dynamics365", + "properties": { + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Dynamics365", + "properties": { + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Dynamics365", + "properties": { + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a Dynamics365 data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGenericUI.json new file mode 100644 index 000000000000..b88373152062 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGenericUI.json @@ -0,0 +1,439 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "{{graphQueriesTableName}}", + "metricName": "Total data received" + } + ], + "graphQueriesTableName": "QualysHostDetection_CL", + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", + "title": "" + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", + "title": "" + }, + { + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", + "title": "" + }, + { + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + } + }, + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + } + } + ], + "title": "" + }, + { + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", + "title": "" + }, + { + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", + "title": "" + }, + { + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.", + "title": "" + }, + { + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)", + "title": "" + } + ], + "permissions": { + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + }, + { + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "providerDisplayName": "Keys", + "requiredPermissions": { + "action": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "Qualys", + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "title": "Qualys Vulnerability Management (CCP DEMO)" + } + } + }, + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "{{graphQueriesTableName}}", + "metricName": "Total data received" + } + ], + "graphQueriesTableName": "QualysHostDetection_CL", + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", + "title": "" + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", + "title": "" + }, + { + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", + "title": "" + }, + { + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + } + }, + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + } + } + ], + "title": "" + }, + { + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", + "title": "" + }, + { + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", + "title": "" + }, + { + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.", + "title": "" + }, + { + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)", + "title": "" + } + ], + "permissions": { + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + }, + { + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "providerDisplayName": "Keys", + "requiredPermissions": { + "action": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "Qualys", + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "title": "Qualys Vulnerability Management (CCP DEMO)" + } + } + } + }, + "201": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "{{graphQueriesTableName}}", + "metricName": "Total data received" + } + ], + "graphQueriesTableName": "QualysHostDetection_CL", + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", + "title": "" + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", + "title": "" + }, + { + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", + "title": "" + }, + { + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + } + }, + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + } + } + ], + "title": "" + }, + { + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", + "title": "" + }, + { + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", + "title": "" + }, + { + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.", + "title": "" + }, + { + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)", + "title": "" + } + ], + "permissions": { + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + }, + { + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "providerDisplayName": "Keys", + "requiredPermissions": { + "action": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "Qualys", + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "title": "Qualys Vulnerability Management (CCP DEMO)" + } + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a GenericUI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json new file mode 100644 index 000000000000..013828b0db9e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "GCP", + "properties": { + "auth": { + "type": "GCP", + "projectNumber": "123456789012", + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "workloadIdentityProviderId": "sentinel-identity-provider" + }, + "connectorDefinitionName": "GcpConnector", + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + }, + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "GCP", + "properties": { + "auth": { + "type": "GCP", + "projectNumber": "123456789012", + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "workloadIdentityProviderId": "sentinel-identity-provider" + }, + "connectorDefinitionName": "GcpConnector", + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + } + }, + "201": { + "body": { + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "GCP", + "properties": { + "auth": { + "type": "GCP", + "projectNumber": "123456789012", + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "workloadIdentityProviderId": "sentinel-identity-provider" + }, + "connectorDefinitionName": "GcpConnector", + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a GCP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json new file mode 100644 index 000000000000..36b05de8f57e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an MicrosoftPurviewInformationProtection data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..bfe4029ef57c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "dataTypes": { + "microsoftEmergingThreatFeed": { + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + }, + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "dataTypes": { + "microsoftEmergingThreatFeed": { + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + } + }, + "201": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "dataTypes": { + "microsoftEmergingThreatFeed": { + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a Microsoft Threat Intelligence data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json new file mode 100644 index 000000000000..e0d8c784b0db --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json @@ -0,0 +1,83 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "MicrosoftThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "incidents": { + "state": "Disabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + }, + "tenantId": "178265c4-3136-4ff6-8ed1-b5b62b4cb5f5" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "595c870a-5b74-4a23-984c-9ddba29cefe3", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3", + "kind": "MicrosoftThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "incidents": { + "state": "Disabled55" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "595c870a-5b74-4a23-984c-9ddba29cefe3", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3", + "kind": "MicrosoftThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "incidents": { + "state": "Disabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a MicrosoftThreatProtection data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json new file mode 100644 index 000000000000..c52fa5e303a9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Office365Project", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365Project", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365Project", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Office365 Project data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json new file mode 100644 index 000000000000..5bbc97a44fdb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Office365", + "properties": { + "dataTypes": { + "exchange": { + "state": "Enabled" + }, + "sharePoint": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365", + "properties": { + "dataTypes": { + "exchange": { + "state": "Enabled" + }, + "sharePoint": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365", + "properties": { + "dataTypes": { + "exchange": { + "state": "Enabled" + }, + "sharePoint": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Office365 data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json new file mode 100644 index 000000000000..9a6eb564bab0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "OfficePowerBI", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "OfficePowerBI", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "OfficePowerBI", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Office PowerBI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..042a6d8d0eb8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + }, + "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "resourceGroupName": "myRg", + "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "56003401-0000-0100-0000-67314b0b0000", + "id": "/subscriptions/b66e5c69-e2eb-422a-81c3-002de57059f3/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "lookbackPeriod": "2024-11-01T00:00:00Z", + "requiredSKUsPresent": true, + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + } + }, + "201": { + "body": { + "name": "3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "56003401-0000-0100-0000-67314b0b0000", + "id": "/subscriptions/b66e5c69-e2eb-422a-81c3-002de57059f3/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3deede2e-c6d1-4ee6-afc8-e0190ac34200", + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "lookbackPeriod": "2024-11-01T00:00:00Z", + "requiredSKUsPresent": true, + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a PremiumMicrosoftDefenderForThreatIntelligence data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePurviewAuditDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePurviewAuditDataConnector.json new file mode 100644 index 000000000000..cdeeed502215 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePurviewAuditDataConnector.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "PurviewAudit", + "properties": { + "connectorDefinitionName": "PowerAutomate", + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "OFFICEPOWERAUTOMATE_RESTAPI" + }, + "sourceType": "MicrosoftFlow", + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "PurviewAudit", + "properties": { + "connectorDefinitionName": "PowerAutomate", + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "dcrConfig": null, + "sourceType": "MicrosoftFlow", + "tenantId": "MicrosoftFlow" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "PurviewAudit", + "properties": { + "connectorDefinitionName": "PowerAutomate", + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "dcrConfig": null, + "sourceType": "MicrosoftFlow", + "tenantId": "MicrosoftFlow" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a PurviewAudit data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..fd604155a11b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "dataTypes": { + "indicators": { + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "ThreatIntelligence", + "properties": { + "dataTypes": { + "indicators": { + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "ThreatIntelligence", + "properties": { + "dataTypes": { + "indicators": { + "state": "Enabled" + } + }, + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Threat Intelligence Platform data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json new file mode 100644 index 000000000000..ffbf6247cef8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -0,0 +1,83 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnector": { + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "collectionId": "135", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + }, + "friendlyName": "testTaxii", + "password": "--", + "pollingFrequency": "OnceADay", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "userName": "--", + "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4" + } + }, + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "collectionId": "135", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + }, + "friendlyName": "testTaxii", + "password": null, + "pollingFrequency": "OnceADay", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "userName": null, + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "collectionId": "135", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + }, + "friendlyName": "testTaxii", + "password": null, + "pollingFrequency": "OnceADay", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "userName": null, + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871" + } + } + } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a Threat Intelligence Taxii data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json new file mode 100644 index 000000000000..133a3dfa341d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete a APIPolling data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGenericUI.json new file mode 100644 index 000000000000..953a92a9e054 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGenericUI.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete a GenericUI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json new file mode 100644 index 000000000000..dc5648def492 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete a GCP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json new file mode 100644 index 000000000000..87a923780d9a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an MicrosoftPurviewInformationProtection data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..993e741d87f1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an MicrosoftThreatIntelligence data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json new file mode 100644 index 000000000000..072360884a5b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an Office365 Project data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json new file mode 100644 index 000000000000..e6366574dbf6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an Office365 data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json new file mode 100644 index 000000000000..0f697fb5bab7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an Office PowerBI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..ef5fd2b3fcd0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "resourceGroupName": "myRg", + "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Deletes a PremiumMicrosoftDefenderForThreatIntelligence data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePurviewAuditDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePurviewAuditDataConnector.json new file mode 100644 index 000000000000..a75742fcd00a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePurviewAuditDataConnector.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "DataConnectors_Delete", + "title": "Delete a PurviewAudit data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json new file mode 100644 index 000000000000..566a535f329a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "disconnectBody": {}, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {} + }, + "operationId": "DataConnectors_Disconnect", + "title": "Disconnect an APIPolling data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAPIPolling.json new file mode 100644 index 000000000000..5454f3b02034 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAPIPolling.json @@ -0,0 +1,135 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "customImage": "The image connector content", + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "APIKey", + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint" + } + ] + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "title": "GitHub Enterprise Audit Log" + }, + "pollingConfig": { + "auth": { + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization", + "authType": "APIKey" + }, + "paging": { + "pageSizeParaName": "per_page", + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "Get", + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + }, + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "queryWindowInMin": 15, + "rateLimitQps": 50, + "retryCount": 2, + "timeoutInSeconds": 60 + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a APIPolling data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json new file mode 100644 index 000000000000..f09d00672ba1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AwsCloudTrail data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json new file mode 100644 index 000000000000..4c66c3e77416 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "AmazonWebServicesS3", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "destinationTable": "AWSVPCFlow", + "roleArn": "arn:aws:iam::072643944673:role/RoleName", + "sqsUrls": [ + "https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName" + ] + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Aws S3 data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json new file mode 100644 index 000000000000..e1bb71fe8ef9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "kind": "AzureActiveDirectory", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AADIP (Azure Active Directory Identity Protection) data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..e78ee70d0c7c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "kind": "AzureAdvancedThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AATP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json new file mode 100644 index 000000000000..a703927809af --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "kind": "AzureSecurityCenter", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a ASC data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDataConnectors.json new file mode 100644 index 000000000000..4764fd4e2720 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -0,0 +1,528 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "kind": "AzureSecurityCenter", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0" + } + }, + { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "ThreatIntelligence", + "properties": { + "dataTypes": { + "indicators": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + }, + "friendlyName": "My TI Taxii Connector", + "password": "", + "pollingFrequency": "OnceAMinute", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "userName": "", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2" + } + }, + { + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "kind": "AzureActiveDirectory", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365", + "properties": { + "dataTypes": { + "exchange": { + "state": "Enabled" + }, + "sharePoint": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "kind": "AzureAdvancedThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "name": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "AmazonWebServicesS3", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "destinationTable": "AWSVPCFlow", + "roleArn": "arn:aws:iam::072643944673:role/RoleName", + "sqsUrls": [ + "https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName" + ] + } + }, + { + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "OfficeATP", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "Office365Project", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "OfficePowerBI", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "Dynamics365", + "properties": { + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + }, + { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "PurviewAudit", + "properties": { + "connectorDefinitionName": "PowerAutomate", + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "dcrConfig": null, + "sourceType": "MicrosoftFlow", + "tenantId": "MicrosoftFlow" + } + }, + { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "customImage": "The image connector content", + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "{{graphQueriesTableName}}", + "metricName": "Total data received" + } + ], + "graphQueriesTableName": "QualysHostDetection_CL", + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", + "title": "" + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", + "title": "" + }, + { + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", + "title": "" + }, + { + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + } + }, + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + } + } + ], + "title": "" + }, + { + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", + "title": "" + }, + { + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", + "title": "" + }, + { + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.", + "title": "" + }, + { + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)", + "title": "" + } + ], + "permissions": { + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + }, + { + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "providerDisplayName": "Keys", + "requiredPermissions": { + "action": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "Qualys", + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "title": "Qualys Vulnerability Management (CCP DEMO)" + } + } + }, + { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "GitHub audit log events", + "metricName": "Total events received" + } + ], + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "instructionSteps": [ + { + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "APIKey", + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "", + "requestObjectKey": "apiEndpoint" + } + ] + } + } + ], + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel" + } + ], + "permissions": { + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "GitHub", + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "title": "GitHub Enterprise Audit Log" + }, + "pollingConfig": { + "auth": { + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization", + "authType": "APIKey" + }, + "paging": { + "pageSizeParaName": "per_page", + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "Get", + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + }, + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "queryWindowInMin": 15, + "rateLimitQps": 50, + "retryCount": 2, + "timeoutInSeconds": 60 + } + } + } + } + ] + } + } + }, + "operationId": "DataConnectors_List", + "title": "Get all data connectors." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json new file mode 100644 index 000000000000..5fa1f3f4e081 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "Dynamics365", + "properties": { + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a Dynamics365 data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGenericUI.json new file mode 100644 index 000000000000..56f2bd9f6b66 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGenericUI.json @@ -0,0 +1,158 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "availability": { + "isPreview": true, + "status": 1 + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "customImage": "The image connector content", + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueries": [ + { + "baseQuery": "{{graphQueriesTableName}}", + "legend": "{{graphQueriesTableName}}", + "metricName": "Total data received" + } + ], + "graphQueriesTableName": "QualysHostDetection_CL", + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.", + "title": "" + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.", + "title": "" + }, + { + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes.", + "title": "" + }, + { + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + } + }, + { + "type": "CopyableLabel", + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + } + } + ], + "title": "" + }, + { + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions.", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**.", + "title": "" + }, + { + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**.", + "title": "" + }, + { + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**.", + "title": "" + }, + { + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)", + "title": "" + } + ], + "permissions": { + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ], + "resourceProvider": [ + { + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "provider": "Microsoft.OperationalInsights/workspaces", + "providerDisplayName": "Workspace", + "requiredPermissions": { + "delete": true, + "read": true, + "write": true + }, + "scope": "Workspace" + }, + { + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "providerDisplayName": "Keys", + "requiredPermissions": { + "action": true + }, + "scope": "Workspace" + } + ] + }, + "publisher": "Qualys", + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "title": "Qualys Vulnerability Management (CCP DEMO)" + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a GenericUI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json new file mode 100644 index 000000000000..c13e6713d5f7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "GCP", + "properties": { + "auth": { + "type": "GCP", + "projectNumber": "123456789012", + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "workloadIdentityProviderId": "sentinel-identity-provider" + }, + "connectorDefinitionName": "GcpConnector", + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a GCP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetIoTById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetIoTById.json new file mode 100644 index 000000000000..15e0c7ef86b8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetIoTById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "kind": "IOT", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a IoT data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json new file mode 100644 index 000000000000..a7d731f16965 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MCAS data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..f9c359e48ccd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MDATP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json new file mode 100644 index 000000000000..589c84e48df7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "OfficeIRM", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office IRM data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json new file mode 100644 index 000000000000..2c8ddc5321ad --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MicrosoftPurviewInformationProtection data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json new file mode 100644 index 000000000000..de5e448c5321 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "dataTypes": { + "microsoftEmergingThreatFeed": { + "lookbackPeriod": "1970-01-01T00:00:00.000Z", + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MicrosoftThreatIntelligence data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json new file mode 100644 index 000000000000..7f6a4865694d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "MicrosoftThreatProtection", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "incidents": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MicrosoftThreatProtection data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json new file mode 100644 index 000000000000..0af1417f716f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "kind": "OfficeATP", + "properties": { + "dataTypes": { + "alerts": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office ATP data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json new file mode 100644 index 000000000000..215594eeab46 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365Project", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office365 Project data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json new file mode 100644 index 000000000000..01486ac3c6ed --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "Office365", + "properties": { + "dataTypes": { + "exchange": { + "state": "Enabled" + }, + "sharePoint": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office365 data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json new file mode 100644 index 000000000000..1c06fc94e372 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "OfficePowerBI", + "properties": { + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office365 PowerBI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json new file mode 100644 index 000000000000..549b92b7dccb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "resourceGroupName": "myRg", + "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d30049a2-0000-0800-0000-658ca2270000", + "id": "/subscriptions/b66e5c69-e2eb-422a-81c3-002de57059f3/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/8c569548-a86c-4fb4-8ae4-d1e35a6146f8", + "kind": "PremiumMicrosoftDefenderForThreatIntelligence", + "properties": { + "dataTypes": { + "connector": { + "state": "Enabled" + } + }, + "lookbackPeriod": "2023-12-26T22:16:07Z", + "requiredSKUsPresent": false, + "tenantId": "e4afb3c4-813b-4e68-b6de-e5360866e798" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a PremiumMicrosoftDefenderForThreatIntelligence data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPurviewAuditDataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPurviewAuditDataConnectorById.json new file mode 100644 index 000000000000..f8479de0daf7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPurviewAuditDataConnectorById.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "kind": "PurviewAudit", + "properties": { + "connectorDefinitionName": "PowerAutomate", + "dataTypes": { + "logs": { + "state": "Enabled" + } + }, + "dcrConfig": null, + "sourceType": "MicrosoftFlow", + "tenantId": "MicrosoftFlow" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a PurviewAudit data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetRestApiPollerById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetRestApiPollerById.json new file mode 100644 index 000000000000..68853ae70016 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetRestApiPollerById.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "RestApiPoller_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "RestApiPoller_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/RestApiPoller_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "APIKey", + "apiKey": "6bec40cf957de430a6f1f2baa056b99a4fac9ea0", + "apiKeyName": "X-Cisco-Meraki-API-Key" + }, + "connectorDefinitionName": "RestApiPollerDefinition", + "dcrConfig": { + "dataCollectionEndpoint": "data collection Endpoint", + "dataCollectionRuleImmutableId": "data collection rule immutableId", + "streamName": "Meraki" + }, + "paging": { + "pagingType": "LinkHeader" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + }, + "request": { + "apiEndpoint": "https://api.meraki.com/api/v1/organizations/573083052582915028/networks", + "endTimeAttributeName": "t1", + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "httpMethod": "GET", + "queryParameters": { + "perPage": 1000 + }, + "queryTimeFormat": "UnixTimestamp", + "queryWindowInMin": 6, + "rateLimitQPS": 10, + "retryCount": 3, + "startTimeAttributeName": "t0", + "timeoutInSeconds": 60 + } + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a RestApiPoller data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..4afc00f7709b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "kind": "ThreatIntelligence", + "properties": { + "dataTypes": { + "indicators": { + "state": "Enabled" + } + }, + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a TI data connector" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json new file mode 100644 index 000000000000..fc6bce29fc75 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + }, + "friendlyName": "My TI Taxii Connector", + "password": "", + "pollingFrequency": "OnceADay", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "userName": "", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2" + } + } + } + }, + "operationId": "DataConnectors_Get", + "title": "Get a TI Taxii data connector." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json new file mode 100644 index 000000000000..65e9ecde256c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "enrichmentType": "main", + "ipAddressBody": { + "ipAddress": "1.2.3.4" + }, + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "asn": "12345", + "carrier": "Microsoft", + "city": "Redmond", + "cityCf": 90, + "continent": "north america", + "country": "united states", + "countryCf": 99, + "ipAddr": "1.2.3.4", + "ipRoutingType": "fixed", + "latitude": "40.2436", + "longitude": "-100.8891", + "organization": "Microsoft", + "organizationType": "tech", + "region": "western usa", + "state": "washington", + "stateCf": null, + "stateCode": "wa" + } + } + }, + "operationId": "ListGeodataByIp", + "title": "Get geodata for a single IP address" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json new file mode 100644 index 000000000000..8fffd157fcd0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json @@ -0,0 +1,93 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "domainBody": { + "domain": "microsoft.com" + }, + "enrichmentType": "main", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "created": "2021-09-01T16:15:01.187045Z", + "domain": "microsoft.com", + "expires": null, + "parsedWhois": { + "contacts": { + "admin": { + "name": "Administrator", + "city": null, + "country": "United States", + "email": "mail@microsoft.com", + "fax": null, + "org": "Microsoft", + "phone": "1-800-555-1234", + "postal": "98052", + "state": "WA", + "street": [ + "One Microsoft Way" + ] + }, + "billing": { + "name": "Administrator", + "city": null, + "country": "United States", + "email": "mail@microsoft.com", + "fax": null, + "org": "Microsoft", + "phone": "1-800-555-1234", + "postal": "98052", + "state": "WA", + "street": [ + "One Microsoft Way" + ] + }, + "registrant": null, + "tech": { + "name": "Administrator", + "city": null, + "country": "United States", + "email": "mail@microsoft.com", + "fax": null, + "org": "Microsoft", + "phone": "1-800-555-1234", + "postal": "98052", + "state": "WA", + "street": [ + "One Microsoft Way" + ] + } + }, + "nameServers": [ + "ns1-205.azure-dns.com", + "ns2-205.azure-dns.net", + "ns3-205.azure-dns.org", + "ns4-205.azure-dns.info" + ], + "registrar": { + "name": "MarkMonitor, Inc", + "abuseContactEmail": "abuse@microsoft.com", + "abuseContactPhone": "12083895770", + "url": "http://www.markmonitor.com", + "whoisServer": "whois.markmonitor.com" + }, + "statuses": [ + "clientUpdateProhibited", + "clientTransferProhibited", + "clientDeleteProhibited", + "serverUpdateProhibited", + "serverTransferProhibited", + "serverDeleteProhibited" + ] + }, + "server": null, + "updated": "2021-09-01T16:15:01.187045Z" + } + } + }, + "operationId": "ListWhoisByDomain", + "title": "Get whois information for a single domain name" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAccountEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAccountEntityById.json new file mode 100644 index 000000000000..18384d06a41d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAccountEntityById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Account", + "properties": { + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "accountName": "administrator", + "dnsDomain": "contoso.com", + "friendlyName": "administrator", + "isDomainJoined": true, + "ntDomain": "domain", + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "sid": "S-1-5-18", + "upnSuffix": "contoso" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get an account entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAzureResourceEntityById.json new file mode 100644 index 000000000000..5f75c80c157a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAzureResourceEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "AzureResource", + "properties": { + "friendlyName": "vm1", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get an azure resource entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetCloudApplicationEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetCloudApplicationEntityById.json new file mode 100644 index 000000000000..6fbcf4dfc2a5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetCloudApplicationEntityById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "CloudApplication", + "properties": { + "appId": 1, + "appName": "AppName", + "friendlyName": "AppName", + "instanceName": "InstanceName" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a cloud application entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetDnsEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetDnsEntityById.json new file mode 100644 index 000000000000..67caffabe17b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetDnsEntityById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "kind": "DnsResolution", + "properties": { + "domainName": "domain", + "friendlyName": "domain", + "ipAddressEntityIds": [ + "475d3120-33e0-4841-9f1c-a8f15a801d19" + ] + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a dns entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetEntities.json new file mode 100644 index 000000000000..0a2a9715c814 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetEntities.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Account", + "properties": { + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "accountName": "administrator", + "friendlyName": "administrator", + "isDomainJoined": true, + "ntDomain": "domain", + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "sid": "S-1-5-18", + "upnSuffix": "contoso" + } + }, + { + "name": "fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "kind": "Host", + "properties": { + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "dnsDomain": "contoso", + "friendlyName": "vm1", + "hostName": "vm1", + "isDomainJoined": true, + "netBiosName": "contoso", + "ntDomain": "domain", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0" + } + }, + { + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "kind": "File", + "properties": { + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe", + "friendlyName": "cmd.exe" + } + } + ] + } + } + }, + "operationId": "Entities_List", + "title": "Get all entities." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileEntityById.json new file mode 100644 index 000000000000..d8b9d15b57d6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "kind": "File", + "properties": { + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe", + "friendlyName": "cmd.exe" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a file entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileHashEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileHashEntityById.json new file mode 100644 index 000000000000..146bdf4137eb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileHashEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "ea359fa6-c1e5-f878-e105-6344f3e399a1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "ea359fa6-c1e5-f878-e105-6344f3e399a1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/ea359fa6-c1e5-f878-e105-6344f3e399a1", + "kind": "FileHash", + "properties": { + "algorithm": "SHA256", + "friendlyName": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0(SHA256)", + "hashValue": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a file hash entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetHostEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetHostEntityById.json new file mode 100644 index 000000000000..7933acdd0cee --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetHostEntityById.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Host", + "properties": { + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "dnsDomain": "contoso", + "friendlyName": "vm1", + "hostName": "vm1", + "isDomainJoined": true, + "netBiosName": "contoso", + "ntDomain": "domain", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a host entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIoTDeviceEntityById.json new file mode 100644 index 000000000000..dc1bf231340a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "IoTDevice", + "properties": { + "deviceId": "device1", + "deviceName": "device1", + "deviceType": "Industrial", + "firmwareVersion": "20.11", + "friendlyName": "device1", + "importance": "Normal", + "iotHubEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c", + "isAuthorized": true, + "isProgramming": false, + "isScanner": false, + "model": "demo-model", + "nicEntityIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/6ee379bd-ace8-44cf-ab10-ee669a1b71e2" + ], + "operatingSystem": "Windows", + "protocols": [ + "CIP", + "EtherNet/IP" + ], + "purdueLayer": "ProcessControl", + "sensor": "demo-sensor", + "site": "demo-site", + "vendor": "demo-vendor", + "zone": "zone" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get an IoT device entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIpEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIpEntityById.json new file mode 100644 index 000000000000..facf3c88998b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIpEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Ip", + "properties": { + "address": "10.3.2.8", + "friendlyName": "10.3.2.8" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get an ip entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailClusterEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailClusterEntityById.json new file mode 100644 index 000000000000..4061962acf8b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailClusterEntityById.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "MailCluster", + "properties": { + "clusterGroup": "cluster group", + "clusterSourceIdentifier": "cluster source identifier", + "clusterSourceType": "Similarity", + "countByDeliveryStatus": { + "deliveryStatus": 5 + }, + "countByProtectionStatus": { + "protectionStatus": 65 + }, + "countByThreatType": { + "threatType": 6 + }, + "friendlyName": "ClusterSourceIdentifier", + "networkMessageIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "query": "kqlFilter", + "queryTime": "2021-09-01T01:42:01.6026755Z", + "source": "ClusterSourceIdentifier", + "threats": [ + "thrreat1", + "thread2" + ] + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a mailCluster entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailMessageEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailMessageEntityById.json new file mode 100644 index 000000000000..21cfe5b46dec --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailMessageEntityById.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "MailMessage", + "properties": { + "deliveryAction": "Blocked", + "fileEntityIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "friendlyName": "cmd.exe", + "internetMessageId": "message id", + "p1Sender": "email@fake.com", + "p1SenderDisplayName": "p1 sender display name", + "p1SenderDomain": "p1 sender domain", + "p2Sender": "the sender", + "p2SenderDisplayName": "p2 sender display name", + "p2SenderDomain": "p2 Sender Domain", + "recipient": "recipient", + "senderIP": "1.23.34.43", + "subject": "subject", + "threatDetectionMethods": [ + "thrreat1", + "thread2" + ], + "threats": [ + "thrreat1", + "thread2" + ], + "urls": [ + "http://moqbrarcwmnk.banxhdcojlg.biz" + ], + "language": "language" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a mailMessage entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailboxEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailboxEntityById.json new file mode 100644 index 000000000000..b746ebacbab2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailboxEntityById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Mailbox", + "properties": { + "displayName": "display name", + "externalDirectoryObjectId": "18cc8fdc-e169-4451-983a-bd027db286eb", + "friendlyName": "emailAddress1", + "mailboxPrimaryAddress": "emailAddress1", + "upn": "upn1" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a mailbox entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMalwareEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMalwareEntityById.json new file mode 100644 index 000000000000..1379e3c0c026 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMalwareEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "kind": "Malware", + "properties": { + "category": "Trojan", + "friendlyName": "Win32/Toga!rfn", + "malwareName": "Win32/Toga!rfn" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a malware entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetProcessEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetProcessEntityById.json new file mode 100644 index 000000000000..767493a80ad0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetProcessEntityById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "7264685c-038c-42c6-948c-38e14ef1fb98", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "7264685c-038c-42c6-948c-38e14ef1fb98", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/7264685c-038c-42c6-948c-38e14ef1fb98", + "kind": "Process", + "properties": { + "commandLine": "\"cmd\"", + "friendlyName": "cmd.exe", + "imageFileEntityId": "bba7b47b-c1c1-4021-b568-5b07b9292f5e", + "processId": "0x2aa48" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a process entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetQueries.json new file mode 100644 index 000000000000..589b412b6acd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetQueries.json @@ -0,0 +1,458 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Insight", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "6db7f5d1-f41e-46c2-b935-230b36a569e6", + "type": "Microsoft.SecurityInsights/entities/queries", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/6db7f5d1-f41e-46c2-b935-230b36a569e6", + "kind": "Insight", + "properties": { + "description": "Summary of actions taken on the specified account, grouped by action: password resets and changes, account lockouts (policy or admin), account creation and deletion, account enabled and disabled\n", + "additionalQuery": { + "query": "project TimeGenerated, UserPrincipalName, Account_Name, OperationName, Activity, DisableUser, TargetSid, AADUserId, InitiatedBy, AADTenantId, AccountType, Computer, SubjectAccount, SubjectUserSid, EventData", + "text": "See all account activity" + }, + "baseQuery": "let GetAccountActions = (v_Account_Name:string, v_Account_NTDomain:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string, v_Account_SID:string){\nAuditLogs\n| where OperationName in~ ('Delete user', 'Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', 'Update user')\n| extend UserPrincipalName = tostring(TargetResources[0].userPrincipalName)\n| extend Account_Name = tostring(split(UserPrincipalName, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserPrincipalName, '@')[1])\n| extend Action = tostring(parse_json(tostring(parse_json(tostring(TargetResources[0].modifiedProperties))[0])))\n| extend ModifiedProperty = parse_json(Action).displayName\n| extend ModifiedValue = parse_json(Action).newValue\n| extend Account_AADUserId = tostring(TargetResources[0].id)\n| extend DisableUser = iif(ModifiedProperty =~ 'AccountEnabled' and ModifiedValue =~ '[false]', 'True', 'False')\n| union isfuzzy=true (\nSecurityEvent\n| where EventID in (4720, 4722, 4723, 4724, 4725, 4726, 4740)\n| extend OperationName = tostring(EventID)\n| where AccountType =~ \"user\" or isempty(AccountType)\n| extend Account_Name = TargetUserName, Account_NTDomain = TargetDomainName, Account_SID = TargetSid\n)\n| where (Account_Name =~ v_Account_Name and (Account_UPNSuffix =~ v_Account_UPNSuffix or Account_NTDomain =~ v_Account_NTDomain)) or Account_AADUserId =~ v_Account_AADUserId or Account_SID =~ v_Account_SID\n};\nGetAccountActions('CTFFUser4', '', 'seccxp.ninja', '', '')\n", + "chartQuery": { + "type": "BarChart", + "dataSets": [ + { + "legendColumnName": "OperationName", + "query": "summarize Count = count() by bin(TimeGenerated, 1h), OperationName", + "xColumnName": "TimeGenerated", + "yColumnName": "Count" + } + ], + "title": "Actions by type" + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "defaultTimeRange": { + "afterRange": "12h", + "beforeRange": "12h" + }, + "displayName": "Actions on account", + "entitiesFilter": {}, + "inputEntityType": "Account", + "referenceTimeRange": null, + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_NTDomain" + ], + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ], + [ + "Account_SID" + ] + ], + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Action", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Most Recent", + "outputType": "Date", + "supportDeepLink": false + }, + { + "header": "Count", + "outputType": "Number", + "supportDeepLink": true + } + ], + "queriesDefinitions": [ + { + "filter": "where OperationName in~ ('Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', '4724', '4723')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('Blocked from self-service password reset', '4740')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName == '4725' or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('Add user', '4720')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('Delete user', '4726')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('4725', 'Blocked from self-service password reset', '4740') or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('4722', '4767') or (OperationName =~ 'Update user' and DisableUser =~ 'False')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + }, + { + "filter": "where OperationName in~ ('Update user','4738')", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "Count" + } + ], + "project": "project Title = OperationName, MostRecent, Count", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName" + } + ] + } + } + }, + { + "name": "0a5d7b14-b485-450a-a0ac-4100c860ac32", + "type": "Microsoft.SecurityInsights/entities/queries", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/0a5d7b14-b485-450a-a0ac-4100c860ac32", + "kind": "Insight", + "properties": { + "description": "Highlight office operations of the user with anomalously high count compared to those observed in the preceding 14 days.", + "additionalQuery": { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh | order by maxAnomalyScorePost desc \n| project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n", + "text": "Query all anomalous operations" + }, + "baseQuery": "let AScoreThresh = 3; \nlet maxAnomalies = 3;\nlet BeforeRange = 12d; \nlet EndTime = todatetime('{{EndTimeUTC}}'); \nlet StartTime = todatetime('{{StartTimeUTC}}');\nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string) { \n OfficeActivity \n | extend splitUserId=split(UserId, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix }; \nuserData('CTFFUser4', 'seccxp.ninja')\n", + "chartQuery": { + "type": "LineChart", + "dataSets": [ + { + "legendColumnName": "Operation", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project Operation, TimeGenerated, count_\n| mvexpand TimeGenerated, count_ | project todatetime(TimeGenerated), toint(count_), Operation\n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_" + } + ], + "title": "Anomalous operation timeline" + }, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "defaultTimeRange": { + "afterRange": "0d", + "beforeRange": "1d" + }, + "displayName": "Anomalously high office operation count", + "entitiesFilter": {}, + "inputEntityType": "Account", + "referenceTimeRange": { + "beforeRange": "12d" + }, + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ] + ], + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Operation", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where Operation == ''\n", + "projectedName": "Operation" + } + ], + "project": "project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "summarize": "take 1" + } + ] + } + } + }, + { + "name": "e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "type": "Microsoft.SecurityInsights/entities/queries", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "kind": "Insight", + "properties": { + "description": "Provides the count and distinct resource accesses by a given user account\n", + "additionalQuery": { + "query": "where Operation in~ (Operations)", + "text": "See all resource activity" + }, + "baseQuery": "let Operations = dynamic([\"FileDownloaded\", \"FileUploaded\"]);\nlet UserOperationToSharePoint = (v_Account_Name:string, v_Account_UPNSuffix:string) {\nOfficeActivity\n// Select sharepoint activity that is relevant\n| where RecordType in~ ('SharePointFileOperation')\n| where Operation in~ (Operations)\n| extend Account_Name = tostring(split(UserId, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserId, '@')[1])\n| where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix\n| project TimeGenerated, Account_Name, Account_UPNSuffix, UserId, OfficeId, RecordType, Operation, OrganizationId, UserType, UserKey, OfficeWorkload, OfficeObjectId, ClientIP, ItemType, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension , Start_Time , ElevationTime , TenantId, SourceSystem , Type\n};\nUserOperationToSharePoint ('CTFFUser4','seccxp.ninja')\n", + "chartQuery": { + "type": "LineChart", + "dataSets": [ + { + "legendColumnName": "Legend", + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileUploaded'), TotalResources = countif(Operation =~ 'FileUploaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Uploads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources" + }, + { + "legendColumnName": "Legend", + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileDownloaded'), TotalResources = countif(Operation =~ 'FileDownloaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Downloads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources" + } + ], + "title": "Resource access over time" + }, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "defaultTimeRange": { + "afterRange": "12h", + "beforeRange": "12h" + }, + "displayName": "Resource access", + "entitiesFilter": {}, + "inputEntityType": "Account", + "referenceTimeRange": null, + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Resource Type", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Distinct Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "Total Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "IPAddress(es)", + "outputType": "String", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "where Operation =~ 'FileUploaded'", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "DistinctResources" + }, + { + "Query": "{{BaseQuery}} | ", + "projectedName": "TotalResources" + } + ], + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation" + }, + { + "filter": "where Operation =~ 'FileDownloaded'", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} | ", + "projectedName": "DistinctResources" + }, + { + "Query": "{{BaseQuery}} | ", + "projectedName": "TotalResources" + } + ], + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation" + } + ] + } + } + }, + { + "name": "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "type": "Microsoft.SecurityInsights/entities/queries", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "kind": "Insight", + "properties": { + "description": "Highlight Azure sign-in results by the user principal with anomalously high count compared to those observed in the preceding 14 days.", + "additionalQuery": { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n", + "text": "Query all anomalous sign-in results" + }, + "baseQuery": "let AScoreThresh=3; \nlet maxAnomalies=3; \nlet BeforeRange = 12d; \nlet EndTime=todatetime('{{EndTimeUTC}}');\nlet StartTime = todatetime('{{StartTimeUTC}}'); \nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string) { \n SigninLogs \n | where TimeGenerated between ((StartTime-BeforeRange) .. EndTime)\n | extend splitUserId=split(UserPrincipalName, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where (Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix) or UserId =~ v_Account_AADUserId };\nuserData('CTFFUser4', 'seccxp.ninja', '')\n", + "chartQuery": { + "type": "LineChart", + "dataSets": [ + { + "legendColumnName": "ResultDescription", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project ResultDescription, TimeGenerated, count_ \n| mvexpand TimeGenerated, count_ \n| project todatetime(TimeGenerated), toint(count_), ResultDescription \n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_" + } + ], + "title": "Anomalous sign-in result timeline" + }, + "dataTypes": [ + { + "dataType": "SigninLogs" + } + ], + "defaultTimeRange": { + "afterRange": "0d", + "beforeRange": "1d" + }, + "displayName": "Anomalously high Azure sign-in result count", + "entitiesFilter": {}, + "inputEntityType": "Account", + "referenceTimeRange": { + "beforeRange": "12d" + }, + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Result Description", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "linkColumnsDefinitions": [ + { + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where ResultDescription == ''\n", + "projectedName": "ResultDescription" + } + ], + "project": "project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "summarize": "take 1" + } + ] + } + } + } + ] + } + } + }, + "operationId": "Entities_Queries", + "title": "Get Entity Query" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryKeyEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryKeyEntityById.json new file mode 100644 index 000000000000..97b0af202cc2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryKeyEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "RegistryKey", + "properties": { + "friendlyName": "SOFTWARE", + "hive": "HKEY_LOCAL_MACHINE", + "key": "SOFTWARE" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a registry key entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryValueEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryValueEntityById.json new file mode 100644 index 000000000000..1ea4061210fb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryValueEntityById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "dc44bd11-b348-4d76-ad29-37bf7aa41356", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "dc44bd11-b348-4d76-ad29-37bf7aa41356", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/dc44bd11-b348-4d76-ad29-37bf7aa41356", + "kind": "RegistryValue", + "properties": { + "friendlyName": "Data", + "keyEntityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "valueData": "Data", + "valueName": "Name", + "valueType": "String" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a registry value entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityAlertEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityAlertEntityById.json new file mode 100644 index 000000000000..ec2ef6b36d2f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityAlertEntityById.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "kind": "SecurityAlert", + "properties": { + "description": "", + "additionalData": { + "Query": "Heartbeat \n| extend AccountCustomEntity = \"administrator\"", + "Query Period": "05:00:00", + "Search Query Results Overall Count": "203", + "Total Account Entities": "1", + "Trigger Operator": "GreaterThan", + "Trigger Threshold": "200" + }, + "alertDisplayName": "Suspicious account detected", + "alertLink": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518119885989999999_4aa486e0-6f85-41af-99ea-7acdce7be6c8/subscriptionId/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/myRg/myWorkspace/referencedFrom/alertDeepLink/location/centralus", + "alertType": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b_46c7b6c0-ff43-44dd-8b4d-ceffff7aa7df", + "confidenceLevel": "Unknown", + "endTimeUtc": "2021-09-01T13:21:45.926185Z", + "friendlyName": "Suspicious account detected", + "intent": "Unknown", + "processingEndTime": "2019-07-06T13:56:53.5392366Z", + "productComponentName": "Scheduled Alerts", + "productName": "Azure Sentinel", + "providerAlertId": "c2bafff9-fb31-41d0-a177-ecbff7a02ffe", + "severity": "Medium", + "startTimeUtc": "2021-09-01T08:21:45.926185Z", + "status": "New", + "systemAlertId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "tactics": [ + "Persistence", + "LateralMovement" + ], + "timeGenerated": "2021-09-01T13:56:53.5392366Z", + "vendorName": "Microsoft" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a security alert entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityGroupEntityById.json new file mode 100644 index 000000000000..61c65e82fea6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityGroupEntityById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "SecurityGroup", + "properties": { + "distinguishedName": "Name", + "friendlyName": "Name", + "objectGuid": "fb1b8e04-d944-4986-b39a-1ce9adedcd98", + "sid": "Sid" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a security group entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSubmissionMailEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSubmissionMailEntityById.json new file mode 100644 index 000000000000..c75910cfe173 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSubmissionMailEntityById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "SubmissionMail", + "properties": { + "friendlyName": "recipient", + "recipient": "recipient", + "reportType": "report type", + "sender": "sender", + "senderIp": "1.4.35.34", + "subject": "subject", + "submissionId": "5bb3d8fe-54bc-499c-bc21-86fe8df2a184", + "submitter": "submitter" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a submissionMail entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetUrlEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetUrlEntityById.json new file mode 100644 index 000000000000..288ccdadd996 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetUrlEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Url", + "properties": { + "friendlyName": "https://bing.com", + "url": "https://bing.com" + } + } + } + }, + "operationId": "Entities_Get", + "title": "Get a url entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/expand/PostExpandEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/expand/PostExpandEntity.json new file mode 100644 index 000000000000..50ba865db62f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/expand/PostExpandEntity.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "endTime": "2019-05-26T00:00:00.000Z", + "expansionId": "a77992f3-25e9-4d01-99a4-5ff606cc410a", + "startTime": "2019-04-25T00:00:00.000Z" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "metaData": { + "aggregations": [ + { + "count": 1, + "entityKind": "Account" + } + ] + }, + "value": { + "edges": [ + { + "additionalData": { + "EpochTimestamp": "1608289949", + "FirstSeen": "2021-09-01T11:12:29.597Z", + "Source": "Heartbeat" + }, + "targetEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/c1d60d86-5988-11eb-ae93-0242ac130002" + } + ], + "entities": [ + { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Ip", + "properties": { + "address": "13.89.108.248", + "friendlyName": "13.89.108.248" + } + } + ] + } + } + } + }, + "operationId": "Entities_Expand", + "title": "Expand an entity" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/insights/PostGetInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/insights/PostGetInsights.json new file mode 100644 index 000000000000..2d1b6d865efb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/insights/PostGetInsights.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "addDefaultExtendedTimeRange": false, + "endTime": "2021-10-01T00:00:00.000Z", + "insightQueryIds": [ + "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4" + ], + "startTime": "2021-09-01T00:00:00.000Z" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "metaData": { + "errors": [ + { + "errorMessage": "Internal server error", + "kind": "Insight", + "queryId": "4a70a63d-25c4-6312-b73e-4f302a90c06a" + } + ], + "totalCount": 7 + }, + "value": [ + { + "chartQueryResults": [ + { + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime" + }, + { + "name": "Count", + "type": "long" + }, + { + "name": "Legend", + "type": "string" + } + ], + "rows": [ + [ + "2021-09-01T00:00:00.000Z", + "55", + "SomeLegend" + ] + ] + } + ], + "queryId": "e29ee1ef-7445-455e-85f1-269f2d536d61", + "queryTimeInterval": { + "endTime": "2021-09-01T23:35:20Z", + "startTime": "2021-09-01T23:35:20Z" + }, + "tableQueryResults": { + "columns": [ + { + "name": "Title", + "type": "string" + }, + { + "name": "NameCount", + "type": "long" + }, + { + "name": "SIDCount", + "type": "long" + }, + { + "name": "InternalOrder", + "type": "long" + }, + { + "name": "Index", + "type": "long" + } + ], + "rows": [ + [ + "MyTitle", + "15", + "SID", + "1", + "1" + ] + ] + } + } + ] + } + } + }, + "operationId": "Entities_GetInsights", + "title": "Entity Insight" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetAllEntityRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetAllEntityRelations.json new file mode 100644 index 000000000000..4dc687cc4828 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetAllEntityRelations.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + }, + "operationId": "EntitiesRelations_List", + "title": "Get all relations of an entity." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetEntityRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetEntityRelationByName.json new file mode 100644 index 000000000000..277ac631aead --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetEntityRelationByName.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + }, + "operationId": "EntityRelations_GetRelation", + "title": "Get an entity relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/timeline/PostTimelineEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/timeline/PostTimelineEntity.json new file mode 100644 index 000000000000..4c55d6896157 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/timeline/PostTimelineEntity.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "endTime": "2021-10-01T00:00:00.000Z", + "numberOfBucket": 4, + "startTime": "2021-09-01T00:00:00.000Z" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "metaData": { + "aggregations": [ + { + "count": 4, + "kind": "Activity" + }, + { + "count": 2, + "kind": "SecurityAlert" + }, + { + "count": 1, + "kind": "Anomaly" + } + ], + "errors": [ + { + "errorMessage": "syntax error", + "kind": "Activity", + "queryId": "11067f9f-d6a7-4488-887f-0ba564268879" + }, + { + "errorMessage": "internal server error", + "kind": "SecurityAlert" + } + ], + "totalCount": 6 + }, + "value": [ + { + "description": "The alert description", + "Intent": "Discovery", + "alertType": "4467341f-fb73-4f99-a9b3-29473532cf5a_c93bf33e-055e-4972-9e7d-f84fe3fb61ae", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_bf7c3a2f-b743-6410-3ff0-ec64b5995d50", + "displayName": "Alert display name", + "endTimeUtc": "2021-09-01T23:31:28.02Z", + "kind": "SecurityAlert", + "productName": "Azure Sentinel", + "severity": "Medium", + "startTimeUtc": "2021-09-01T23:32:28.01Z", + "timeGenerated": "2021-09-01T23:37:25.8136594Z" + }, + { + "bucketEndTimeUTC": "2021-09-01T23:31:28.02Z", + "bucketStartTimeUTC": "2021-09-01T21:31:28.02Z", + "content": "he user has deleted the account 3 time(s)", + "firstActivityTimeUTC": "2021-09-01T21:35:28.02Z", + "kind": "Activity", + "lastActivityTimeUTC": "2021-09-01T21:35:28.02Z", + "queryId": "e0459780-ac9d-4b72-8bd4-fecf6b46a0a1", + "title": "The user has deleted an account" + }, + { + "description": "Anomalous private to public port scanning activity with high destination port count along with low port ratio. The ratios are normalized by multiplying them by 10,000 to get them to a more usable value between 0.0 and 1.0.", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_d56430ef-f421-2c9c-0b7d-d082285843c6", + "displayName": "(Preview) Anomalous scanning activity", + "endTimeUtc": "2021-09-01T23:31:28.02Z", + "intent": "Discovery", + "kind": "Anomaly", + "productName": "Azure Sentinel", + "reasons": [ + "High destination port count", + "Low port ratio" + ], + "startTimeUtc": "2021-09-01T23:32:28.01Z", + "techniques": [ + "T1046" + ], + "timeGenerated": "2021-09-01T23:37:25.8136594Z", + "vendor": "Microsoft" + } + ] + } + } + }, + "operationId": "EntitiesGetTimeline_list", + "title": "Entity timeline" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json new file mode 100644 index 000000000000..771abd7b056a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json @@ -0,0 +1,135 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityQuery": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "enabled": true, + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "templateName": null, + "title": "An account was deleted on this host" + } + }, + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "enabled": true, + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "templateName": null, + "title": "An account was deleted on this host" + } + } + }, + "201": { + "body": { + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "enabled": true, + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "templateName": null, + "title": "An account was deleted on this host" + } + } + } + }, + "operationId": "EntityQueries_CreateOrUpdate", + "title": "Creates or updates an Activity entity query." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/DeleteEntityQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/DeleteEntityQuery.json new file mode 100644 index 000000000000..097ca34b93ec --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/DeleteEntityQuery.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "EntityQueries_Delete", + "title": "Delete an entity query." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json new file mode 100644 index 000000000000..88a6d5caa8fc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "enabled": true, + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "templateName": null, + "title": "An account was deleted on this host" + } + } + } + }, + "operationId": "EntityQueries_Get", + "title": "Get an Activity entity query." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetEntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetEntityQueries.json new file mode 100644 index 000000000000..ffc121f91ef7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetEntityQueries.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "kind": "Expansion", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "kind": "Expansion", + "properties": { + "dataSources": [ + "AzureActivity" + ], + "displayName": "Least active accounts on Azure from this IP", + "inputEntityType": "IP", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count asc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')" + } + }, + { + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91", + "kind": "Expansion", + "properties": { + "dataSources": [ + "AzureActivity" + ], + "displayName": "Most active accounts on Azure from this IP", + "inputEntityType": "IP", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count desc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')" + } + } + ] + } + } + }, + "operationId": "EntityQueries_List", + "title": "Get all entity queries." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json new file mode 100644 index 000000000000..b30861c2762b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "kind": "Expansion", + "properties": { + "dataSources": [ + "SecurityEvent" + ], + "displayName": "Parent processes running on host", + "inputEntityType": "Host", + "inputFields": [ + "hostName" + ], + "outputEntityTypes": [ + "Process" + ], + "queryTemplate": "let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n SecurityEvent \r\n | where EventID == 4688 \r\n | where isnotempty(ParentProcessName)\r\n | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n | top 10 by min_TimeGenerated asc};\r\n GetParentProcessesOnHost(toupper(''))" + } + } + } + }, + "operationId": "EntityQueries_Get", + "title": "Get an Expansion entity query." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json new file mode 100644 index 000000000000..8a4bc8db0d4d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityQueryTemplateId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueryTemplate", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "title": "An account was deleted on this host" + } + } + } + }, + "operationId": "EntityQueryTemplates_Get", + "title": "Get an Activity entity query template." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json new file mode 100644 index 000000000000..5bafe95375bc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json @@ -0,0 +1,107 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "kind": "Activity", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueryTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "title": "An account was deleted on this host" + } + }, + { + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueryTemplates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/97a1d515-abf2-4231-9a35-985f9de0bb91", + "kind": "Activity", + "properties": { + "description": "Account deleted on host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "inputEntityType": "Host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "title": "An account was deleted on this host" + } + } + ] + } + } + }, + "operationId": "EntityQueryTemplates_List", + "title": "Get all entity query templates." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/CreateFileImport.json new file mode 100644 index 000000000000..49535a9726c9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/CreateFileImport.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "fileImport": { + "properties": { + "contentType": "StixIndicator", + "importFile": { + "fileFormat": "JSON", + "fileName": "myFile.json", + "fileSize": 4653 + }, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource" + } + }, + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "contentType": "StixIndicator", + "createdTimeUTC": "2022-04-04T20:05:59.847136Z", + "filesValidUntilTimeUTC": "2022-04-05T20:05:59.8471361Z", + "importFile": { + "deleteStatus": "NotDeleted", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/fileName.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "fileFormat": "JSON", + "fileName": "myFile.json", + "fileSize": 4653 + }, + "importValidUntilTimeUTC": "2022-05-04T20:05:59.8471366Z", + "ingestedRecordCount": null, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource", + "state": "WaitingForUpload", + "totalRecordCount": null, + "validRecordCount": null + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "contentType": "StixIndicator", + "createdTimeUTC": "2022-04-04T20:05:59.847136Z", + "filesValidUntilTimeUTC": "2022-04-05T20:05:59.8471361Z", + "importFile": { + "deleteStatus": "NotDeleted", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/fileName.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "fileFormat": "JSON", + "fileName": "myFile.json", + "fileSize": 4653 + }, + "importValidUntilTimeUTC": "2022-05-04T20:05:59.8471366Z", + "ingestedRecordCount": null, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource", + "state": "WaitingForUpload", + "totalRecordCount": null, + "validRecordCount": null + } + } + } + }, + "operationId": "FileImports_Create", + "title": "Create a file import." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/DeleteFileImport.json new file mode 100644 index 000000000000..cc102b63196f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/DeleteFileImport.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "202": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "contentType": "StixIndicator", + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importFile": { + "deleteStatus": "NotDeleted", + "fileContentUri": null, + "fileFormat": "JSON", + "fileName": "myFile.json", + "fileSize": 5146 + }, + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "ingestedRecordCount": 5, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource", + "state": "Ingested", + "totalRecordCount": 5, + "validRecordCount": 5 + } + }, + "headers": { + "location": "https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5" + } + }, + "204": {} + }, + "operationId": "FileImports_Delete", + "title": "Delete a file import." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImportById.json new file mode 100644 index 000000000000..f0f0e736620f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImportById.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "contentType": "StixIndicator", + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importFile": { + "deleteStatus": "NotDeleted", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/myFile.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "fileFormat": "JSON", + "fileName": "myFile.json", + "fileSize": 5146 + }, + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "ingestedRecordCount": 5, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource", + "state": "Ingested", + "totalRecordCount": 5, + "validRecordCount": 5 + } + } + } + }, + "operationId": "FileImports_Get", + "title": "Get a file import." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImports.json new file mode 100644 index 000000000000..134a41293012 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImports.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "$orderby": "properties/createdTimeUtc desc", + "$top": 1, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "contentType": "StixIndicator", + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importFile": { + "deleteStatus": "NotDeleted", + "fileContentUri": null, + "fileFormat": "JSON", + "fileName": "fileName.json", + "fileSize": 5146 + }, + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "ingestedRecordCount": 5, + "ingestionMode": "IngestAnyValidRecords", + "source": "mySource", + "state": "Ingested", + "totalRecordCount": 5, + "validRecordCount": 5 + } + } + ] + } + } + }, + "operationId": "FileImports_List", + "title": "Get all file imports." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHunt.json new file mode 100644 index 000000000000..6e083f526fd7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHunt.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "hunt": { + "properties": { + "description": "Log4J Hunt Description", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "displayName": "Log4J new hunt", + "hypothesisStatus": "Unknown", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123" + }, + "status": "New" + } + }, + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "type": "Microsoft.SecurityInsights/hunts", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "properties": { + "description": "Log4J Hunt Description", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "displayName": "Log4J new hunt", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "hypothesisStatus": "Unknown", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "assignedTo": null, + "email": "testemail@microsoft.com", + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "ownerType": "User", + "userPrincipalName": "John Doe" + }, + "status": "New" + } + } + }, + "201": { + "body": { + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "type": "Microsoft.SecurityInsights/hunts", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "properties": { + "description": "Log4J Hunt Description", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "displayName": "Log4J new hunt", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "huntSequenceNumber": 0, + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "hypothesisStatus": "Unknown", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "assignedTo": null, + "email": "testemail@microsoft.com", + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "ownerType": "User", + "userPrincipalName": "John Doe" + }, + "status": "New" + } + } + } + }, + "operationId": "Hunts_CreateOrUpdate", + "title": "Creates or updates a hunt." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntComment.json new file mode 100644 index 000000000000..eed52869f4a0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntComment.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntComment": { + "properties": { + "message": "This is a test comment." + } + }, + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "type": "Microsoft.SecurityInsights/hunts/comments", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "properties": { + "message": "This is a test comment." + }, + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + } + } + }, + "201": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "type": "Microsoft.SecurityInsights/hunts/comments", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "properties": { + "message": "This is a test comment." + }, + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "HuntComments_CreateOrUpdate", + "title": "Creates or updates a hunt comment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntRelation.json new file mode 100644 index 000000000000..fb92cd36d507 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntRelation.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelation": { + "properties": { + "labels": [ + "Test Label" + ], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + }, + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "type": "Microsoft.SecurityInsights/hunts/relations", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "properties": { + "labels": [ + "Test Label" + ], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks" + } + } + }, + "201": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "type": "Microsoft.SecurityInsights/hunts/relations", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "properties": { + "labels": [ + "Test Label" + ], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks" + } + } + } + }, + "operationId": "HuntRelations_CreateOrUpdate", + "title": "Creates or updates a hunt relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHunt.json new file mode 100644 index 000000000000..2567eb7cae0e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHunt.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Hunts_Delete", + "title": "Delete a hunt." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntComment.json new file mode 100644 index 000000000000..a8fc45ed9073 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntComment.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "HuntComments_Delete", + "title": "Delete a hunt comment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntRelation.json new file mode 100644 index 000000000000..90c13f3a0f0c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntRelation.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "HuntRelations_Delete", + "title": "Delete a hunt relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntById.json new file mode 100644 index 000000000000..648d0c797dd3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "type": "Microsoft.SecurityInsights/hunts", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "properties": { + "description": "Log4J Hunt Description", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "displayName": "Log4J new hunt ", + "hypothesisStatus": "Unknown", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "assignedTo": null, + "email": "testemail@microsoft.com", + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "ownerType": "User", + "userPrincipalName": "John Doe" + }, + "status": "New" + } + } + } + }, + "operationId": "Hunts_Get", + "title": "Get a hunt." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntCommentById.json new file mode 100644 index 000000000000..827bbe4722da --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntCommentById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "type": "Microsoft.SecurityInsights/hunts/comments", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "properties": { + "message": "This is a comment." + }, + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + } + } + } + }, + "operationId": "HuntComments_Get", + "title": "Get a hunt comment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntComments.json new file mode 100644 index 000000000000..a21748e1174b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntComments.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "type": "Microsoft.SecurityInsights/hunts/comments", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "properties": { + "message": "This is a test comment." + } + } + ] + } + } + }, + "operationId": "HuntComments_List", + "title": "Get all hunt comments." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelationById.json new file mode 100644 index 000000000000..c5ac24495f27 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelationById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "type": "Microsoft.SecurityInsights/hunts/relations", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "properties": { + "labels": [ + "label1" + ], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks" + } + } + } + }, + "operationId": "HuntRelations_Get", + "title": "Get a hunt relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelations.json new file mode 100644 index 000000000000..fa3becf05462 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelations.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "type": "Microsoft.SecurityInsights/hunts/relations", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "properties": { + "labels": [ + "label1" + ], + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks" + } + } + ] + } + } + }, + "operationId": "HuntRelations_List", + "title": "Get all hunt relations." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHunts.json new file mode 100644 index 000000000000..e9aee2f1db91 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHunts.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "b372ee75-2cad-4b71-8917-d5d5df9315b5", + "type": "Microsoft.SecurityInsights/hunts", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/b372ee75-2cad-4b71-8917-d5d5df9315b5", + "properties": { + "description": "Log4J Hunt Description", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "displayName": "Log4J new hunt", + "hypothesisStatus": "Unknown", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "assignedTo": null, + "email": "testemail@microsoft.com", + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "ownerType": "User", + "userPrincipalName": "John Doe" + }, + "status": "New" + } + } + ] + } + } + }, + "operationId": "Hunts_List", + "title": "Get all hunts." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json new file mode 100644 index 000000000000..4e084ad486c0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "type": "Microsoft.SecurityInsights/Entities", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "kind": "SecurityAlert", + "properties": { + "additionalData": { + "alertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" + }, + "alertDisplayName": "myAlert", + "alertType": "myAlert", + "confidenceLevel": "Unknown", + "endTimeUtc": "2020-07-20T18:21:53.615Z", + "friendlyName": "myAlert", + "processingEndTime": "2020-07-20T18:21:53.615Z", + "productName": "Azure Security Center", + "resourceIdentifiers": [ + { + "type": "LogAnalytics", + "resourceGroup": "myRG", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b" + } + ], + "severity": "Low", + "startTimeUtc": "2020-07-20T18:21:53.615Z", + "status": "New", + "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "tactics": [], + "timeGenerated": "2020-07-20T18:21:53.615Z", + "vendorName": "Microsoft" + } + } + ] + } + } + }, + "operationId": "Incidents_ListAlerts", + "title": "Incidents_ListAlerts" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json new file mode 100644 index 000000000000..4174fe0e2fb4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", + "kind": "Bookmark", + "properties": { + "additionalData": { + "eTag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "created": "2020-06-17T15:34:01.426+00:00", + "createdBy": { + "name": "user", + "email": "user@contoso.com", + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd" + }, + "displayName": "SecurityEvent - 868f40f4698d", + "eventTime": "2020-06-17T15:34:01.426+00:00", + "friendlyName": "SecurityEvent - 868f40f4698d", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "updated": "2020-06-17T15:34:01.426+00:00", + "updatedBy": { + "name": "user", + "email": "user@contoso.com", + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd" + } + } + } + ] + } + } + }, + "operationId": "Incidents_ListBookmarks", + "title": "Incidents_ListBookmarks" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json new file mode 100644 index 000000000000..4489d56a1b5a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentComment": { + "properties": { + "message": "Some message" + } + }, + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "author": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T13:15:30Z", + "message": "Some message" + } + } + }, + "201": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "author": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T13:15:30Z", + "message": "Some message" + } + } + } + }, + "operationId": "IncidentComments_CreateOrUpdate", + "title": "IncidentComments_CreateOrUpdate" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json new file mode 100644 index 000000000000..43916a3ca5b2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "IncidentComments_Delete", + "title": "IncidentComments_Delete" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json new file mode 100644 index 000000000000..f03d0025da19 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "author": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "message": "Some message" + } + } + } + }, + "operationId": "IncidentComments_Get", + "title": "IncidentComments_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json new file mode 100644 index 000000000000..cbd1f139b004 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "author": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "message": "Some message" + } + } + ] + } + } + }, + "operationId": "IncidentComments_List", + "title": "IncidentComments_List" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json new file mode 100644 index 000000000000..285ef6bd77d7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "entities": [ + { + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/Entities", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Account", + "properties": { + "accountName": "administrator", + "friendlyName": "administrator", + "ntDomain": "domain" + } + } + ], + "metaData": [ + { + "count": 1, + "entityKind": "Account" + } + ] + } + } + }, + "operationId": "Incidents_ListEntities", + "title": "Incidents_ListEntities" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json new file mode 100644 index 000000000000..fc2e97491beb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTask": { + "properties": { + "description": "Task description", + "status": "New", + "title": "Task title" + } + }, + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "description": "Task description", + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "status": "New", + "title": "Task title" + } + } + }, + "201": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "description": "Task description", + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "status": "New", + "title": "Task title" + } + } + } + }, + "operationId": "IncidentTasks_CreateOrUpdate", + "title": "IncidentTasks_CreateOrUpdate" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json new file mode 100644 index 000000000000..d03a76564479 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "IncidentTasks_Delete", + "title": "IncidentTasks_Delete" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json new file mode 100644 index 000000000000..67839638080e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "description": "Task description", + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "status": "New", + "title": "Task title" + } + } + } + }, + "operationId": "IncidentTasks_Get", + "title": "IncidentTasks_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json new file mode 100644 index 000000000000..cf70ef063fa2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "description": "Task description", + "createdBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedBy": { + "name": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "status": "New", + "title": "Task title" + } + } + ] + } + } + }, + "operationId": "IncidentTasks_List", + "title": "IncidentTasks_List" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json new file mode 100644 index 000000000000..9feb5c4b6ce0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json @@ -0,0 +1,138 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incident": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "description": "This is a demo incident", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "owner": { + "assignedTo": null, + "email": null, + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "ownerType": null, + "userPrincipalName": null + }, + "severity": "High", + "status": "Closed", + "title": "My incident" + } + }, + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "description": "This is a demo incident", + "additionalData": { + "alertProductNames": [], + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ] + }, + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "incidentNumber": 3177, + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "labels": [], + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "owner": { + "assignedTo": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "ownerType": "User", + "userPrincipalName": "john@contoso.com" + }, + "providerIncidentId": "3177", + "providerName": "Azure Sentinel", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "severity": "High", + "status": "Closed", + "title": "My incident" + } + } + }, + "201": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "description": "This is a demo incident", + "additionalData": { + "alertProductNames": [], + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ] + }, + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "incidentNumber": 3177, + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "labels": [], + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "owner": { + "assignedTo": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "ownerType": "User", + "userPrincipalName": "john@contoso.com" + }, + "providerIncidentId": "3177", + "providerName": "Azure Sentinel", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "severity": "High", + "status": "Closed", + "title": "My incident" + } + } + } + }, + "operationId": "Incidents_CreateOrUpdate", + "title": "Incidents_CreateOrUpdate" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Delete.json new file mode 100644 index 000000000000..c0c098b6528f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Delete.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Incidents_Delete", + "title": "Incidents_Delete" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Get.json new file mode 100644 index 000000000000..eb8fb21cbb30 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Get.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "description": "This is a demo incident", + "additionalData": { + "alertProductNames": [], + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ] + }, + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "incidentNumber": 3177, + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "labels": [], + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "owner": { + "assignedTo": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "ownerType": "User", + "userPrincipalName": "john@contoso.com" + }, + "providerIncidentId": "3177", + "providerName": "Azure Sentinel", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "severity": "High", + "status": "Closed", + "title": "My incident" + } + } + } + }, + "operationId": "Incidents_Get", + "title": "Incidents_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_List.json new file mode 100644 index 000000000000..a030f71b61d2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_List.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "$orderby": "properties/createdTimeUtc desc", + "$top": 1, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "description": "This is a demo incident", + "additionalData": { + "alertProductNames": [], + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ] + }, + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "incidentNumber": 3177, + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "labels": [], + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "owner": { + "assignedTo": "john doe", + "email": "john.doe@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "ownerType": "User", + "userPrincipalName": "john@contoso.com" + }, + "providerIncidentId": "3177", + "providerName": "Azure Sentinel", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "severity": "High", + "status": "Closed", + "title": "My incident" + } + } + ] + } + } + }, + "operationId": "Incidents_List", + "title": "Incidents_List" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json new file mode 100644 index 000000000000..bd8aa5e22d0a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + }, + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + }, + "201": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + }, + "operationId": "IncidentRelations_CreateOrUpdate", + "title": "Creates or updates a relation for a given incident." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json new file mode 100644 index 000000000000..ee1162ee4af1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "IncidentRelations_Delete", + "title": "Delete the incident relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json new file mode 100644 index 000000000000..a4c096aae44b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + }, + { + "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceKind": "SecurityAlert", + "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceType": "Microsoft.SecurityInsights/entities" + } + } + ] + } + } + }, + "operationId": "IncidentRelations_List", + "title": "Get all incident relations." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json new file mode 100644 index 000000000000..965f54d79df4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + }, + "operationId": "IncidentRelations_Get", + "title": "Get an incident relation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json new file mode 100644 index 000000000000..605fa10c8ce9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json @@ -0,0 +1,19 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "entityIdentifier": "72e01a22-5cd2-4139-a149-9f2736ff2ar2", + "manualTriggerRequestBody": { + "incidentArmId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "204": {} + }, + "operationId": "Entities_RunPlaybook", + "title": "Entities_RunPlaybook" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json new file mode 100644 index 000000000000..c1067705d428 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json @@ -0,0 +1,20 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "incidentIdentifier": "73e01a99-5cd7-4139-a149-9f2736ff2ar4", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "204": { + "body": {} + } + }, + "operationId": "Incidents_RunPlaybook", + "title": "Incidents_RunPlaybook" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/DeleteMetadata.json new file mode 100644 index 000000000000..134825dedea2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/DeleteMetadata.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "metadataName": "metadataName", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "Metadata_Delete", + "title": "Delete metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadata.json new file mode 100644 index 000000000000..a64076781215 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadata.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "version": "1.0.0.0" + } + }, + { + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "version": "1.0.0.0" + } + }, + { + "name": "metadataName3", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName3", + "properties": { + "contentId": "f593501d-ec01-4057-8146-a1de35c461ef", + "kind": "Workbook", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/workbookName", + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "version": "1.0.0.0" + } + } + ] + } + } + }, + "operationId": "Metadata_List", + "title": "Get all metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadataOData.json new file mode 100644 index 000000000000..a03824d80dac --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadataOData.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "ODataFilter": "properties/kind eq 'AnalyticsRule'", + "ODataOrderBy": "properties/parentId desc", + "ODataSkip": "2", + "ODataTop": "2", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName1", + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "version": "1.0.0.0" + } + }, + { + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "version": "1.0.0.0" + } + } + ] + } + } + }, + "operationId": "Metadata_List", + "title": "Get all metadata with OData filter/orderby/skip/top" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetMetadata.json new file mode 100644 index 000000000000..2fffd8881f8f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetMetadata.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "metadataName": "metadataName", + "resourceGroupName": "myRg", + "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "dependencies": { + "criteria": [ + { + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ], + "operator": "OR" + }, + { + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "kind": "Playbook", + "version": "1.0" + }, + { + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b", + "kind": "Parser" + } + ], + "operator": "AND" + }, + "firstPublishDate": "2021-05-18", + "kind": "AnalyticsRule", + "lastPublishDate": "2021-05-18", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "providers": [ + "Amazon", + "Microsoft" + ], + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ], + "version": "1.0.0.0" + } + } + } + }, + "operationId": "Metadata_Get", + "title": "Get single metadata by name" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PatchMetadata.json new file mode 100644 index 000000000000..7afe099fca4f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PatchMetadata.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "metadataName": "metadataName", + "metadataPatch": { + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + } + }, + "operationId": "Metadata_Update", + "title": "Update metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadata.json new file mode 100644 index 000000000000..ed25f53edb7e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadata.json @@ -0,0 +1,288 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "metadata": { + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "dependencies": { + "criteria": [ + { + "criteria": [ + { + "name": "Microsoft Defender for Endpoint", + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ], + "operator": "OR" + }, + { + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "kind": "Playbook", + "version": "1.0" + }, + { + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b", + "kind": "Parser" + } + ], + "operator": "AND" + }, + "firstPublishDate": "2021-05-18", + "kind": "AnalyticsRule", + "lastPublishDate": "2021-05-18", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "providers": [ + "Amazon", + "Microsoft" + ], + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ], + "version": "1.0.0.0" + } + }, + "metadataName": "metadataName", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "dependencies": { + "criteria": [ + { + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ], + "operator": "OR" + }, + { + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "kind": "Playbook", + "version": "1.0" + }, + { + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b", + "kind": "Parser" + } + ], + "operator": "AND" + }, + "firstPublishDate": "2021-05-18", + "kind": "AnalyticsRule", + "lastPublishDate": "2021-05-18", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "providers": [ + "Amazon", + "Microsoft" + ], + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ], + "version": "1.0.0.0" + } + } + }, + "201": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "dependencies": { + "criteria": [ + { + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ], + "operator": "OR" + }, + { + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "kind": "Playbook", + "version": "1.0" + }, + { + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b", + "kind": "Parser" + } + ], + "operator": "AND" + }, + "firstPublishDate": "2021-05-18", + "kind": "AnalyticsRule", + "lastPublishDate": "2021-05-18", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "providers": [ + "Amazon", + "Microsoft" + ], + "source": { + "name": "Contoso Solution 1.0", + "kind": "Solution", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ], + "version": "1.0.0.0" + } + } + } + }, + "operationId": "Metadata_Create", + "title": "Create/update full metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadataMinimal.json new file mode 100644 index 000000000000..5cf6cfa7b708 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadataMinimal.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + }, + "metadataName": "metadataName", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "201": { + "body": { + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + } + }, + "operationId": "Metadata_Create", + "title": "Create/update minimal metadata." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json new file mode 100644 index 000000000000..433c82f96995 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "OfficeConsents_Delete", + "title": "Delete an office consent." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsents.json new file mode 100644 index 000000000000..a0dde26a2d68 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsents.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "properties": { + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252" + } + } + ] + } + } + }, + "operationId": "OfficeConsents_List", + "title": "Get all office consents." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json new file mode 100644 index 000000000000..b3bbae88aa4f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "properties": { + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252" + } + } + } + }, + "operationId": "OfficeConsents_Get", + "title": "Get an office consent." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json new file mode 100644 index 000000000000..b7b98d55bbd6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "sentinelOnboardingStateName": "default", + "sentinelOnboardingStateParameter": { + "properties": { + "customerManagedKey": false + } + }, + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "properties": { + "customerManagedKey": false + } + } + }, + "201": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "properties": { + "customerManagedKey": false + } + } + } + }, + "operationId": "SentinelOnboardingStates_Create", + "title": "Create Sentinel onboarding state" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json new file mode 100644 index 000000000000..de2bdddfa3fd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "sentinelOnboardingStateName": "default", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "SentinelOnboardingStates_Delete", + "title": "Delete Sentinel onboarding state" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json new file mode 100644 index 000000000000..c80511e7bf8b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "properties": { + "customerManagedKey": false + } + } + ] + } + } + }, + "operationId": "SentinelOnboardingStates_List", + "title": "Get all Sentinel onboarding states" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json new file mode 100644 index 000000000000..9c0b1436c694 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "sentinelOnboardingStateName": "default", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "properties": { + "customerManagedKey": false + } + } + } + }, + "operationId": "SentinelOnboardingStates_Get", + "title": "Get Sentinel onboarding state" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/operations/ListOperations.json new file mode 100644 index 000000000000..721daa53a65a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/operations/ListOperations.json @@ -0,0 +1,565 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "Microsoft.SecurityInsights/operations/read", + "display": { + "description": "Gets operations", + "operation": "Get Operations", + "provider": "Microsoft Security Insights", + "resource": "Operations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/read", + "display": { + "description": "Gets an automation rule", + "operation": "Get Automation Rules", + "provider": "Microsoft Security Insights", + "resource": "AutomationRules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/write", + "display": { + "description": "Updates an automation rule", + "operation": "Update Automation Rules", + "provider": "Microsoft Security Insights", + "resource": "AutomationRules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/delete", + "display": { + "description": "Deletes an automation rule", + "operation": "Delete Automation Rules", + "provider": "Microsoft Security Insights", + "resource": "AutomationRules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/read", + "display": { + "description": "Gets bookmarks", + "operation": "Get Bookmarks", + "provider": "Microsoft Security Insights", + "resource": "Bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/write", + "display": { + "description": "Updates bookmarks", + "operation": "Update Bookmarks", + "provider": "Microsoft Security Insights", + "resource": "Bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/delete", + "display": { + "description": "Deletes bookmarks", + "operation": "Delete Bookmarks", + "provider": "Microsoft Security Insights", + "resource": "Bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/expand/action", + "display": { + "description": "Gets related entities of an entity by a specific expansion", + "operation": "Expand on entity", + "provider": "Microsoft Security Insights", + "resource": "Bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/read", + "display": { + "description": "Gets a bookmark relation", + "operation": "Get Bookmark Relations", + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/write", + "display": { + "description": "Updates a bookmark relation", + "operation": "Update Bookmark Relations", + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/delete", + "display": { + "description": "Deletes a bookmark relation", + "operation": "Delete Bookmark Relations", + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/read", + "display": { + "description": "Gets the alert rules", + "operation": "Get Alert Rules", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/write", + "display": { + "description": "Updates alert rules", + "operation": "Update Alert Rules", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/delete", + "display": { + "description": "Deletes alert rules", + "operation": "Delete Alert Rules", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/read", + "display": { + "description": "Gets the response actions of an alert rule", + "operation": "Get Alert Rule Response Actions", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/write", + "display": { + "description": "Updates the response actions of an alert rule", + "operation": "Update Alert Rule Response Actions", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/delete", + "display": { + "description": "Deletes the response actions of an alert rule", + "operation": "Delete Alert Rule Response Actions", + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/read", + "display": { + "description": "Gets the data connectors", + "operation": "Get Data Connectors", + "provider": "Microsoft Security Insights", + "resource": "DataConnectors" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/write", + "display": { + "description": "Updates a data connector", + "operation": "Update Data Connectors", + "provider": "Microsoft Security Insights", + "resource": "DataConnectors" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/delete", + "display": { + "description": "Deletes a data connector", + "operation": "Delete a Data Connector", + "provider": "Microsoft Security Insights", + "resource": "DataConnectors" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action", + "display": { + "description": "Check user authorization and license", + "operation": "Check user authorization and license", + "provider": "Microsoft Security Insights", + "resource": "DataConnectorsCheckRequirements" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/read", + "display": { + "description": "Gets an incident", + "operation": "Get Incidents", + "provider": "Microsoft Security Insights", + "resource": "Incidents" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/write", + "display": { + "description": "Updates an incident", + "operation": "Update Incidents", + "provider": "Microsoft Security Insights", + "resource": "Incidents" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/delete", + "display": { + "description": "Deletes an incident", + "operation": "Delete Incidents", + "provider": "Microsoft Security Insights", + "resource": "Incidents" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/read", + "display": { + "description": "Gets the incident comments", + "operation": "Get Incident Comments", + "provider": "Microsoft Security Insights", + "resource": "Incident Comments" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/write", + "display": { + "description": "Creates a comment on the incident", + "operation": "Create Incident Comments", + "provider": "Microsoft Security Insights", + "resource": "Incident Comments" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/delete", + "display": { + "description": "Deletes a comment on the incident", + "operation": "Delete Incident Comment", + "provider": "Microsoft Security Insights", + "resource": "Incident Comments" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/read", + "display": { + "description": "Gets a relation between the incident and related resources", + "operation": "Get Incident Relations", + "provider": "Microsoft Security Insights", + "resource": "Incident Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/write", + "display": { + "description": "Updates a relation between the incident and related resources", + "operation": "Update Incident Relations", + "provider": "Microsoft Security Insights", + "resource": "Incident Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/delete", + "display": { + "description": "Deletes a relation between the incident and related resources", + "operation": "Delete Incident Relations", + "provider": "Microsoft Security Insights", + "resource": "Incident Relations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/read", + "display": { + "description": "Gets Threat Intelligence", + "operation": "Get Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/write", + "display": { + "description": "Updates Threat Intelligence", + "operation": "Update Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/delete", + "display": { + "description": "Deletes Threat Intelligence", + "operation": "Delete Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/query/action", + "display": { + "description": "Query Threat Intelligence", + "operation": "Query Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/action", + "display": { + "description": "Collect Threat Intelligence Metrics", + "operation": "Collect Threat Intelligence Metrics", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkDelete/action", + "display": { + "description": "Bulk Delete Threat Intelligence", + "operation": "Bulk Delete Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkTag/action", + "display": { + "description": "Bulk Tags Threat Intelligence", + "operation": "Bulk Tags Threat Intelligence", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/write", + "display": { + "description": "Updates Threat Intelligence Indicators", + "operation": "Update Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/delete", + "display": { + "description": "Deletes Threat Intelligence Indicators", + "operation": "Delete Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/query/action", + "display": { + "description": "Query Threat Intelligence Indicators", + "operation": "Query Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action", + "display": { + "description": "Get Threat Intelligence Indicator Metrics", + "operation": "Get Threat Intelligence Indicator Metrics", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action", + "display": { + "description": "Bulk Delete Threat Intelligence Indicators", + "operation": "Bulk Delete Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action", + "display": { + "description": "Bulk Tags Threat Intelligence Indicators", + "operation": "Bulk Tags Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/read", + "display": { + "description": "Gets Threat Intelligence Indicators", + "operation": "Get Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/read", + "display": { + "description": "Collect Threat Intelligence Metrics", + "operation": "Collect Threat Intelligence Metrics", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/createIndicator/action", + "display": { + "description": "Create Threat Intelligence Indicator", + "operation": "Create Threat Intelligence Indicator", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action", + "display": { + "description": "Append tags to Threat Intelligence Indicator", + "operation": "Append tags to Threat Intelligence Indicator", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action", + "display": { + "description": "Replace Tags of Threat Intelligence Indicator", + "operation": "Replace Tags of Threat Intelligence Indicator", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/queryIndicators/action", + "display": { + "description": "Query Threat Intelligence Indicators", + "operation": "Query Threat Intelligence Indicators", + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/read", + "display": { + "description": "Gets Watchlists", + "operation": "Get Watchlists", + "provider": "Microsoft Security Insights", + "resource": "Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/write", + "display": { + "description": "Create Watchlists", + "operation": "Create Watchlists", + "provider": "Microsoft Security Insights", + "resource": "Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/delete", + "display": { + "description": "Deletes Watchlists", + "operation": "Delete Watchlists", + "provider": "Microsoft Security Insights", + "resource": "Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/read", + "display": { + "description": "Gets an onboarding state", + "operation": "Get Onboarding States", + "provider": "Microsoft Security Insights", + "resource": "Onboarding States" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/write", + "display": { + "description": "Updates an onboarding state", + "operation": "Update Onboarding States", + "provider": "Microsoft Security Insights", + "resource": "Onboarding States" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/delete", + "display": { + "description": "Deletes an onboarding state", + "operation": "Delete Onboarding States", + "provider": "Microsoft Security Insights", + "resource": "Onboarding States" + }, + "origin": "user" + } + ] + } + } + }, + "operationId": "Operations_List", + "title": "Get all operations." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendation.json new file mode 100644 index 000000000000..70200a5df457 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendation.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "type": "Microsoft.SecurityInsights/Recommendations", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Recommendations/ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "properties": { + "description": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "creationTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastModifiedTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "recommendationTypeId": "Swagger_Example", + "resourceId": "someId", + "state": "CompletedBySystem", + "suggestions": [ + { + "description": "someText", + "action": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "suggestionTypeId": "ThreatIntelligence_Example_Suggestion_Example", + "title": "someText" + } + ], + "title": "someText" + } + } + } + }, + "operationId": "Get_SingleRecommendation", + "title": "Get a recommendation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendations.json new file mode 100644 index 000000000000..26a410cd266e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendations.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "type": "Microsoft.SecurityInsights/Recommendations", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Recommendations/ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "properties": { + "description": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "creationTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastModifiedTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "recommendationTypeId": "ThreatIntelligence_Example", + "resourceId": "someId", + "state": "CompletedBySystem", + "suggestions": [ + { + "description": "someText", + "action": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "suggestionTypeId": "ThreatIntelligence_Example_Suggestion_Example", + "title": "someText" + } + ], + "title": "someText" + } + } + ] + } + } + }, + "operationId": "GetRecommendations_List", + "title": "Get Recommendations list." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/PatchRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/PatchRecommendation.json new file mode 100644 index 000000000000..ebf478498d1d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/PatchRecommendation.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "recommendationPatch": { + "properties": { + "state": "Active" + } + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "type": "Microsoft.SecurityInsights/Recommendations", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Recommendations/ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "properties": { + "description": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "creationTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "lastModifiedTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "recommendationTypeId": "ThreatIntelligence_Example", + "resourceId": "someId", + "state": "CompletedByUser", + "suggestions": [ + { + "description": "someText", + "action": "someText", + "additionalProperties": { + "someKey": "someValue" + }, + "suggestionTypeId": "ThreatIntelligence_Example_Suggestion_Example", + "title": "someText" + } + ], + "title": "someText" + } + } + } + }, + "operationId": "Update_Recommendation", + "title": "Creates a recommendation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/ReevaluateRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/ReevaluateRecommendation.json new file mode 100644 index 000000000000..a26c0f89f46e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/ReevaluateRecommendation.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "type": "Microsoft.SecurityInsights/Recommendations", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Recommendations/ceea048e-923e-4eeb-8fcb-6cb0c06b101f", + "properties": { + "lastEvaluatedTimeUtc": "2023-10-10T03:09:03.4888396+00:00" + } + } + } + }, + "operationId": "Reevaluate_Recommendation", + "title": "Reevaluate a recommendation." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/repositories/GetRepositories.json new file mode 100644 index 000000000000..b2c20119393a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/repositories/GetRepositories.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "repoType": "Github", + "repositoryAccess": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state" + } + } + }, + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "branches": [ + "master", + "develop" + ], + "fullName": "reponame", + "installationId": 42424242, + "url": "https://api.github.com/repos/user/reponame" + } + ] + } + } + }, + "operationId": "SourceControl_listRepositories", + "title": "Get repository list." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..2d5b6cd7cb23 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,247 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "securityMLAnalyticsSetting": { + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "kind": "Anomaly", + "properties": { + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "prioritizeExcludeObservations": null, + "singleSelectObservations": [ + { + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "supportedValuesKql": null, + "value": [ + "Palo Alto Networks" + ], + "valuesKql": null + } + ], + "singleValueObservations": null, + "thresholdObservations": [ + { + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25" + }, + { + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3" + } + ] + }, + "displayName": "Login from unusual region", + "enabled": true, + "frequency": "PT1H", + "isDefaultSettings": true, + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + }, + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "kind": "Anomaly", + "properties": { + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "prioritizeExcludeObservations": null, + "singleSelectObservations": [ + { + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "supportedValuesKql": null, + "value": [ + "Palo Alto Networks" + ], + "valuesKql": null + } + ], + "singleValueObservations": null, + "thresholdObservations": [ + { + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25" + }, + { + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3" + } + ] + }, + "displayName": "Login from unusual region", + "enabled": true, + "frequency": "PT1H", + "isDefaultSettings": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + }, + "201": { + "body": { + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "kind": "Anomaly", + "properties": { + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "prioritizeExcludeObservations": null, + "singleSelectObservations": [ + { + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "supportedValuesKql": null, + "value": [ + "Palo Alto Networks" + ], + "valuesKql": null + } + ], + "singleValueObservations": null, + "thresholdObservations": [ + { + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25" + }, + { + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3" + } + ] + }, + "displayName": "Login from unusual region", + "enabled": true, + "frequency": "PT1H", + "isDefaultSettings": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + } + }, + "operationId": "SecurityMLAnalyticsSettings_CreateOrUpdate", + "title": "Creates or updates a Anomaly Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..1c10d8407f62 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "SecurityMLAnalyticsSettings_Delete", + "title": "Delete a Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json new file mode 100644 index 000000000000..b0ec472444c0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -0,0 +1,96 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "kind": "Anomaly", + "properties": { + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "prioritizeExcludeObservations": null, + "singleSelectObservations": [ + { + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "supportedValuesKql": null, + "value": [ + "Palo Alto Networks" + ], + "valuesKql": null + } + ], + "singleValueObservations": null, + "thresholdObservations": [ + { + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25" + }, + { + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3" + } + ] + }, + "displayName": "Login from unusual region", + "enabled": true, + "frequency": "PT1H", + "isDefaultSettings": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + ] + } + } + }, + "operationId": "SecurityMLAnalyticsSettings_List", + "title": "Get all Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..b33055425acb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,93 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "settingsResourceName": "myFirstAnomalySettings", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "kind": "Anomaly", + "properties": { + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "anomalySettingsVersion": 0, + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "prioritizeExcludeObservations": null, + "singleSelectObservations": [ + { + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "supportedValuesKql": null, + "value": [ + "Palo Alto Networks" + ], + "valuesKql": null + } + ], + "singleValueObservations": null, + "thresholdObservations": [ + { + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "maximum": "100", + "minimum": "1", + "rerun": "RerunAlways", + "sequenceNumber": 1, + "value": "25" + }, + { + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "maximum": "10", + "minimum": "2", + "rerun": "RerunAlways", + "sequenceNumber": 2, + "value": "3" + } + ] + }, + "displayName": "Login from unusual region", + "enabled": true, + "frequency": "PT1H", + "isDefaultSettings": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db", + "settingsStatus": "Production", + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ] + } + } + } + }, + "operationId": "SecurityMLAnalyticsSettings_Get", + "title": "Get a Anomaly Security ML Analytics Settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/DeleteEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/DeleteEyesOnSetting.json new file mode 100644 index 000000000000..211b8a26d65f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/DeleteEyesOnSetting.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "settingsName": "EyesOn", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ProductSettings_Delete", + "title": "Delete EyesOn settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetAllSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetAllSettings.json new file mode 100644 index 000000000000..2dd5534726b1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetAllSettings.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + ] + } + } + }, + "operationId": "ProductSettings_List", + "title": "Get all settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetEyesOnSetting.json new file mode 100644 index 000000000000..e7f3ac94cf4b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetEyesOnSetting.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "settingsName": "EyesOn", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + }, + "operationId": "ProductSettings_Get", + "title": "Get EyesOn settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/UpdateEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/UpdateEyesOnSetting.json new file mode 100644 index 000000000000..9a1e5035e535 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/UpdateEyesOnSetting.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "settings": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": {} + }, + "settingsName": "EyesOn", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + }, + "201": { + "body": { + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + }, + "operationId": "ProductSettings_Update", + "title": "Update EyesOn settings." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/CreateSourceControl.json new file mode 100644 index 000000000000..79dfa421de1e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/CreateSourceControl.json @@ -0,0 +1,178 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "sourceControl": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "description": "This is a source control", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "displayName": "My Source Control", + "repoType": "Github", + "repository": { + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "url": "https://github.com/user/repo" + }, + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state" + } + } + }, + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "properties": { + "description": "this is a source control", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "displayName": "My Source Control", + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "lastDeploymentInfo": { + "deployment": { + "deploymentId": "4985046420", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "deploymentResult": "Success", + "deploymentState": "Completed", + "deploymentTime": "2021-01-01T17:18:19.1234567Z" + }, + "deploymentFetchStatus": "Success", + "message": "Successful deployment" + }, + "pullRequest": { + "state": "Open", + "url": "https://github.com/user/repo/pull/123" + }, + "repoType": "Github", + "repository": { + "branch": "master", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "displayUrl": "https://github.com/user/repo", + "url": "https://github.com/user/repo" + }, + "repositoryResourceInfo": { + "azureDevOpsResourceInfo": null, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "webhook": { + "webhookId": "342768323", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a" + } + }, + "servicePrincipal": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + }, + "workloadIdentityFederation": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "issuer": "https://token.actions.githubusercontent.com", + "subject": "repo:user/repo:ref:refs/heads/branch", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + } + }, + "systemData": { + "createdAt": "2021-01-01T17:18:19.1234567Z", + "createdBy": "user1", + "createdByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User" + }, + "version": "V2" + } + }, + "201": { + "body": { + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "properties": { + "description": "this is a source control", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "displayName": "My Source Control", + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "lastDeploymentInfo": { + "deployment": { + "deploymentId": "4985046420", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "deploymentResult": "Success", + "deploymentState": "Completed", + "deploymentTime": "2021-01-01T17:18:19.1234567Z" + }, + "deploymentFetchStatus": "Success", + "message": "Successful deployment" + }, + "pullRequest": { + "state": "Open", + "url": "https://github.com/user/repo/pull/123" + }, + "repoType": "Github", + "repository": { + "branch": "master", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "displayUrl": "https://github.com/user/repo", + "url": "https://github.com/user/repo" + }, + "repositoryResourceInfo": { + "azureDevOpsResourceInfo": null, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "webhook": { + "webhookId": "342768323", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a" + } + }, + "servicePrincipal": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + }, + "workloadIdentityFederation": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "issuer": "https://token.actions.githubusercontent.com", + "subject": "repo:user/repo:ref:refs/heads/branch", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + } + }, + "systemData": { + "createdAt": "2021-01-01T17:18:19.1234567Z", + "createdBy": "user1", + "createdByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User" + }, + "version": "V2" + } + } + }, + "operationId": "SourceControls_Create", + "title": "Creates or updates a source control." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json new file mode 100644 index 000000000000..2b35676dcefa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "repositoryAccess": { + "properties": { + "repositoryAccess": { + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73", + "code": "939fd7c6caf754f4f41f", + "kind": "OAuth", + "state": "state" + } + } + }, + "resourceGroupName": "myRg", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "warning": { + "code": "SourceControlWarning_DeleteServicePrincipal", + "message": "ServicePrincipal has not been removed due to insufficient permissions." + } + } + } + }, + "operationId": "SourceControls_Delete", + "title": "Delete a source control." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControlById.json new file mode 100644 index 000000000000..61526607ae5b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControlById.json @@ -0,0 +1,84 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "properties": { + "description": "this is a source control", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "displayName": "My Source Control", + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "lastDeploymentInfo": { + "deployment": { + "deploymentId": "4985046420", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "deploymentResult": "Success", + "deploymentState": "Completed", + "deploymentTime": "2021-01-01T17:18:19.1234567Z" + }, + "deploymentFetchStatus": "Success", + "message": "Successful deployment" + }, + "pullRequest": { + "state": "Open", + "url": "https://github.com/user/repo/pull/123" + }, + "repoType": "Github", + "repository": { + "branch": "master", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "displayUrl": "https://github.com/user/repo", + "url": "https://github.com/user/repo" + }, + "repositoryResourceInfo": { + "azureDevOpsResourceInfo": null, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "webhook": { + "webhookId": "342768323", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a" + } + }, + "servicePrincipal": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + }, + "workloadIdentityFederation": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "issuer": "https://token.actions.githubusercontent.com", + "subject": "repo:user/repo:ref:refs/heads/branch", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + } + }, + "systemData": { + "createdAt": "2021-01-01T17:18:19.1234567Z", + "createdBy": "user1", + "createdByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User" + }, + "version": "V2" + } + } + }, + "operationId": "SourceControls_Get", + "title": "Get a source control." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControls.json new file mode 100644 index 000000000000..59fc1d9bf85a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControls.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/b28fbe4a-0bb1-4593-960b-061c8655a550/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "properties": { + "description": "this is a source control", + "contentTypes": [ + "AnalyticsRule", + "Workbook" + ], + "displayName": "My Source Control", + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "lastDeploymentInfo": { + "deployment": { + "deploymentId": "4985046420", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "deploymentResult": "Success", + "deploymentState": "Completed", + "deploymentTime": "2021-01-01T17:18:19.1234567Z" + }, + "deploymentFetchStatus": "Success", + "message": "Successful deployment" + }, + "pullRequest": { + "state": "Open", + "url": "https://github.com/user/repo/pull/123" + }, + "repoType": "Github", + "repository": { + "branch": "master", + "deploymentLogsUrl": "https://github.com/user/repo/actions", + "displayUrl": "https://github.com/user/repo", + "url": "https://github.com/user/repo" + }, + "repositoryResourceInfo": { + "azureDevOpsResourceInfo": null, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "webhook": { + "webhookId": "342768323", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/eeca17ff-d744-4a8b-9f5e-1edcc3346a1d/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a" + } + }, + "servicePrincipal": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "6a5f9fbd-6ce5-45a5-a729-79f8943472f3", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + }, + "workloadIdentityFederation": { + "appId": "307ef030-13ed-4342-8cc2-c11760649f4d", + "id": "c2c12197-fc2c-4880-9b18-0996ffe7aeca", + "issuer": "https://token.actions.githubusercontent.com", + "subject": "repo:user/repo:ref:refs/heads/branch", + "tenantId": "336ffe99-ff10-48fa-8c21-6da2a653dcce" + } + }, + "systemData": { + "createdAt": "2021-01-01T17:18:19.1234567Z", + "createdBy": "user1", + "createdByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User" + }, + "version": "V2" + } + ] + } + } + }, + "operationId": "SourceControls_List", + "title": "Get all source controls." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json new file mode 100644 index 000000000000..2c48b3fb12a5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -0,0 +1,20 @@ +{ + "parameters": { + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceAppendTags": { + "threatIntelligenceTags": [ + "tag1", + "tag2" + ] + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {} + }, + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "title": "Append tags to a threat intelligence indicator" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json new file mode 100644 index 000000000000..6c3e2d3b96e0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "lastUpdatedTimeUtc": "2021-09-01T19:44:44.117403Z", + "patternTypeMetrics": [ + { + "metricName": "url", + "metricValue": 20 + } + ], + "sourceMetrics": [ + { + "metricName": "Azure Sentinel", + "metricValue": 10315 + }, + { + "metricName": "zinga", + "metricValue": 2 + } + ], + "threatTypeMetrics": [ + { + "metricName": "compromised", + "metricValue": 20 + } + ] + } + } + ] + } + } + }, + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "title": "Get threat intelligence indicators metrics." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json new file mode 100644 index 000000000000..2d0a6fc24189 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "displayName": "new schema", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-09-15T17:44:00.114052Z", + "validUntil": "" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-09-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "displayName": "new schema", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-09-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-09-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "displayName": "new schema", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-09-15T20:20:38.6161887Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-09-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "title": "Create a new Threat Intelligence" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json new file mode 100644 index 000000000000..66a673697d45 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "ThreatIntelligenceIndicator_Delete", + "title": "Delete a threat intelligence indicator" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json new file mode 100644 index 000000000000..dad44c3dda85 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 90, + "created": "2021-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "displayName": "new schema 2", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.0746926Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + }, + { + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "displayName": "updated indicator", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.074903Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + ] + } + } + }, + "operationId": "ThreatIntelligenceIndicators_List", + "title": "Get all threat intelligence indicators" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..3798b2c3a4ca --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "displayName": "updated indicator", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T20:18:49.2259902Z", + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_Get", + "title": "View a threat intelligence indicator by name" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceCount.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceCount.json new file mode 100644 index 000000000000..5ec0209a8821 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceCount.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "Query": { + "condition": { + "clauses": [ + { + "field": "lastUpdatedTimeUtc", + "operator": "OnOrBeforeAbsolute", + "values": [ + "2024-02-09T23:59:59.999Z" + ] + } + ], + "conditionConnective": null + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "tiType": "main", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "count": 3 + } + } + }, + "operationId": "ThreatIntelligence_Count", + "title": "Get TI object count" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceQuery.json new file mode 100644 index 000000000000..88460bbeff23 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceQuery.json @@ -0,0 +1,124 @@ +{ + "parameters": { + "Query": { + "condition": { + "clauses": [ + { + "field": "lastUpdatedTimeUtc", + "operator": "OnOrBeforeAbsolute", + "values": [ + "2024-02-09T23:59:59.999Z" + ] + } + ], + "conditionConnective": null, + "stixObjectType": "attack-pattern" + }, + "maxPageSize": 100, + "minPageSize": 100, + "sortBy": { + "direction": "DESC", + "field": "lastUpdatedTimeUtc" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "tiType": "main", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "dGxwLW1peGVkVHlwZXMtd2l0aC1SdWxlcy0y---attack-pattern--fb6aa549-c94a-4e45-b4fd-7e32602dad85", + "type": "Microsoft.SecurityInsights/threatintelligence", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/threatintelligence/dGxwLW1peGVkVHlwZXMtd2l0aC1SdWxlcy0y---attack-pattern--fb6aa549-c94a-4e45-b4fd-7e32602dad85", + "kind": "AttackPattern", + "properties": { + "createdBy": { + "name": "", + "email": "", + "objectId": "00000000-0000-0000-0000-000000000000" + }, + "data": { + "name": "Attack Pattern 2.1", + "type": "attack-pattern", + "description": "menuPass appears to favor spear phishing to deliver payloads to the intended targets. While the attackers behind menuPass have used other RATs in their campaign, it appears that they use PIVY as their primary persistence mechanism.", + "aliases": [ + "alias_1", + "alias_2" + ], + "confidence": 100, + "created": "2015-05-15T09:12:16.432Z", + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "external_references": [ + { + "description": "spear phishing", + "external_id": "CAPEC-163", + "hashes": null, + "source_name": "capec", + "url": null + } + ], + "granular_markings": [ + { + "lang": "en", + "marking_ref": "marking-definition--089a6ecb-cc15-43cc-9494-767639779123", + "selectors": [ + "description", + "labels" + ] + } + ], + "id": "attack-pattern--fb6aa549-c94a-4e45-b4fd-7e32602dad85", + "kill_chain_phases": [ + { + "kill_chain_name": "mandiant-attack-lifecycle-model", + "phase_name": "initial-compromise" + } + ], + "labels": [ + "heartbleed", + "has-logo" + ], + "lang": "en", + "modified": "2015-05-20T09:12:16.432Z", + "object_marking_refs": [ + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" + ], + "revoked": true, + "spec_version": "2.1", + "extensions": { + "extension-definition--d83fce45-ef58-4c6c-a3f4-1fbc32e98c6e": { + "extension_type": "property-extension", + "rank": 5, + "toxicity": 8 + }, + "sentinel-ext": { + "severity": null + } + } + }, + "firstIngestedTimeUtc": "2024-02-05T22:47:29.4948816", + "ingestionRulesVersion": "00000000-0000-0000-0000-000000000000", + "lastIngestedTimeUtc": "2024-02-05T22:47:29.4948816", + "lastModifiedBy": { + "name": "", + "email": "", + "objectId": "00000000-0000-0000-0000-000000000000" + }, + "lastUpdateMethod": "File Import", + "lastUpdatedDateTimeUtc": "2024-02-05T22:47:29.4948816", + "relationshipHints": null, + "source": "mySource" + } + } + ] + } + } + }, + "operationId": "ThreatIntelligence_Query", + "title": "Get TI objects" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json new file mode 100644 index 000000000000..2c42f3cd56d3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json @@ -0,0 +1,109 @@ +{ + "parameters": { + "ThreatIntelligenceFilteringCriteria": { + "maxConfidence": 80, + "maxValidUntil": "2021-04-25T17:44:00.114052Z", + "minConfidence": 25, + "minValidUntil": "2021-04-05T17:44:00.114052Z", + "pageSize": 100, + "sortBy": [ + { + "itemKey": "lastUpdatedTimeUtc", + "sortOrder": "descending" + } + ], + "sources": [ + "Azure Sentinel" + ] + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "kind": "indicator", + "properties": { + "description": "debugging indicators 2", + "confidence": 90, + "created": "2021-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "displayName": "new schema 2", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "parsedPattern": [ + { + "patternTypeKey": "network-traffic", + "patternTypeValues": [ + { + "value": "SSH-2.0-PuTTY_Release_0.64", + "valueType": "0" + }, + { + "value": "194.88.106.146", + "valueType": "1" + } + ] + } + ], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + }, + { + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "displayName": "updated indicator", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.074903Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + ] + } + } + }, + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "title": "Query threat intelligence indicators as per filtering criteria" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json new file mode 100644 index 000000000000..e33f149d03e8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceReplaceTags": { + "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", + "kind": "indicator", + "properties": { + "threatIntelligenceTags": [ + "patching tags" + ] + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "displayName": "updated indicator", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T19:56:08.828946Z", + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "title": "Replace tags to a Threat Intelligence" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json new file mode 100644 index 000000000000..8342b286cc61 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json @@ -0,0 +1,103 @@ +{ + "parameters": { + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "displayName": "new schema", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "displayName": "new schema", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "kind": "indicator", + "properties": { + "description": "debugging indicators", + "confidence": 78, + "created": "2021-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "displayName": "new schema", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "killChainPhases": [], + "lastUpdatedTimeUtc": "2021-04-15T20:20:38.6161887Z", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "threatTypes": [ + "compromised" + ], + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + }, + "operationId": "ThreatIntelligenceIndicator_Create", + "title": "Update a threat Intelligence indicator" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json new file mode 100644 index 000000000000..02fe28e037f0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "analyticsRuleRunTriggerParameter": { + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z" + } + }, + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "202": { + "headers": { + "Code": "202", + "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2025-07-01-preview", + "Message": "Accepted" + } + } + }, + "operationId": "alertRule_TriggerRuleRun", + "title": "triggerRuleRun_Post" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json new file mode 100644 index 000000000000..be2e3d433ee8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "ruleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z", + "provisioningState": "InProgress", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "ruleRunAdditionalData": { + "auditCorrelationId": "b8540a76-cb05-4a9b-8d52-9959b509e4ad", + "createdBy": "user@microsoft.com", + "healthCorrelationId": "dadd8fdc-fc7a-4005-a289-4e164cb75093" + }, + "triggeredAnalyticsRuleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + } + } + } + }, + "operationId": "triggeredAnalyticsRuleRun_Get", + "title": "triggeredAnalyticsRuleRun_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json new file mode 100644 index 000000000000..1bdb624d845a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z", + "provisioningState": "InProgress", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "ruleRunAdditionalData": { + "auditCorrelationId": "b8540a76-cb05-4a9b-8d52-9959b509e4ad", + "createdBy": "user@microsoft.com", + "healthCorrelationId": "dadd8fdc-fc7a-4005-a289-4e164cb75093" + }, + "triggeredAnalyticsRuleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + } + }, + { + "name": "1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "properties": { + "executionTimeUtc": "2022-12-20T15:37:03.074Z", + "provisioningState": "Succeeded", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "ruleRunAdditionalData": { + "auditCorrelationId": "763f9dae-1027-44b9-a34a-589404693670", + "createdBy": "user2@microsoft.com", + "healthCorrelationId": "b3c165ec-f53e-48c1-9677-216d9e930912" + }, + "triggeredAnalyticsRuleRunId": "1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c" + } + } + ] + } + } + }, + "operationId": "getTriggeredAnalyticsRuleRuns_List", + "title": "triggeredAnalyticsRuleRuns_Get" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlist.json new file mode 100644 index 000000000000..eeeb1477a776 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlist.json @@ -0,0 +1,90 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "description": "Watchlist from CSV content", + "displayName": "High Value Assets Watchlist", + "itemsSearchKey": "header1", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local" + } + }, + "watchlistAlias": "highValueAsset", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + }, + "201": { + "body": { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + } + }, + "operationId": "Watchlists_CreateOrUpdate", + "title": "Create or update a watchlist." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json new file mode 100644 index 000000000000..0f61393d06a3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "description": "Watchlist from CSV content", + "contentType": "text/csv", + "displayName": "High Value Assets Watchlist", + "itemsSearchKey": "header1", + "numberOfLinesToSkip": 1, + "provider": "Microsoft", + "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", + "source": "watchlist.csv", + "sourceType": "Local" + } + }, + "watchlistAlias": "highValueAsset", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + }, + "201": { + "body": { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + } + }, + "operationId": "Watchlists_CreateOrUpdate", + "title": "Create or update a watchlist and bulk creates watchlist items." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistItem.json new file mode 100644 index 000000000000..947301fc9d02 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "watchlistItem": { + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "itemsKeyValue": { + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Gateway subnet": "10.0.255.224/27", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27", + "Web Tier": "10.0.1.0/24" + } + } + }, + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "properties": { + "created": "2020-11-15T04:58:56.0748363+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "isDeleted": false, + "itemsKeyValue": { + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Gateway subnet": "10.0.255.224/27", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27", + "Web Tier": "10.0.1.0/24" + }, + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "updated": "2020-11-16T16:05:20+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItemType": "watchlist-item" + } + } + }, + "201": { + "body": { + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "properties": { + "created": "2020-11-15T04:58:56.0748363+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "isDeleted": false, + "itemsKeyValue": { + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Gateway subnet": "10.0.255.224/27", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27", + "Web Tier": "10.0.1.0/24" + }, + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "updated": "2020-11-16T16:05:20+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItemType": "watchlist-item" + } + } + } + }, + "operationId": "WatchlistItems_CreateOrUpdate", + "title": "Create or update a watchlist item." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlist.json new file mode 100644 index 000000000000..d63c7970b432 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlist.json @@ -0,0 +1,20 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "workspaceName": "myWorkspace" + }, + "responses": { + "202": { + "headers": { + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2025-07-01-preview" + } + }, + "204": {} + }, + "operationId": "Watchlists_Delete", + "title": "Delete a watchlist." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlistItem.json new file mode 100644 index 000000000000..8dbdf4e4351f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WatchlistItems_Delete", + "title": "Delete a watchlist item." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistByAlias.json new file mode 100644 index 000000000000..0896000a0d57 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistByAlias.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "defaultDuration": "P1279DT12H30M5S", + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "labels": [ + "Tag1", + "Tag2" + ], + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + } + }, + "operationId": "Watchlists_Get", + "title": "Get a watchlist." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItemById.json new file mode 100644 index 000000000000..9586d269d1d5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItemById.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "properties": { + "created": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "entityMapping": {}, + "isDeleted": false, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "watchlistItemType": "watchlist-item" + } + } + } + }, + "operationId": "WatchlistItems_Get", + "title": "Get a watchlist item." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItems.json new file mode 100644 index 000000000000..f9548e237c50 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItems.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "watchlistAlias": "highValueAsset", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "properties": { + "created": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "entityMapping": {}, + "isDeleted": false, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "watchlistItemType": "watchlist-item" + } + } + ] + } + } + }, + "operationId": "WatchlistItems_List", + "title": "Get all watchlist Items." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlists.json new file mode 100644 index 000000000000..220c68e3422e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlists.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "properties": { + "description": "Watchlist from CSV content", + "created": "2020-09-28T00:26:54.7746089+00:00", + "createdBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "defaultDuration": "P1279DT12H30M5S", + "displayName": "High Value Assets Watchlist", + "isDeleted": false, + "itemsSearchKey": "header1", + "labels": [ + "Tag1", + "Tag2" + ], + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd", + "updated": "2020-09-28T00:26:57+00:00", + "updatedBy": { + "name": "john doe", + "email": "john@contoso.com", + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "watchlistAlias": "highValueAsset", + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "watchlistType": "watchlist" + } + } + ] + } + } + }, + "operationId": "Watchlists_List", + "title": "Get all watchlists." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json new file mode 100644 index 000000000000..9f8551d604b2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "properties": { + "provisioningState": "InProgress", + "startTime": "2022-06-14T04:47:52.9614956Z" + } + } + } + }, + "operationId": "WorkspaceManagerAssignmentJobs_Create", + "title": "Creates a job for the specified workspace manager assignment" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..07f98d6688ea --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignment": { + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + }, + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + }, + "201": { + "body": { + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + } + }, + "operationId": "WorkspaceManagerAssignments_CreateOrUpdate", + "title": "Creates or updates a workspace manager assignment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json new file mode 100644 index 000000000000..403b32cdd8d8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WorkspaceManagerAssignmentJobs_Delete", + "title": "Delete a workspace manager job." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..6ae1d78ab35c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WorkspaceManagerAssignments_Delete", + "title": "Delete a workspace manager assignment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json new file mode 100644 index 000000000000..a3e328639e41 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "properties": { + "endTime": "2022-06-14T04:52:52.9614956Z", + "items": [ + { + "executionTime": "2022-06-14T04:49:52.9614956Z", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne", + "status": "Succeeded" + }, + { + "errors": [ + { + "errorMessage": "Failed to write. Status code: Forbidden.", + "memberResourceName": "f5fa104e-c0e3-4747-9182-d342dc048a9e" + } + ], + "executionTime": "2022-06-14T04:50:52.9614956Z", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo", + "status": "Failed" + } + ], + "provisioningState": "Failed", + "startTime": "2022-06-14T04:47:52.9614956Z" + } + } + ] + } + } + }, + "operationId": "WorkspaceManagerAssignmentJobs_List", + "title": "Get all jobs for the specified Sentinel workspace manager assignment." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json new file mode 100644 index 000000000000..3c095b8b0ea9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "lastJobEndTime": "2022-06-14T04:52:52.9614956Z", + "lastJobProvisioningState": "Failed", + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + ] + } + } + }, + "operationId": "WorkspaceManagerAssignments_List", + "title": "Get all workspace manager assignments for the Sentinel workspace manager." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetJob.json new file mode 100644 index 000000000000..a97036a1ee94 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetJob.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "properties": { + "endTime": "2022-06-14T04:52:52.9614956Z", + "items": [ + { + "executionTime": "2022-06-14T04:49:52.9614956Z", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne", + "status": "Succeeded" + }, + { + "errors": [ + { + "errorMessage": "Failed to write. Status code: Forbidden.", + "memberResourceName": "f5fa104e-c0e3-4747-9182-d342dc048a9e" + } + ], + "executionTime": "2022-06-14T04:50:52.9614956Z", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo", + "status": "Failed" + } + ], + "provisioningState": "Failed", + "startTime": "2022-06-14T04:47:52.9614956Z" + } + } + } + }, + "operationId": "WorkspaceManagerAssignmentJobs_Get", + "title": "Get a workspace manager job" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..c606338137ed --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "lastJobEndTime": "2022-06-14T04:52:52.9614956Z", + "lastJobProvisioningState": "Failed", + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + } + }, + "operationId": "WorkspaceManagerAssignments_Get", + "title": "Get a workspace manager assignment" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..20d594abfdb2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerConfiguration": { + "properties": { + "mode": "Enabled" + } + }, + "workspaceManagerConfigurationName": "default", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "properties": { + "mode": "Enabled" + } + } + }, + "201": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "properties": { + "mode": "Enabled" + } + } + } + }, + "operationId": "WorkspaceManagerConfigurations_CreateOrUpdate", + "title": "Create or Update a workspace manager Configuration" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..41eb345d61d6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerConfigurationName": "default", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WorkspaceManagerConfigurations_Delete", + "title": "Delete a workspace manager configuration." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json new file mode 100644 index 000000000000..89c01951d8b8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "properties": { + "mode": "Enabled" + } + } + ] + } + } + }, + "operationId": "WorkspaceManagerConfigurations_List", + "title": "Get all workspace manager configurations for a Sentinel workspace." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..53302cb6bd0e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerConfigurationName": "default", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "properties": { + "mode": "Enabled" + } + } + } + }, + "operationId": "WorkspaceManagerConfigurations_Get", + "title": "Get a workspace manager configuration." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json new file mode 100644 index 000000000000..eaf4a4754b5e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerGroup": { + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + }, + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + }, + "201": { + "body": { + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + } + }, + "operationId": "WorkspaceManagerGroups_CreateOrUpdate", + "title": "Creates or updates a workspace manager group." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json new file mode 100644 index 000000000000..7b71dc835a9e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WorkspaceManagerGroups_Delete", + "title": "Delete a workspace manager group." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json new file mode 100644 index 000000000000..163a1cf83020 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + ] + } + } + }, + "operationId": "WorkspaceManagerGroups_List", + "title": "Get all workspace manager groups in the Sentinel workspace manager." +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json new file mode 100644 index 000000000000..99a6b5193f14 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + } + }, + "operationId": "WorkspaceManagerGroups_Get", + "title": "Get a workspace manager group" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json new file mode 100644 index 000000000000..32ac191cf60d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerMember": { + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + }, + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + } + }, + "operationId": "WorkspaceManagerMembers_CreateOrUpdate", + "title": "Create or Update a workspace manager member" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json new file mode 100644 index 000000000000..a7e64b8bb0a2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": {}, + "204": {} + }, + "operationId": "WorkspaceManagerMembers_Delete", + "title": "Delete a workspace manager member" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json new file mode 100644 index 000000000000..0a061dd98447 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + }, + "operationId": "WorkspaceManagerMembers_List", + "title": "Get all workspace manager members" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json new file mode 100644 index 000000000000..e3b58839f6bf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2025-07-01-preview", + "resourceGroupName": "myRg", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + } + }, + "operationId": "WorkspaceManagerMembers_Get", + "title": "Get a workspace manager member" +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json new file mode 100644 index 000000000000..47a32349f074 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -0,0 +1,31486 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "version": "2025-10-01-preview", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "x-typespec-generated": [ + { + "emitter": "@azure-tools/typespec-autorest" + } + ] + }, + "schemes": [ + "https" + ], + "host": "management.azure.com", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow.", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "tags": [ + { + "name": "Enrichment" + }, + { + "name": "Operations" + }, + { + "name": "Alert Rules" + }, + { + "name": "trigger analytics rule run" + }, + { + "name": "Actions" + }, + { + "name": "Alert Rule Templates" + }, + { + "name": "automationRules" + }, + { + "name": "Incidents" + }, + { + "name": "manualTrigger" + }, + { + "name": "IncidentAlerts" + }, + { + "name": "IncidentBookmarks" + }, + { + "name": "IncidentEntities" + }, + { + "name": "Bookmarks" + }, + { + "name": "Bookmark" + }, + { + "name": "ContentPackages" + }, + { + "name": "ContentProductPackages" + }, + { + "name": "ContentProductTemplates" + }, + { + "name": "ContentTemplates" + }, + { + "name": "ConnectorDefinitions" + }, + { + "name": "Data Connectors" + }, + { + "name": "Data Connectors Connect" + }, + { + "name": "Data Connectors Disconnect" + }, + { + "name": "IncidentComments" + }, + { + "name": "IncidentRelations" + }, + { + "name": "BookmarkRelations" + }, + { + "name": "EntityRelations" + }, + { + "name": "IncidentTasks" + }, + { + "name": "Metadata" + }, + { + "name": "SentinelOnboardingStates" + }, + { + "name": "Security ML Analytics Settings" + }, + { + "name": "SourceControls" + }, + { + "name": "ThreatIntelligence" + }, + { + "name": "Watchlists" + }, + { + "name": "WatchlistItems" + }, + { + "name": "Check Data Connector Requirements" + }, + { + "name": "Repositories" + }, + { + "name": "billingStatistics" + }, + { + "name": "Entities" + }, + { + "name": "EntityQueries" + }, + { + "name": "FileImports" + }, + { + "name": "Hunts" + }, + { + "name": "HuntComments" + }, + { + "name": "HuntRelations" + }, + { + "name": "Office Consents" + }, + { + "name": "recommendations" + }, + { + "name": "Settings" + }, + { + "name": "triggered analytics rule run" + }, + { + "name": "triggered analytics rule runs" + }, + { + "name": "workspaceManagerAssignments" + }, + { + "name": "workspaceManagerConfigurations" + }, + { + "name": "workspaceManagerGroups" + }, + { + "name": "workspaceManagerMember" + } + ], + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "tags": [ + "Operations" + ], + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "The request has succeeded.", + "schema": { + "$ref": "#/definitions/OperationsList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all operations.": { + "$ref": "./examples/operations/ListOperations.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { + "get": { + "operationId": "AlertRuleTemplates_List", + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets all alert rule templates.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AlertRuleTemplatesList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all alert rule templates.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { + "get": { + "operationId": "AlertRuleTemplates_Get", + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets the alert rule template.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "alertRuleTemplateId", + "in": "path", + "description": "Alert rule template ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get alert rule template by Id.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "operationId": "AlertRules_List", + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all alert rules.": { + "$ref": "./examples/alertRules/GetAllAlertRules.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "operationId": "AlertRules_Get", + "tags": [ + "Alert Rules" + ], + "description": "Gets the alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a Fusion alert rule.": { + "$ref": "./examples/alertRules/GetFusionAlertRule.json" + }, + "Get a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" + }, + "Get a Scheduled alert rule.": { + "$ref": "./examples/alertRules/GetScheduledAlertRule.json" + }, + "Get an Nrt alert rule.": { + "$ref": "./examples/alertRules/GetNrtAlertRule.json" + } + } + }, + "put": { + "operationId": "AlertRules_CreateOrUpdate", + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + }, + { + "name": "alertRule", + "in": "body", + "description": "The alert rule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + } + } + ], + "responses": { + "200": { + "description": "Resource 'AlertRule' update operation succeeded", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Resource 'AlertRule' create operation succeeded", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a Fusion alert rule with scenario exclusion pattern.": { + "$ref": "./examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json" + }, + "Creates or updates a Fusion alert rule.": { + "$ref": "./examples/alertRules/CreateFusionAlertRule.json" + }, + "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" + }, + "Creates or updates a Nrt alert rule.": { + "$ref": "./examples/alertRules/CreateNrtAlertRule.json" + }, + "Creates or updates a Scheduled alert rule.": { + "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" + } + } + }, + "delete": { + "operationId": "AlertRules_Delete", + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete an alert rule.": { + "$ref": "./examples/alertRules/DeleteAlertRule.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { + "get": { + "operationId": "Actions_ListByAlertRule", + "tags": [ + "Actions" + ], + "description": "Gets all actions of alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ActionsList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all actions of alert rule.": { + "$ref": "./examples/actions/GetAllActionsByAlertRule.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { + "get": { + "operationId": "Actions_Get", + "tags": [ + "Actions" + ], + "description": "Gets the action of alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + }, + { + "name": "actionId", + "in": "path", + "description": "Action ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get an action of alert rule.": { + "$ref": "./examples/actions/GetActionOfAlertRuleById.json" + } + } + }, + "put": { + "operationId": "Actions_CreateOrUpdate", + "tags": [ + "Actions" + ], + "description": "Creates or updates the action of alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + }, + { + "name": "actionId", + "in": "path", + "description": "Action ID", + "required": true, + "type": "string" + }, + { + "name": "action", + "in": "body", + "description": "The action", + "required": true, + "schema": { + "$ref": "#/definitions/ActionRequest" + } + } + ], + "responses": { + "200": { + "description": "Resource 'ActionResponse' update operation succeeded", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "201": { + "description": "Resource 'ActionResponse' create operation succeeded", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates an action of alert rule.": { + "$ref": "./examples/actions/CreateActionOfAlertRule.json" + } + } + }, + "delete": { + "operationId": "Actions_Delete", + "tags": [ + "Actions" + ], + "description": "Delete the action of alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + }, + { + "name": "actionId", + "in": "path", + "description": "Action ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete an action of alert rule.": { + "$ref": "./examples/actions/DeleteActionOfAlertRule.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun": { + "post": { + "operationId": "alertRule_TriggerRuleRun", + "tags": [ + "trigger analytics rule run" + ], + "description": "triggers analytics rule run", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + }, + { + "name": "analyticsRuleRunTriggerParameter", + "in": "body", + "description": "The content of the action request", + "required": true, + "schema": { + "$ref": "#/definitions/AnalyticsRuleRunTrigger" + } + } + ], + "responses": { + "202": { + "description": "Resource operation accepted.", + "headers": { + "Location": { + "type": "string", + "description": "The Location header contains the URL where the status of the long running operation can be checked." + } + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "triggerRuleRun_Post": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json" + } + }, + "x-ms-long-running-operation-options": { + "final-state-via": "location", + "final-state-schema": "#/definitions/AlertRule" + }, + "x-ms-long-running-operation": true + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules": { + "get": { + "operationId": "AutomationRules_List", + "tags": [ + "automationRules" + ], + "description": "Gets all automation rules.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AutomationRulesList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_List": { + "$ref": "./examples/automationRules/AutomationRules_List.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { + "get": { + "operationId": "AutomationRules_Get", + "tags": [ + "automationRules" + ], + "description": "Gets the automation rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "automationRuleId", + "in": "path", + "description": "Automation rule ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Get": { + "$ref": "./examples/automationRules/AutomationRules_Get.json" + } + } + }, + "put": { + "operationId": "AutomationRules_CreateOrUpdate", + "tags": [ + "automationRules" + ], + "description": "Creates or updates the automation rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "automationRuleId", + "in": "path", + "description": "The automation rule ID.", + "required": true, + "type": "string" + }, + { + "name": "automationRuleToUpsert", + "in": "body", + "description": "The automation rule", + "required": false, + "schema": { + "$ref": "#/definitions/AutomationRule" + } + } + ], + "responses": { + "200": { + "description": "Resource 'AutomationRule' update operation succeeded", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "201": { + "description": "Resource 'AutomationRule' create operation succeeded", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_CreateOrUpdate": { + "$ref": "./examples/automationRules/AutomationRules_CreateOrUpdate.json" + } + } + }, + "delete": { + "operationId": "AutomationRules_Delete", + "tags": [ + "automationRules" + ], + "description": "Delete the automation rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "automationRuleId", + "in": "path", + "description": "Automation rule ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": {} + }, + "204": { + "description": "There is no content to send for this request, but the headers may be useful. ", + "schema": {} + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Delete": { + "$ref": "./examples/automationRules/AutomationRules_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics": { + "get": { + "operationId": "BillingStatistics_List", + "tags": [ + "billingStatistics" + ], + "description": "Gets all Microsoft Sentinel billing statistics.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/BillingStatisticList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get all Microsoft Sentinel billing statistics.": { + "$ref": "./examples/billingStatistics/GetAllBillingStatistics.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}": { + "get": { + "operationId": "BillingStatistics_Get", + "tags": [ + "billingStatistics" + ], + "description": "Gets a billing statistic", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "billingStatisticName", + "in": "path", + "description": "The name of the billing statistic", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/BillingStatistic" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get a billing statistic.": { + "$ref": "./examples/billingStatistics/GetBillingStatistic.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { + "get": { + "operationId": "Bookmarks_List", + "tags": [ + "Bookmarks" + ], + "description": "Gets all bookmarks.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/BookmarkList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all bookmarks.": { + "$ref": "./examples/bookmarks/GetBookmarks.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}": { + "get": { + "operationId": "Bookmarks_Get", + "tags": [ + "Bookmarks" + ], + "description": "Gets a bookmark.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a bookmark.": { + "$ref": "./examples/bookmarks/GetBookmarkById.json" + } + } + }, + "put": { + "operationId": "Bookmarks_CreateOrUpdate", + "tags": [ + "Bookmarks" + ], + "description": "Creates or updates the bookmark.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + }, + { + "name": "bookmark", + "in": "body", + "description": "The bookmark", + "required": true, + "schema": { + "$ref": "#/definitions/Bookmark" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Bookmark' update operation succeeded", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "201": { + "description": "Resource 'Bookmark' create operation succeeded", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a bookmark.": { + "$ref": "./examples/bookmarks/CreateBookmark.json" + } + } + }, + "delete": { + "operationId": "Bookmarks_Delete", + "tags": [ + "Bookmarks" + ], + "description": "Delete the bookmark.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a bookmark.": { + "$ref": "./examples/bookmarks/DeleteBookmark.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand": { + "post": { + "operationId": "Bookmark_Expand", + "tags": [ + "Bookmark" + ], + "description": "Expand an bookmark", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + }, + { + "name": "parameters", + "in": "body", + "description": "The content of the action request", + "required": true, + "schema": { + "$ref": "#/definitions/BookmarkExpandParameters" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/BookmarkExpandResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Expand an bookmark": { + "$ref": "./examples/bookmarks/expand/PostExpandBookmark.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations": { + "get": { + "operationId": "BookmarkRelations_List", + "tags": [ + "BookmarkRelations" + ], + "description": "Gets all bookmark relations.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/RelationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all bookmark relations.": { + "$ref": "./examples/bookmarks/relations/GetAllBookmarkRelations.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}": { + "get": { + "operationId": "BookmarkRelations_Get", + "tags": [ + "BookmarkRelations" + ], + "description": "Gets a bookmark relation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + }, + { + "name": "relationName", + "in": "path", + "description": "Relation Name", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-zA-Z0-9-]{3,63}$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a bookmark relation.": { + "$ref": "./examples/bookmarks/relations/GetBookmarkRelationByName.json" + } + } + }, + "put": { + "operationId": "BookmarkRelations_CreateOrUpdate", + "tags": [ + "BookmarkRelations" + ], + "description": "Creates the bookmark relation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + }, + { + "name": "relationName", + "in": "path", + "description": "Relation Name", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-zA-Z0-9-]{3,63}$" + }, + { + "name": "relation", + "in": "body", + "description": "Resource create parameters.", + "required": true, + "schema": { + "$ref": "#/definitions/Relation" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Relation' update operation succeeded", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "201": { + "description": "Resource 'Relation' create operation succeeded", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a bookmark relation.": { + "$ref": "./examples/bookmarks/relations/CreateBookmarkRelation.json" + } + } + }, + "delete": { + "operationId": "BookmarkRelations_Delete", + "tags": [ + "BookmarkRelations" + ], + "description": "Delete the bookmark relation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + }, + { + "name": "relationName", + "in": "path", + "description": "Relation Name", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-zA-Z0-9-]{3,63}$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete the bookmark relation.": { + "$ref": "./examples/bookmarks/relations/DeleteBookmarkRelation.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages": { + "get": { + "operationId": "ContentPackages_List", + "tags": [ + "ContentPackages" + ], + "description": "Gets all installed packages.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$search", + "in": "query", + "description": "Searches for a substring in the response. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$count", + "in": "query", + "description": "Instructs the server to return only object count without actual body. Optional.", + "required": false, + "type": "boolean" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skip", + "in": "query", + "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/packageList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all available packages.": { + "$ref": "./examples/contentPackages/GetPackages.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}": { + "get": { + "operationId": "ContentPackages_Get", + "tags": [ + "ContentPackages" + ], + "description": "Gets an installed packages by its id.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "packageId", + "in": "path", + "description": "package Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get installed packages by id.": { + "$ref": "./examples/contentPackages/GetPackageById.json" + } + } + }, + "put": { + "operationId": "ContentPackage_Install", + "tags": [ + "ContentPackages" + ], + "description": "Install a package to the workspace.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "packageId", + "in": "path", + "description": "package Id", + "required": true, + "type": "string" + }, + { + "name": "packageInstallationProperties", + "in": "body", + "description": "Package installation properties", + "required": true, + "schema": { + "$ref": "#/definitions/packageModel" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PackageModel' update operation succeeded", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "201": { + "description": "Resource 'PackageModel' create operation succeeded", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Install a package to the workspace.": { + "$ref": "./examples/contentPackages/InstallPackage.json" + } + } + }, + "delete": { + "operationId": "ContentPackage_Uninstall", + "tags": [ + "ContentPackages" + ], + "description": "Uninstall a package from the workspace.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "packageId", + "in": "path", + "description": "package Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Uninstall a package from the workspace.": { + "$ref": "./examples/contentPackages/UninstallPackage.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages": { + "get": { + "operationId": "ProductPackages_List", + "tags": [ + "ContentProductPackages" + ], + "description": "Gets all packages from the catalog.\nExpandable properties:\n- properties/installed\n- properties/packagedContent", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$search", + "in": "query", + "description": "Searches for a substring in the response. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/productPackageList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all available packages.": { + "$ref": "./examples/contentPackages/GetProductPackages.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}": { + "get": { + "operationId": "ProductPackage_Get", + "tags": [ + "ContentProductPackages" + ], + "description": "Gets a package by its identifier from the catalog.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "packageId", + "in": "path", + "description": "package Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/productPackageModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a package.": { + "$ref": "./examples/contentPackages/GetProductPackageById.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates": { + "get": { + "operationId": "ProductTemplates_List", + "tags": [ + "ContentProductTemplates" + ], + "description": "Gets all templates in the catalog.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$search", + "in": "query", + "description": "Searches for a substring in the response. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$count", + "in": "query", + "description": "Instructs the server to return only object count without actual body. Optional.", + "required": false, + "type": "boolean" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skip", + "in": "query", + "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/productTemplateList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all installed templates.": { + "$ref": "./examples/contentTemplates/GetProductTemplates.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates": { + "get": { + "operationId": "ContentTemplates_List", + "tags": [ + "ContentTemplates" + ], + "description": "Gets all installed templates.\nExpandable properties:\n- properties/mainTemplate\n- properties/dependantTemplates", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Expands the object with optional fiends that are not included by default. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$search", + "in": "query", + "description": "Searches for a substring in the response. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$count", + "in": "query", + "description": "Instructs the server to return only object count without actual body. Optional.", + "required": false, + "type": "boolean" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skip", + "in": "query", + "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/templateList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all installed templates.": { + "$ref": "./examples/contentTemplates/GetTemplates.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}": { + "get": { + "operationId": "ContentTemplate_Get", + "tags": [ + "ContentTemplates" + ], + "description": "Gets a template byt its identifier.\nExpandable properties:\n- properties/mainTemplate\n- properties/dependantTemplates", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "templateId", + "in": "path", + "description": "template Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/GetTemplateById.json" + } + } + }, + "put": { + "operationId": "ContentTemplate_Install", + "tags": [ + "ContentTemplates" + ], + "description": "Install a template.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "templateId", + "in": "path", + "description": "template Id", + "required": true, + "type": "string" + }, + { + "name": "templateInstallationProperties", + "in": "body", + "description": "Template installation properties", + "required": true, + "schema": { + "$ref": "#/definitions/templateModel" + } + } + ], + "responses": { + "200": { + "description": "Resource 'TemplateModel' update operation succeeded", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "201": { + "description": "Resource 'TemplateModel' create operation succeeded", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/InstallTemplate.json" + } + } + }, + "delete": { + "operationId": "ContentTemplate_Delete", + "tags": [ + "ContentTemplates" + ], + "description": "Delete an installed template.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "templateId", + "in": "path", + "description": "template Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/contentTemplates/DeleteTemplate.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}": { + "get": { + "operationId": "ProductTemplate_Get", + "tags": [ + "ContentProductTemplates" + ], + "description": "Gets a template by its identifier.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "templateId", + "in": "path", + "description": "template Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/productTemplateModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/GetProductTemplateById.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions": { + "get": { + "operationId": "DataConnectorDefinitions_List", + "tags": [ + "ConnectorDefinitions" + ], + "description": "Gets all data connector definitions.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/DataConnectorDefinitionArmCollectionWrapper" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all data connector definitions.": { + "$ref": "./examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}": { + "get": { + "operationId": "DataConnectorDefinitions_Get", + "tags": [ + "ConnectorDefinitions" + ], + "description": "Gets a data connector definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorDefinitionName", + "in": "path", + "description": "The data connector definition name.", + "required": true, + "type": "string", + "pattern": "^[a-z0-9A-Z-_]*$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get customize data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json" + } + } + }, + "put": { + "operationId": "DataConnectorDefinitions_CreateOrUpdate", + "tags": [ + "ConnectorDefinitions" + ], + "description": "Creates or updates the data connector definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorDefinitionName", + "in": "path", + "description": "The data connector definition name.", + "required": true, + "type": "string", + "pattern": "^[a-z0-9A-Z-_]*$" + }, + { + "name": "connectorDefinitionInput", + "in": "body", + "description": "The data connector definition", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + } + ], + "responses": { + "200": { + "description": "Resource 'DataConnectorDefinition' update operation succeeded", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "201": { + "description": "Resource 'DataConnectorDefinition' create operation succeeded", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json" + } + } + }, + "delete": { + "operationId": "DataConnectorDefinitions_Delete", + "tags": [ + "ConnectorDefinitions" + ], + "description": "Delete the data connector definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorDefinitionName", + "in": "path", + "description": "The data connector definition name.", + "required": true, + "type": "string", + "pattern": "^[a-z0-9A-Z-_]*$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { + "get": { + "operationId": "DataConnectors_List", + "tags": [ + "Data Connectors" + ], + "description": "Gets all data connectors.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/DataConnectorList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all data connectors.": { + "$ref": "./examples/dataConnectors/GetDataConnectors.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { + "get": { + "operationId": "DataConnectors_Get", + "tags": [ + "Data Connectors" + ], + "description": "Gets a data connector.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorId", + "in": "path", + "description": "Connector ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a APIPolling data connector": { + "$ref": "./examples/dataConnectors/GetAPIPolling.json" + }, + "Get a ASC data connector": { + "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" + }, + "Get a Dynamics365 data connector": { + "$ref": "./examples/dataConnectors/GetDynamics365DataConnectorById.json" + }, + "Get a GCP data connector": { + "$ref": "./examples/dataConnectors/GetGoogleCloudPlatformById.json" + }, + "Get a GenericUI data connector": { + "$ref": "./examples/dataConnectors/GetGenericUI.json" + }, + "Get a IoT data connector": { + "$ref": "./examples/dataConnectors/GetIoTById.json" + }, + "Get a MCAS data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" + }, + "Get a MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json" + }, + "Get a MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json" + }, + "Get a MicrosoftThreatProtection data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatProtectionById.json" + }, + "Get a PremiumMicrosoftDefenderForThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json" + }, + "Get a PurviewAudit data connector": { + "$ref": "./examples/dataConnectors/GetPurviewAuditDataConnectorById.json" + }, + "Get a RestApiPoller data connector": { + "$ref": "./examples/dataConnectors/GetRestApiPollerById.json" + }, + "Get a TI Taxii data connector.": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceTaxiiById.json" + }, + "Get a TI data connector": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" + }, + "Get an AADIP (Azure Active Directory Identity Protection) data connector": { + "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" + }, + "Get an AATP data connector": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get an Aws S3 data connector": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesS3ById.json" + }, + "Get an AwsCloudTrail data connector": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an Office ATP data connector": { + "$ref": "./examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json" + }, + "Get an Office IRM data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json" + }, + "Get an Office365 PowerBI data connector": { + "$ref": "./examples/dataConnectors/GetOfficePowerBIDataConnetorById.json" + }, + "Get an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/GetOffice365ProjectDataConnetorById.json" + }, + "Get an Office365 data connector.": { + "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" + } + } + }, + "put": { + "operationId": "DataConnectors_CreateOrUpdate", + "tags": [ + "Data Connectors" + ], + "description": "Creates or updates the data connector.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorId", + "in": "path", + "description": "Connector ID", + "required": true, + "type": "string" + }, + { + "name": "dataConnector", + "in": "body", + "description": "The data connector", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnector" + } + } + ], + "responses": { + "200": { + "description": "Resource 'DataConnector' update operation succeeded", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "201": { + "description": "Resource 'DataConnector' create operation succeeded", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a APIPolling data connector": { + "$ref": "./examples/dataConnectors/CreateAPIPolling.json" + }, + "Creates or updates a Dynamics365 data connector.": { + "$ref": "./examples/dataConnectors/CreateDynamics365DataConnetor.json" + }, + "Creates or updates a GCP data connector": { + "$ref": "./examples/dataConnectors/CreateGoogleCloudPlatform.json" + }, + "Creates or updates a GenericUI data connector": { + "$ref": "./examples/dataConnectors/CreateGenericUI.json" + }, + "Creates or updates a Microsoft Threat Intelligence data connector.": { + "$ref": "./examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json" + }, + "Creates or updates a MicrosoftThreatProtection data connector": { + "$ref": "./examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json" + }, + "Creates or updates a PremiumMicrosoftDefenderForThreatIntelligence data connector.": { + "$ref": "./examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json" + }, + "Creates or updates a PurviewAudit data connector": { + "$ref": "./examples/dataConnectors/CreatePurviewAuditDataConnector.json" + }, + "Creates or updates a Threat Intelligence Taxii data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json" + }, + "Creates or updates an MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json" + }, + "Creates or updates an Office PowerBI data connector": { + "$ref": "./examples/dataConnectors/CreateOfficePowerBIDataConnector.json" + }, + "Creates or updates an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/CreateOffice365ProjectDataConnetor.json" + }, + "Creates or updates an Office365 data connector": { + "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" + }, + "Creates or updates an Threat Intelligence Platform data connector": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" + } + } + }, + "delete": { + "operationId": "DataConnectors_Delete", + "tags": [ + "Data Connectors" + ], + "description": "Delete the data connector.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorId", + "in": "path", + "description": "Connector ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a APIPolling data connector": { + "$ref": "./examples/dataConnectors/DeleteAPIPolling.json" + }, + "Delete a GCP data connector": { + "$ref": "./examples/dataConnectors/DeleteGoogleCloudPlatform.json" + }, + "Delete a GenericUI data connector": { + "$ref": "./examples/dataConnectors/DeleteGenericUI.json" + }, + "Delete a PurviewAudit data connector": { + "$ref": "./examples/dataConnectors/DeletePurviewAuditDataConnector.json" + }, + "Delete an MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json" + }, + "Delete an MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json" + }, + "Delete an Office PowerBI data connector": { + "$ref": "./examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json" + }, + "Delete an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json" + }, + "Delete an Office365 data connector": { + "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" + }, + "Deletes a PremiumMicrosoftDefenderForThreatIntelligence data connector.": { + "$ref": "./examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect": { + "post": { + "operationId": "DataConnectors_Connect", + "tags": [ + "Data Connectors Connect" + ], + "description": "Connects a data connector.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorId", + "in": "path", + "description": "Connector ID", + "required": true, + "type": "string" + }, + { + "name": "connectBody", + "in": "body", + "description": "The content of the action request", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorConnectBody" + } + } + ], + "responses": { + "200": { + "description": "The request has succeeded." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Connect an APIPolling V2 logs data connector": { + "$ref": "./examples/dataConnectors/ConnectAPIPollingV2Logs.json" + }, + "Connect an APIPolling data connector": { + "$ref": "./examples/dataConnectors/ConnectAPIPolling.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect": { + "post": { + "operationId": "DataConnectors_Disconnect", + "tags": [ + "Data Connectors Disconnect" + ], + "description": "Disconnect a data connector.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorId", + "in": "path", + "description": "Connector ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "The request has succeeded." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Disconnect an APIPolling data connector": { + "$ref": "./examples/dataConnectors/DisconnectAPIPolling.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements": { + "post": { + "operationId": "DataConnectorsCheckRequirements_Post", + "tags": [ + "Check Data Connector Requirements" + ], + "description": "Get requirements state for a data connector type.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "DataConnectorsCheckRequirements", + "in": "body", + "description": "The parameters for requirements check message", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/DataConnectorRequirementsState" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Check requirements for AADIP (Azure Active Directory Identity Protection) - no authorization.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection) - no license.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection).": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json" + }, + "Check requirements for ASC.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json" + }, + "Check requirements for Dynamics365.": { + "$ref": "./examples/dataConnectors/CheckRequirementsDynamics365.json" + }, + "Check requirements for IoT.": { + "$ref": "./examples/dataConnectors/CheckRequirementsIoT.json" + }, + "Check requirements for Mcas.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json" + }, + "Check requirements for Mdatp.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMdatp.json" + }, + "Check requirements for MicrosoftPurviewInformationProtection.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json" + }, + "Check requirements for MicrosoftThreatIntelligence.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json" + }, + "Check requirements for MicrosoftThreatProtection.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json" + }, + "Check requirements for Office365Project.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOffice365Project.json" + }, + "Check requirements for OfficeATP.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficeATP.json" + }, + "Check requirements for OfficeIRM.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficeIRM.json" + }, + "Check requirements for OfficePowerBI.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficePowerBI.json" + }, + "Check requirements for PurviewAudit.": { + "$ref": "./examples/dataConnectors/CheckRequirementsPurviewAudit.json" + }, + "Check requirements for TI Taxii.": { + "$ref": "./examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json" + }, + "Check requirements for TI.": { + "$ref": "./examples/dataConnectors/CheckRequirementsThreatIntelligence.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/enrichment/{enrichmentType}/listGeodataByIp": { + "post": { + "operationId": "ListGeodataByIp", + "tags": [ + "Enrichment" + ], + "description": "Get geodata for a single IP address", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "enrichmentType", + "in": "path", + "description": "Enrichment type", + "required": true, + "type": "string", + "enum": [ + "main" + ], + "x-ms-enum": { + "name": "EnrichmentType", + "modelAsString": true, + "values": [ + { + "name": "main", + "value": "main", + "description": "main" + } + ] + } + }, + { + "name": "ipAddressBody", + "in": "body", + "description": "IP address (v4 or v6) to be enriched", + "required": true, + "schema": { + "$ref": "#/definitions/EnrichmentIpAddressBody" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/EnrichmentIpGeodata" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get geodata for a single IP address": { + "$ref": "./examples/enrichment/GetGeodataWithWorkspaceByIp.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/enrichment/{enrichmentType}/listWhoisByDomain": { + "post": { + "operationId": "ListWhoisByDomain", + "tags": [ + "Enrichment" + ], + "description": "Get whois information for a single domain name", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "enrichmentType", + "in": "path", + "description": "Enrichment type", + "required": true, + "type": "string", + "enum": [ + "main" + ], + "x-ms-enum": { + "name": "EnrichmentType", + "modelAsString": true, + "values": [ + { + "name": "main", + "value": "main", + "description": "main" + } + ] + } + }, + { + "name": "domainBody", + "in": "body", + "description": "Domain name to be enriched. Only domain name is accepted", + "required": true, + "schema": { + "$ref": "#/definitions/EnrichmentDomainBody" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/EnrichmentDomainWhois" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get whois information for a single domain name": { + "$ref": "./examples/enrichment/GetWhoisWithWorkspaceByDomainName.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities": { + "get": { + "operationId": "Entities_List", + "tags": [ + "Entities" + ], + "description": "Gets all entities.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/EntityList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all entities.": { + "$ref": "./examples/entities/GetEntities.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}": { + "get": { + "operationId": "Entities_Get", + "tags": [ + "Entities" + ], + "description": "Gets an entity.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityId", + "in": "path", + "description": "entity ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Entity" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a cloud application entity.": { + "$ref": "./examples/entities/GetCloudApplicationEntityById.json" + }, + "Get a dns entity.": { + "$ref": "./examples/entities/GetDnsEntityById.json" + }, + "Get a file entity.": { + "$ref": "./examples/entities/GetFileEntityById.json" + }, + "Get a file hash entity.": { + "$ref": "./examples/entities/GetFileHashEntityById.json" + }, + "Get a host entity.": { + "$ref": "./examples/entities/GetHostEntityById.json" + }, + "Get a mailCluster entity.": { + "$ref": "./examples/entities/GetMailClusterEntityById.json" + }, + "Get a mailMessage entity.": { + "$ref": "./examples/entities/GetMailMessageEntityById.json" + }, + "Get a mailbox entity.": { + "$ref": "./examples/entities/GetMailboxEntityById.json" + }, + "Get a malware entity.": { + "$ref": "./examples/entities/GetMalwareEntityById.json" + }, + "Get a process entity.": { + "$ref": "./examples/entities/GetProcessEntityById.json" + }, + "Get a registry key entity.": { + "$ref": "./examples/entities/GetRegistryKeyEntityById.json" + }, + "Get a registry value entity.": { + "$ref": "./examples/entities/GetRegistryValueEntityById.json" + }, + "Get a security alert entity.": { + "$ref": "./examples/entities/GetSecurityAlertEntityById.json" + }, + "Get a security group entity.": { + "$ref": "./examples/entities/GetSecurityGroupEntityById.json" + }, + "Get a submissionMail entity.": { + "$ref": "./examples/entities/GetSubmissionMailEntityById.json" + }, + "Get a url entity.": { + "$ref": "./examples/entities/GetUrlEntityById.json" + }, + "Get an IoT device entity.": { + "$ref": "./examples/entities/GetIoTDeviceEntityById.json" + }, + "Get an account entity.": { + "$ref": "./examples/entities/GetAccountEntityById.json" + }, + "Get an azure resource entity.": { + "$ref": "./examples/entities/GetAzureResourceEntityById.json" + }, + "Get an ip entity.": { + "$ref": "./examples/entities/GetIpEntityById.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand": { + "post": { + "operationId": "Entities_Expand", + "tags": [ + "Entities" + ], + "description": "Expands an entity.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityId", + "in": "path", + "description": "entity ID", + "required": true, + "type": "string" + }, + { + "name": "parameters", + "in": "body", + "description": "The parameters required to execute an expand operation on the given entity.", + "required": true, + "schema": { + "$ref": "#/definitions/EntityExpandParameters" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/EntityExpandResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Expand an entity": { + "$ref": "./examples/entities/expand/PostExpandEntity.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights": { + "post": { + "operationId": "Entities_GetInsights", + "tags": [ + "Entities" + ], + "description": "Execute Insights for an entity.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityId", + "in": "path", + "description": "entity ID", + "required": true, + "type": "string" + }, + { + "name": "parameters", + "in": "body", + "description": "The parameters required to execute insights on the given entity.", + "required": true, + "schema": { + "$ref": "#/definitions/EntityGetInsightsParameters" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/EntityGetInsightsResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Entity Insight": { + "$ref": "./examples/entities/insights/PostGetInsights.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline": { + "post": { + "operationId": "EntitiesGetTimeline_list", + "tags": [ + "Entities" + ], + "description": "Timeline for an entity.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityId", + "in": "path", + "description": "entity ID", + "required": true, + "type": "string" + }, + { + "name": "parameters", + "in": "body", + "description": "The parameters required to execute an timeline operation on the given entity.", + "required": true, + "schema": { + "$ref": "#/definitions/EntityTimelineParameters" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/EntityTimelineResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Entity timeline": { + "$ref": "./examples/entities/timeline/PostTimelineEntity.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries": { + "get": { + "operationId": "Entities_Queries", + "tags": [ + "Entities" + ], + "description": "Get Insights and Activities for an entity.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityId", + "in": "path", + "description": "entity ID", + "required": true, + "type": "string" + }, + { + "name": "kind", + "in": "query", + "description": "The Kind parameter for queries", + "required": true, + "type": "string", + "enum": [ + "Insight" + ], + "x-ms-enum": { + "name": "EntityItemQueryKind", + "modelAsString": true, + "values": [ + { + "name": "Insight", + "value": "Insight", + "description": "insight" + } + ] + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/GetQueriesResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get Entity Query": { + "$ref": "./examples/entities/GetQueries.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations": { + "get": { + "operationId": "EntitiesRelations_List", + "tags": [ + "EntityRelations" + ], + "description": "Gets all relations of an entity.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityId", + "in": "path", + "description": "entity ID", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/RelationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all relations of an entity.": { + "$ref": "./examples/entities/relations/GetAllEntityRelations.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}": { + "get": { + "operationId": "EntityRelations_GetRelation", + "tags": [ + "EntityRelations" + ], + "description": "Gets an entity relation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityId", + "in": "path", + "description": "entity ID", + "required": true, + "type": "string" + }, + { + "name": "relationName", + "in": "path", + "description": "Relation Name", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-zA-Z0-9-]{3,63}$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get an entity relation.": { + "$ref": "./examples/entities/relations/GetEntityRelationByName.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook": { + "post": { + "operationId": "Entities_RunPlaybook", + "tags": [ + "manualTrigger" + ], + "description": "Triggers playbook on a specific entity.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityIdentifier", + "in": "path", + "description": "entity ID", + "required": true, + "type": "string" + }, + { + "name": "requestBody", + "in": "body", + "description": "Describes the request body for triggering a playbook on an entity.", + "required": false, + "schema": { + "$ref": "#/definitions/EntityManualTriggerRequestBody" + } + } + ], + "responses": { + "204": { + "description": "There is no content to send for this request, but the headers may be useful." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Entities_RunPlaybook": { + "$ref": "./examples/manualTrigger/Entities_RunPlaybook.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries": { + "get": { + "operationId": "EntityQueries_List", + "tags": [ + "EntityQueries" + ], + "description": "Gets all entity queries.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "kind", + "in": "query", + "description": "The entity query kind we want to fetch", + "required": false, + "type": "string", + "enum": [ + "Activity", + "Insight", + "SecurityAlert", + "Bookmark", + "Expansion", + "GuidedInsight", + "Anomaly" + ], + "x-ms-enum": { + "name": "EntityQueryTemplateKind", + "modelAsString": true, + "values": [ + { + "name": "Activity", + "value": "Activity", + "description": "Activity" + }, + { + "name": "Insight", + "value": "Insight", + "description": "Insight" + }, + { + "name": "SecurityAlert", + "value": "SecurityAlert", + "description": "SecurityAlert" + }, + { + "name": "Bookmark", + "value": "Bookmark", + "description": "Bookmark" + }, + { + "name": "Expansion", + "value": "Expansion", + "description": "Expansion" + }, + { + "name": "GuidedInsight", + "value": "GuidedInsight", + "description": "GuidedInsight" + }, + { + "name": "Anomaly", + "value": "Anomaly", + "description": "Anomaly" + } + ] + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/EntityQueryList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all entity queries.": { + "$ref": "./examples/entityQueries/GetEntityQueries.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}": { + "get": { + "operationId": "EntityQueries_Get", + "tags": [ + "EntityQueries" + ], + "description": "Gets an entity query.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityQueryId", + "in": "path", + "description": "entity query ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get an Activity entity query.": { + "$ref": "./examples/entityQueries/GetActivityEntityQueryById.json" + }, + "Get an Expansion entity query.": { + "$ref": "./examples/entityQueries/GetExpansionEntityQueryById.json" + } + } + }, + "put": { + "operationId": "EntityQueries_CreateOrUpdate", + "tags": [ + "EntityQueries" + ], + "description": "Creates or updates the entity query.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityQueryId", + "in": "path", + "description": "entity query ID", + "required": true, + "type": "string" + }, + { + "name": "entityQuery", + "in": "body", + "description": "The entity query we want to create or update", + "required": true, + "schema": { + "$ref": "#/definitions/CustomEntityQuery" + } + } + ], + "responses": { + "200": { + "description": "Resource 'EntityQuery' update operation succeeded", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "201": { + "description": "Resource 'EntityQuery' create operation succeeded", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates an Activity entity query.": { + "$ref": "./examples/entityQueries/CreateEntityQueryActivity.json" + } + } + }, + "delete": { + "operationId": "EntityQueries_Delete", + "tags": [ + "EntityQueries" + ], + "description": "Delete the entity query.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityQueryId", + "in": "path", + "description": "entity query ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete an entity query.": { + "$ref": "./examples/entityQueries/DeleteEntityQuery.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates": { + "get": { + "operationId": "EntityQueryTemplates_List", + "tags": [ + "EntityQueries" + ], + "description": "Gets all entity query templates.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "kind", + "in": "query", + "description": "The entity template query kind we want to fetch", + "required": false, + "type": "string", + "enum": [ + "Activity", + "Insight", + "SecurityAlert", + "Bookmark", + "Expansion", + "GuidedInsight", + "Anomaly" + ], + "x-ms-enum": { + "name": "EntityQueryTemplateKind", + "modelAsString": true, + "values": [ + { + "name": "Activity", + "value": "Activity", + "description": "Activity" + }, + { + "name": "Insight", + "value": "Insight", + "description": "Insight" + }, + { + "name": "SecurityAlert", + "value": "SecurityAlert", + "description": "SecurityAlert" + }, + { + "name": "Bookmark", + "value": "Bookmark", + "description": "Bookmark" + }, + { + "name": "Expansion", + "value": "Expansion", + "description": "Expansion" + }, + { + "name": "GuidedInsight", + "value": "GuidedInsight", + "description": "GuidedInsight" + }, + { + "name": "Anomaly", + "value": "Anomaly", + "description": "Anomaly" + } + ] + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/EntityQueryTemplateList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all entity query templates.": { + "$ref": "./examples/entityQueryTemplates/GetEntityQueryTemplates.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}": { + "get": { + "operationId": "EntityQueryTemplates_Get", + "tags": [ + "EntityQueries" + ], + "description": "Gets an entity query.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityQueryTemplateId", + "in": "path", + "description": "entity query template ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/EntityQueryTemplate" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get an Activity entity query template.": { + "$ref": "./examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports": { + "get": { + "operationId": "FileImports_List", + "tags": [ + "FileImports" + ], + "description": "Gets all file imports.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/FileImportList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get all file imports.": { + "$ref": "./examples/fileImports/GetFileImports.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}": { + "get": { + "operationId": "FileImports_Get", + "tags": [ + "FileImports" + ], + "description": "Gets a file import.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "fileImportId", + "in": "path", + "description": "File import ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get a file import.": { + "$ref": "./examples/fileImports/GetFileImportById.json" + } + } + }, + "put": { + "operationId": "FileImports_Create", + "tags": [ + "FileImports" + ], + "description": "Creates the file import.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "fileImportId", + "in": "path", + "description": "File import ID", + "required": true, + "type": "string" + }, + { + "name": "fileImport", + "in": "body", + "description": "The file import", + "required": true, + "schema": { + "$ref": "#/definitions/FileImport" + } + } + ], + "responses": { + "200": { + "description": "Resource 'FileImport' update operation succeeded", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "201": { + "description": "Resource 'FileImport' create operation succeeded", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create a file import.": { + "$ref": "./examples/fileImports/CreateFileImport.json" + } + } + }, + "delete": { + "operationId": "FileImports_Delete", + "tags": [ + "FileImports" + ], + "description": "Delete the file import.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "fileImportId", + "in": "path", + "description": "File import ID", + "required": true, + "type": "string" + } + ], + "responses": { + "202": { + "description": "The request has been accepted for processing, but processing has not yet completed.", + "schema": { + "$ref": "#/definitions/FileImport" + }, + "headers": { + "Location": { + "type": "string", + "description": "The Location header contains the URL where the status of the long running operation can be checked." + } + } + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a file import.": { + "$ref": "./examples/fileImports/DeleteFileImport.json" + } + }, + "x-ms-long-running-operation-options": { + "final-state-via": "location", + "final-state-schema": "#/definitions/FileImport" + }, + "x-ms-long-running-operation": true + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts": { + "get": { + "operationId": "Hunts_List", + "tags": [ + "Hunts" + ], + "description": "Gets all hunts, without relations and comments.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/HuntList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all hunts.": { + "$ref": "./examples/hunts/GetHunts.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}": { + "get": { + "operationId": "Hunts_Get", + "tags": [ + "Hunts" + ], + "description": "Gets a hunt, without relations and comments.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a hunt.": { + "$ref": "./examples/hunts/GetHuntById.json" + } + } + }, + "put": { + "operationId": "Hunts_CreateOrUpdate", + "tags": [ + "Hunts" + ], + "description": "Create or update a hunt", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "hunt", + "in": "body", + "description": "The hunt", + "required": true, + "schema": { + "$ref": "#/definitions/Hunt" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Hunt' update operation succeeded", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "201": { + "description": "Resource 'Hunt' create operation succeeded", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a hunt.": { + "$ref": "./examples/hunts/CreateHunt.json" + } + } + }, + "delete": { + "operationId": "Hunts_Delete", + "tags": [ + "Hunts" + ], + "description": "Delete a hunt.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a hunt.": { + "$ref": "./examples/hunts/DeleteHunt.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments": { + "get": { + "operationId": "HuntComments_List", + "tags": [ + "HuntComments" + ], + "description": "Gets all hunt comments", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/HuntCommentList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all hunt comments.": { + "$ref": "./examples/hunts/GetHuntComments.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}": { + "get": { + "operationId": "HuntComments_Get", + "tags": [ + "HuntComments" + ], + "description": "Gets a hunt comment", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "huntCommentId", + "in": "path", + "description": "The hunt comment id (GUID)", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a hunt comment.": { + "$ref": "./examples/hunts/GetHuntCommentById.json" + } + } + }, + "put": { + "operationId": "HuntComments_CreateOrUpdate", + "tags": [ + "HuntComments" + ], + "description": "Creates or updates a hunt relation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "huntCommentId", + "in": "path", + "description": "The hunt comment id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "huntComment", + "in": "body", + "description": "The hunt comment", + "required": true, + "schema": { + "$ref": "#/definitions/HuntComment" + } + } + ], + "responses": { + "200": { + "description": "Resource 'HuntComment' update operation succeeded", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "201": { + "description": "Resource 'HuntComment' create operation succeeded", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a hunt comment.": { + "$ref": "./examples/hunts/CreateHuntComment.json" + } + } + }, + "delete": { + "operationId": "HuntComments_Delete", + "tags": [ + "HuntComments" + ], + "description": "Delete a hunt comment.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "huntCommentId", + "in": "path", + "description": "The hunt comment id (GUID)", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a hunt comment.": { + "$ref": "./examples/hunts/DeleteHuntComment.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations": { + "get": { + "operationId": "HuntRelations_List", + "tags": [ + "HuntRelations" + ], + "description": "Gets all hunt relations", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/HuntRelationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all hunt relations.": { + "$ref": "./examples/hunts/GetHuntRelations.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}": { + "get": { + "operationId": "HuntRelations_Get", + "tags": [ + "HuntRelations" + ], + "description": "Gets a hunt relation", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "huntRelationId", + "in": "path", + "description": "The hunt relation id (GUID)", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a hunt relation.": { + "$ref": "./examples/hunts/GetHuntRelationById.json" + } + } + }, + "put": { + "operationId": "HuntRelations_CreateOrUpdate", + "tags": [ + "HuntRelations" + ], + "description": "Creates or updates a hunt relation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "huntRelationId", + "in": "path", + "description": "The hunt relation id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "huntRelation", + "in": "body", + "description": "The hunt relation", + "required": true, + "schema": { + "$ref": "#/definitions/HuntRelation" + } + } + ], + "responses": { + "200": { + "description": "Resource 'HuntRelation' update operation succeeded", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "201": { + "description": "Resource 'HuntRelation' create operation succeeded", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a hunt relation.": { + "$ref": "./examples/hunts/CreateHuntRelation.json" + } + } + }, + "delete": { + "operationId": "HuntRelations_Delete", + "tags": [ + "HuntRelations" + ], + "description": "Delete a hunt relation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "huntId", + "in": "path", + "description": "The hunt id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "huntRelationId", + "in": "path", + "description": "The hunt relation id (GUID)", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a hunt relation.": { + "$ref": "./examples/hunts/DeleteHuntRelation.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { + "get": { + "operationId": "Incidents_List", + "tags": [ + "Incidents" + ], + "description": "Gets all incidents.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32", + "maximum": 1000 + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_List": { + "$ref": "./examples/incidents/Incidents_List.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}": { + "get": { + "operationId": "Incidents_Get", + "tags": [ + "Incidents" + ], + "description": "Gets a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_Get": { + "$ref": "./examples/incidents/Incidents_Get.json" + } + } + }, + "put": { + "operationId": "Incidents_CreateOrUpdate", + "tags": [ + "Incidents" + ], + "description": "Creates or updates an incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incident", + "in": "body", + "description": "The incident", + "required": true, + "schema": { + "$ref": "#/definitions/Incident" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Incident' update operation succeeded", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "201": { + "description": "Resource 'Incident' create operation succeeded", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_CreateOrUpdate": { + "$ref": "./examples/incidents/Incidents_CreateOrUpdate.json" + } + } + }, + "delete": { + "operationId": "Incidents_Delete", + "tags": [ + "Incidents" + ], + "description": "Deletes a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_Delete": { + "$ref": "./examples/incidents/Incidents_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts": { + "post": { + "operationId": "Incidents_ListAlerts", + "tags": [ + "IncidentAlerts" + ], + "description": "Gets all alerts for an incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentAlertList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListAlerts": { + "$ref": "./examples/incidents/IncidentAlerts/Incidents_ListAlerts.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks": { + "post": { + "operationId": "Incidents_ListBookmarks", + "tags": [ + "IncidentBookmarks" + ], + "description": "Gets all bookmarks for an incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentBookmarkList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListBookmarks": { + "$ref": "./examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments": { + "get": { + "operationId": "IncidentComments_List", + "tags": [ + "IncidentComments" + ], + "description": "Gets all comments for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentCommentList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_List": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_List.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}": { + "get": { + "operationId": "IncidentComments_Get", + "tags": [ + "IncidentComments" + ], + "description": "Gets an incident comment.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentCommentId", + "in": "path", + "description": "Incident comment ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_Get": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_Get.json" + } + } + }, + "put": { + "operationId": "IncidentComments_CreateOrUpdate", + "tags": [ + "IncidentComments" + ], + "description": "Creates or updates a comment for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentCommentId", + "in": "path", + "description": "Incident comment ID", + "required": true, + "type": "string" + }, + { + "name": "incidentComment", + "in": "body", + "description": "The incident comment", + "required": true, + "schema": { + "$ref": "#/definitions/IncidentComment" + } + } + ], + "responses": { + "200": { + "description": "Resource 'IncidentComment' update operation succeeded", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "201": { + "description": "Resource 'IncidentComment' create operation succeeded", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_CreateOrUpdate": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json" + } + } + }, + "delete": { + "operationId": "IncidentComments_Delete", + "tags": [ + "IncidentComments" + ], + "description": "Deletes a comment for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentCommentId", + "in": "path", + "description": "Incident comment ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_Delete": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities": { + "post": { + "operationId": "Incidents_ListEntities", + "tags": [ + "IncidentEntities" + ], + "description": "Gets all entities for an incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentEntitiesResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListEntities": { + "$ref": "./examples/incidents/IncidentEntities/Incidents_ListEntities.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations": { + "get": { + "operationId": "IncidentRelations_List", + "tags": [ + "IncidentRelations" + ], + "description": "Gets all relations for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/RelationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all incident relations.": { + "$ref": "./examples/incidents/relations/GetAllIncidentRelations.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}": { + "get": { + "operationId": "IncidentRelations_Get", + "tags": [ + "IncidentRelations" + ], + "description": "Gets a relation for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "relationName", + "in": "path", + "description": "Relation Name", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-zA-Z0-9-]{3,63}$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get an incident relation.": { + "$ref": "./examples/incidents/relations/GetIncidentRelationByName.json" + } + } + }, + "put": { + "operationId": "IncidentRelations_CreateOrUpdate", + "tags": [ + "IncidentRelations" + ], + "description": "Creates or updates the incident relation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "relationName", + "in": "path", + "description": "Relation Name", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-zA-Z0-9-]{3,63}$" + }, + { + "name": "relation", + "in": "body", + "description": "The relation model", + "required": true, + "schema": { + "$ref": "#/definitions/Relation" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Relation' update operation succeeded", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "201": { + "description": "Resource 'Relation' create operation succeeded", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a relation for a given incident.": { + "$ref": "./examples/incidents/relations/CreateIncidentRelation.json" + } + } + }, + "delete": { + "operationId": "IncidentRelations_Delete", + "tags": [ + "IncidentRelations" + ], + "description": "Deletes a relation for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "relationName", + "in": "path", + "description": "Relation Name", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-zA-Z0-9-]{3,63}$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete the incident relation.": { + "$ref": "./examples/incidents/relations/DeleteIncidentRelation.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook": { + "post": { + "operationId": "Incidents_RunPlaybook", + "tags": [ + "manualTrigger" + ], + "description": "Triggers playbook on a specific incident", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentIdentifier", + "in": "path", + "description": "The incident identifier.", + "required": true, + "type": "string" + }, + { + "name": "requestBody", + "in": "body", + "description": "Describes the request body for triggering a playbook on an incident.", + "required": false, + "schema": { + "$ref": "#/definitions/ManualTriggerRequestBody" + } + } + ], + "responses": { + "204": { + "description": "Azure operation completed successfully.", + "schema": {} + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_RunPlaybook": { + "$ref": "./examples/manualTrigger/Incidents_RunPlaybook.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks": { + "get": { + "operationId": "IncidentTasks_List", + "tags": [ + "IncidentTasks" + ], + "description": "Gets all incident tasks.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentTaskList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_List": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_List.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}": { + "get": { + "operationId": "IncidentTasks_Get", + "tags": [ + "IncidentTasks" + ], + "description": "Gets an incident task.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentTaskId", + "in": "path", + "description": "Incident task ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_Get": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_Get.json" + } + } + }, + "put": { + "operationId": "IncidentTasks_CreateOrUpdate", + "tags": [ + "IncidentTasks" + ], + "description": "Creates or updates the incident task.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentTaskId", + "in": "path", + "description": "Incident task ID", + "required": true, + "type": "string" + }, + { + "name": "incidentTask", + "in": "body", + "description": "The incident task", + "required": true, + "schema": { + "$ref": "#/definitions/IncidentTask" + } + } + ], + "responses": { + "200": { + "description": "Resource 'IncidentTask' update operation succeeded", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "201": { + "description": "Resource 'IncidentTask' create operation succeeded", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_CreateOrUpdate": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json" + } + } + }, + "delete": { + "operationId": "IncidentTasks_Delete", + "tags": [ + "IncidentTasks" + ], + "description": "Delete the incident task.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentTaskId", + "in": "path", + "description": "Incident task ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_Delete": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories": { + "post": { + "operationId": "SourceControl_listRepositories", + "tags": [ + "Repositories" + ], + "description": "Gets a list of repositories metadata.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "repositoryAccess", + "in": "body", + "description": "The content of the action request", + "required": true, + "schema": { + "$ref": "#/definitions/RepositoryAccessProperties" + } + } + ], + "responses": { + "200": { + "description": "The request has succeeded.", + "schema": { + "$ref": "#/definitions/RepoList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get repository list.": { + "$ref": "./examples/repositories/GetRepositories.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata": { + "get": { + "operationId": "Metadata_List", + "tags": [ + "Metadata" + ], + "description": "List of all metadata", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skip", + "in": "query", + "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", + "required": false, + "type": "integer", + "format": "int32" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/MetadataList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all metadata with OData filter/orderby/skip/top": { + "$ref": "./examples/metadata/GetAllMetadataOData.json" + }, + "Get all metadata.": { + "$ref": "./examples/metadata/GetAllMetadata.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}": { + "get": { + "operationId": "Metadata_Get", + "tags": [ + "Metadata" + ], + "description": "Get a Metadata.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "metadataName", + "in": "path", + "description": "The Metadata name.", + "required": true, + "type": "string", + "pattern": "^\\S+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get single metadata by name": { + "$ref": "./examples/metadata/GetMetadata.json" + } + } + }, + "put": { + "operationId": "Metadata_Create", + "tags": [ + "Metadata" + ], + "description": "Create a Metadata.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "metadataName", + "in": "path", + "description": "The Metadata name.", + "required": true, + "type": "string", + "pattern": "^\\S+$" + }, + { + "name": "metadata", + "in": "body", + "description": "Metadata resource.", + "required": true, + "schema": { + "$ref": "#/definitions/MetadataModel" + } + } + ], + "responses": { + "200": { + "description": "Resource 'MetadataModel' update operation succeeded", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "201": { + "description": "Resource 'MetadataModel' create operation succeeded", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create/update full metadata.": { + "$ref": "./examples/metadata/PutMetadata.json" + }, + "Create/update minimal metadata.": { + "$ref": "./examples/metadata/PutMetadataMinimal.json" + } + } + }, + "patch": { + "operationId": "Metadata_Update", + "tags": [ + "Metadata" + ], + "description": "Update an existing Metadata.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "metadataName", + "in": "path", + "description": "The Metadata name.", + "required": true, + "type": "string", + "pattern": "^\\S+$" + }, + { + "name": "metadataPatch", + "in": "body", + "description": "Partial metadata request.", + "required": true, + "schema": { + "$ref": "#/definitions/metadataPatch" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Update metadata.": { + "$ref": "./examples/metadata/PatchMetadata.json" + } + } + }, + "delete": { + "operationId": "Metadata_Delete", + "tags": [ + "Metadata" + ], + "description": "Delete a Metadata.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "metadataName", + "in": "path", + "description": "The Metadata name.", + "required": true, + "type": "string", + "pattern": "^\\S+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/metadata/DeleteMetadata.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents": { + "get": { + "operationId": "OfficeConsents_List", + "tags": [ + "Office Consents" + ], + "description": "Gets all office365 consents.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/OfficeConsentList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all office consents.": { + "$ref": "./examples/officeConsents/GetOfficeConsents.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}": { + "get": { + "operationId": "OfficeConsents_Get", + "tags": [ + "Office Consents" + ], + "description": "Gets an office365 consent.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "consentId", + "in": "path", + "description": "consent ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/OfficeConsent" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get an office consent.": { + "$ref": "./examples/officeConsents/GetOfficeConsentsById.json" + } + } + }, + "delete": { + "operationId": "OfficeConsents_Delete", + "tags": [ + "Office Consents" + ], + "description": "Delete the office365 consent.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "consentId", + "in": "path", + "description": "consent ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete an office consent.": { + "$ref": "./examples/officeConsents/DeleteOfficeConsents.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates": { + "get": { + "operationId": "SentinelOnboardingStates_List", + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Gets all Sentinel onboarding states", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SentinelOnboardingStatesList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all Sentinel onboarding states": { + "$ref": "./examples/onboardingStates/GetAllSentinelOnboardingStates.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}": { + "get": { + "operationId": "SentinelOnboardingStates_Get", + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Get Sentinel onboarding state", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sentinelOnboardingStateName", + "in": "path", + "description": "The Sentinel onboarding state name. Supports - default", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/GetSentinelOnboardingState.json" + } + } + }, + "put": { + "operationId": "SentinelOnboardingStates_Create", + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Create Sentinel onboarding state", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sentinelOnboardingStateName", + "in": "path", + "description": "The Sentinel onboarding state name. Supports - default", + "required": true, + "type": "string" + }, + { + "name": "sentinelOnboardingStateParameter", + "in": "body", + "description": "The Sentinel onboarding state parameter", + "required": false, + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + } + ], + "responses": { + "200": { + "description": "Resource 'SentinelOnboardingState' update operation succeeded", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "201": { + "description": "Resource 'SentinelOnboardingState' create operation succeeded", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/CreateSentinelOnboardingState.json" + } + } + }, + "delete": { + "operationId": "SentinelOnboardingStates_Delete", + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Delete Sentinel onboarding state", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sentinelOnboardingStateName", + "in": "path", + "description": "The Sentinel onboarding state name. Supports - default", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/DeleteSentinelOnboardingState.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations": { + "get": { + "operationId": "GetRecommendations_List", + "tags": [ + "recommendations" + ], + "description": "Gets a list of all recommendations.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/RecommendationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get Recommendations list.": { + "$ref": "./examples/recommendations/GetRecommendations.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}": { + "get": { + "operationId": "Get_SingleRecommendation", + "tags": [ + "recommendations" + ], + "description": "Gets a recommendation by its id.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "recommendationId", + "in": "path", + "description": "Recommendation Id.", + "required": true, + "type": "string", + "format": "uuid" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Recommendation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a recommendation.": { + "$ref": "./examples/recommendations/GetRecommendation.json" + } + } + }, + "patch": { + "operationId": "Update_Recommendation", + "tags": [ + "recommendations" + ], + "description": "Patch a recommendation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "recommendationId", + "in": "path", + "description": "Recommendation Id.", + "required": true, + "type": "string", + "format": "uuid" + }, + { + "name": "recommendationPatch", + "in": "body", + "description": "Recommendation Fields to Update.", + "required": true, + "schema": { + "$ref": "#/definitions/RecommendationPatch" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Recommendation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates a recommendation.": { + "$ref": "./examples/recommendations/PatchRecommendation.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}/triggerEvaluation": { + "post": { + "operationId": "Reevaluate_Recommendation", + "tags": [ + "recommendations" + ], + "description": "Reevaluate a recommendation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "recommendationId", + "in": "path", + "description": "Recommendation Id.", + "required": true, + "type": "string", + "format": "uuid" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ReevaluateResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Reevaluate a recommendation.": { + "$ref": "./examples/recommendations/ReevaluateRecommendation.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings": { + "get": { + "operationId": "SecurityMLAnalyticsSettings_List", + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Gets all Security ML Analytics Settings.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}": { + "get": { + "operationId": "SecurityMLAnalyticsSettings_Get", + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Gets the Security ML Analytics Settings.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "settingsResourceName", + "in": "path", + "description": "Security ML Analytics Settings resource name", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a Anomaly Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json" + } + } + }, + "put": { + "operationId": "SecurityMLAnalyticsSettings_CreateOrUpdate", + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Creates or updates the Security ML Analytics Settings.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "settingsResourceName", + "in": "path", + "description": "Security ML Analytics Settings resource name", + "required": true, + "type": "string" + }, + { + "name": "securityMLAnalyticsSetting", + "in": "body", + "description": "The security ML Analytics setting", + "required": true, + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + } + ], + "responses": { + "200": { + "description": "Resource 'SecurityMLAnalyticsSetting' update operation succeeded", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "201": { + "description": "Resource 'SecurityMLAnalyticsSetting' create operation succeeded", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a Anomaly Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json" + } + } + }, + "delete": { + "operationId": "SecurityMLAnalyticsSettings_Delete", + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Delete the Security ML Analytics Settings.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "settingsResourceName", + "in": "path", + "description": "Security ML Analytics Settings resource name", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings": { + "get": { + "operationId": "ProductSettings_List", + "tags": [ + "Settings" + ], + "description": "List of all the settings", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SettingList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all settings.": { + "$ref": "./examples/settings/GetAllSettings.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}": { + "get": { + "operationId": "ProductSettings_Get", + "tags": [ + "Settings" + ], + "description": "Gets a setting.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "settingsName", + "in": "path", + "description": "The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba", + "required": true, + "type": "string", + "pattern": "^[a-zA-Z][a-zA-Z0-9]*$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get EyesOn settings.": { + "$ref": "./examples/settings/GetEyesOnSetting.json" + } + } + }, + "put": { + "operationId": "ProductSettings_Update", + "tags": [ + "Settings" + ], + "description": "Updates setting.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "settingsName", + "in": "path", + "description": "The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba", + "required": true, + "type": "string", + "pattern": "^[a-zA-Z][a-zA-Z0-9]*$" + }, + { + "name": "settings", + "in": "body", + "description": "The setting", + "required": true, + "schema": { + "$ref": "#/definitions/Settings" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Settings' update operation succeeded", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "201": { + "description": "Resource 'Settings' create operation succeeded", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Update EyesOn settings.": { + "$ref": "./examples/settings/UpdateEyesOnSetting.json" + } + } + }, + "delete": { + "operationId": "ProductSettings_Delete", + "tags": [ + "Settings" + ], + "description": "Delete setting of the product.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "settingsName", + "in": "path", + "description": "The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba", + "required": true, + "type": "string", + "pattern": "^[a-zA-Z][a-zA-Z0-9]*$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete EyesOn settings.": { + "$ref": "./examples/settings/DeleteEyesOnSetting.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols": { + "get": { + "operationId": "SourceControls_List", + "tags": [ + "SourceControls" + ], + "description": "Gets all source controls, without source control items.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SourceControlList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all source controls.": { + "$ref": "./examples/sourcecontrols/GetSourceControls.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}": { + "get": { + "operationId": "SourceControls_Get", + "tags": [ + "SourceControls" + ], + "description": "Gets a source control byt its identifier.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sourceControlId", + "in": "path", + "description": "Source control Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a source control.": { + "$ref": "./examples/sourcecontrols/GetSourceControlById.json" + } + } + }, + "put": { + "operationId": "SourceControls_Create", + "tags": [ + "SourceControls" + ], + "description": "Creates a source control.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sourceControlId", + "in": "path", + "description": "Source control Id", + "required": true, + "type": "string" + }, + { + "name": "sourceControl", + "in": "body", + "description": "The SourceControl", + "required": true, + "schema": { + "$ref": "#/definitions/SourceControl" + } + } + ], + "responses": { + "200": { + "description": "Resource 'SourceControl' update operation succeeded", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "201": { + "description": "Resource 'SourceControl' create operation succeeded", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a source control.": { + "$ref": "./examples/sourcecontrols/CreateSourceControl.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete": { + "post": { + "operationId": "SourceControls_Delete", + "tags": [ + "SourceControls" + ], + "description": "Delete a source control.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sourceControlId", + "in": "path", + "description": "Source control Id", + "required": true, + "type": "string" + }, + { + "name": "repositoryAccess", + "in": "body", + "description": "The repository access credentials.", + "required": true, + "schema": { + "$ref": "#/definitions/RepositoryAccessProperties" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Warning" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a source control.": { + "$ref": "./examples/sourcecontrols/DeleteSourceControl.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/{tiType}/count": { + "post": { + "operationId": "ThreatIntelligence_Count", + "tags": [ + "ThreatIntelligence" + ], + "description": "Gets the count of all TI objects for the workspace.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "tiType", + "in": "path", + "description": "TI type", + "required": true, + "type": "string", + "enum": [ + "main" + ], + "x-ms-enum": { + "name": "TiType", + "modelAsString": true, + "values": [ + { + "name": "main", + "value": "main", + "description": "main" + } + ] + } + }, + { + "name": "query", + "in": "body", + "description": "The query to run on the TI objects in the workspace.", + "required": false, + "schema": { + "$ref": "#/definitions/CountQuery" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceCount" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get TI object count": { + "$ref": "./examples/threatintelligence/PostThreatIntelligenceCount.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/{tiType}/query": { + "post": { + "operationId": "ThreatIntelligence_Query", + "tags": [ + "ThreatIntelligence" + ], + "description": "Gets all TI objects for the workspace.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "tiType", + "in": "path", + "description": "TI type", + "required": true, + "type": "string", + "enum": [ + "main" + ], + "x-ms-enum": { + "name": "TiType", + "modelAsString": true, + "values": [ + { + "name": "main", + "value": "main", + "description": "main" + } + ] + } + }, + { + "name": "query", + "in": "body", + "description": "The query to run on the TI objects in the workspace.", + "required": false, + "schema": { + "$ref": "#/definitions/Query" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get TI objects": { + "$ref": "./examples/threatintelligence/PostThreatIntelligenceQuery.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": { + "post": { + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "tags": [ + "ThreatIntelligence" + ], + "description": "Create a new threat intelligence indicator.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ThreatIntelligenceProperties", + "in": "body", + "description": "The content of the action request", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + } + } + ], + "responses": { + "200": { + "description": "Resource 'ThreatIntelligenceInformation' update operation succeeded", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Resource 'ThreatIntelligenceInformation' create operation succeeded", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create a new Threat Intelligence": { + "$ref": "./examples/threatintelligence/CreateThreatIntelligence.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators": { + "get": { + "operationId": "ThreatIntelligenceIndicators_List", + "tags": [ + "ThreatIntelligence" + ], + "description": "Get all threat intelligence indicators.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all threat intelligence indicators": { + "$ref": "./examples/threatintelligence/GetThreatIntelligence.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}": { + "get": { + "operationId": "ThreatIntelligenceIndicator_Get", + "tags": [ + "ThreatIntelligence" + ], + "description": "View a threat intelligence indicator by name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "name", + "in": "path", + "description": "Threat intelligence indicator name field.", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "View a threat intelligence indicator by name": { + "$ref": "./examples/threatintelligence/GetThreatIntelligenceById.json" + } + } + }, + "put": { + "operationId": "ThreatIntelligenceIndicator_Create", + "tags": [ + "ThreatIntelligence" + ], + "description": "Update a threat Intelligence indicator.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "name", + "in": "path", + "description": "Threat intelligence indicator name field.", + "required": true, + "type": "string" + }, + { + "name": "ThreatIntelligenceProperties", + "in": "body", + "description": "Properties of threat intelligence indicators to create and update.", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + } + } + ], + "responses": { + "200": { + "description": "Resource 'ThreatIntelligenceInformation' update operation succeeded", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Resource 'ThreatIntelligenceInformation' create operation succeeded", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Update a threat Intelligence indicator": { + "$ref": "./examples/threatintelligence/UpdateThreatIntelligence.json" + } + } + }, + "delete": { + "operationId": "ThreatIntelligenceIndicator_Delete", + "tags": [ + "ThreatIntelligence" + ], + "description": "Delete a threat intelligence indicator.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "name", + "in": "path", + "description": "Threat intelligence indicator name field.", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/DeleteThreatIntelligence.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags": { + "post": { + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "tags": [ + "ThreatIntelligence" + ], + "description": "Append tags to a threat intelligence indicator.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "name", + "in": "path", + "description": "Threat intelligence indicator name field.", + "required": true, + "type": "string" + }, + { + "name": "ThreatIntelligenceAppendTags", + "in": "body", + "description": "The threat intelligence append tags request body", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceAppendTags" + } + } + ], + "responses": { + "200": { + "description": "The request has succeeded." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Append tags to a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/AppendTagsThreatIntelligence.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags": { + "post": { + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "tags": [ + "ThreatIntelligence" + ], + "description": "Replace tags added to a threat intelligence indicator.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "name", + "in": "path", + "description": "Threat intelligence indicator name field.", + "required": true, + "type": "string" + }, + { + "name": "ThreatIntelligenceReplaceTags", + "in": "body", + "description": "Tags in the threat intelligence indicator to be replaced.", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Replace tags to a Threat Intelligence": { + "$ref": "./examples/threatintelligence/ReplaceTagsThreatIntelligence.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics": { + "get": { + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "tags": [ + "ThreatIntelligence" + ], + "description": "Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceMetricsList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get threat intelligence indicators metrics.": { + "$ref": "./examples/threatintelligence/CollectThreatIntelligenceMetrics.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators": { + "post": { + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "tags": [ + "ThreatIntelligence" + ], + "description": "Query threat intelligence indicators as per filtering criteria.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ThreatIntelligenceFilteringCriteria", + "in": "body", + "description": "The content of the action request", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceFilteringCriteria" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Query threat intelligence indicators as per filtering criteria": { + "$ref": "./examples/threatintelligence/QueryThreatIntelligence.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns": { + "get": { + "operationId": "getTriggeredAnalyticsRuleRuns_List", + "tags": [ + "triggered analytics rule runs" + ], + "description": "Gets the triggered analytics rule runs.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRuns" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "triggeredAnalyticsRuleRuns_Get": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}": { + "get": { + "operationId": "triggeredAnalyticsRuleRun_Get", + "tags": [ + "triggered analytics rule run" + ], + "description": "Gets the triggered analytics rule run.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleRunId", + "in": "path", + "description": "the triggered rule id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRun" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "triggeredAnalyticsRuleRun_Get": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists": { + "get": { + "operationId": "Watchlists_List", + "tags": [ + "Watchlists" + ], + "description": "Get all watchlists, without watchlist items.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WatchlistList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all watchlists.": { + "$ref": "./examples/watchlists/GetWatchlists.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}": { + "get": { + "operationId": "Watchlists_Get", + "tags": [ + "Watchlists" + ], + "description": "Get a watchlist, without its watchlist items.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a watchlist.": { + "$ref": "./examples/watchlists/GetWatchlistByAlias.json" + } + } + }, + "put": { + "operationId": "Watchlists_CreateOrUpdate", + "tags": [ + "Watchlists" + ], + "description": "Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with rawContent and contentType properties.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + }, + { + "name": "watchlist", + "in": "body", + "description": "The watchlist", + "required": true, + "schema": { + "$ref": "#/definitions/Watchlist" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Watchlist' update operation succeeded", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "201": { + "description": "Resource 'Watchlist' create operation succeeded", + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "headers": { + "Azure-AsyncOperation": { + "type": "string", + "description": "A link to the status monitor" + }, + "Retry-After": { + "type": "integer", + "format": "int32", + "description": "The Retry-After header can indicate how long the client should wait before polling the operation status." + } + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a watchlist and bulk creates watchlist items.": { + "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItems.json" + }, + "Create or update a watchlist.": { + "$ref": "./examples/watchlists/CreateWatchlist.json" + } + }, + "x-ms-long-running-operation-options": { + "final-state-via": "azure-async-operation", + "final-state-schema": "#/definitions/Watchlist" + }, + "x-ms-long-running-operation": true + }, + "delete": { + "operationId": "Watchlists_Delete", + "tags": [ + "Watchlists" + ], + "description": "Delete a watchlist.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + } + ], + "responses": { + "202": { + "description": "Resource deletion accepted.", + "headers": { + "Azure-AsyncOperation": { + "type": "string", + "format": "uri", + "description": "A link to the status monitor" + }, + "Location": { + "type": "string", + "description": "The Location header contains the URL where the status of the long running operation can be checked." + }, + "Retry-After": { + "type": "integer", + "format": "int32", + "description": "The Retry-After header can indicate how long the client should wait before polling the operation status." + } + } + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a watchlist.": { + "$ref": "./examples/watchlists/DeleteWatchlist.json" + } + }, + "x-ms-long-running-operation-options": { + "final-state-via": "azure-async-operation" + }, + "x-ms-long-running-operation": true + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems": { + "get": { + "operationId": "WatchlistItems_List", + "tags": [ + "WatchlistItems" + ], + "description": "Get all watchlist Items.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WatchlistItemList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all watchlist Items.": { + "$ref": "./examples/watchlists/GetWatchlistItems.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": { + "get": { + "operationId": "WatchlistItems_Get", + "tags": [ + "WatchlistItems" + ], + "description": "Get a watchlist item.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + }, + { + "name": "watchlistItemId", + "in": "path", + "description": "The watchlist item id (GUID)", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a watchlist item.": { + "$ref": "./examples/watchlists/GetWatchlistItemById.json" + } + } + }, + "put": { + "operationId": "WatchlistItems_CreateOrUpdate", + "tags": [ + "WatchlistItems" + ], + "description": "Create or update a watchlist item.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + }, + { + "name": "watchlistItemId", + "in": "path", + "description": "The watchlist item id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "watchlistItem", + "in": "body", + "description": "The watchlist item", + "required": true, + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + } + ], + "responses": { + "200": { + "description": "Resource 'WatchlistItem' update operation succeeded", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "201": { + "description": "Resource 'WatchlistItem' create operation succeeded", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create or update a watchlist item.": { + "$ref": "./examples/watchlists/CreateWatchlistItem.json" + } + } + }, + "delete": { + "operationId": "WatchlistItems_Delete", + "tags": [ + "WatchlistItems" + ], + "description": "Delete a watchlist item.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + }, + { + "name": "watchlistItemId", + "in": "path", + "description": "The watchlist item id (GUID)", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a watchlist item.": { + "$ref": "./examples/watchlists/DeleteWatchlistItem.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments": { + "get": { + "operationId": "WorkspaceManagerAssignments_List", + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Get all workspace manager assignments for the Sentinel workspace manager.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignmentList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get all workspace manager assignments for the Sentinel workspace manager.": { + "$ref": "./examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}": { + "get": { + "operationId": "WorkspaceManagerAssignments_Get", + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Gets a workspace manager assignment", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerAssignmentName", + "in": "path", + "description": "The name of the workspace manager assignment", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get a workspace manager assignment": { + "$ref": "./examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json" + } + } + }, + "put": { + "operationId": "WorkspaceManagerAssignments_CreateOrUpdate", + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Creates or updates a workspace manager assignment.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerAssignmentName", + "in": "path", + "description": "The name of the workspace manager assignment", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerAssignment", + "in": "body", + "description": "The workspace manager assignment", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + } + ], + "responses": { + "200": { + "description": "Resource 'WorkspaceManagerAssignment' update operation succeeded", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "201": { + "description": "Resource 'WorkspaceManagerAssignment' create operation succeeded", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Creates or updates a workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json" + } + } + }, + "delete": { + "operationId": "WorkspaceManagerAssignments_Delete", + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Deletes a workspace manager assignment", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerAssignmentName", + "in": "path", + "description": "The name of the workspace manager assignment", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs": { + "get": { + "operationId": "WorkspaceManagerAssignmentJobs_List", + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Get all jobs for the specified workspace manager assignment", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerAssignmentName", + "in": "path", + "description": "The name of the workspace manager assignment", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/JobList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get all jobs for the specified Sentinel workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/GetAllJobs.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + }, + "post": { + "operationId": "WorkspaceManagerAssignmentJobs_Create", + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Create a job for the specified workspace manager assignment", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerAssignmentName", + "in": "path", + "description": "The name of the workspace manager assignment", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Job" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Creates a job for the specified workspace manager assignment": { + "$ref": "./examples/workspaceManagerAssignments/CreateJob.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}": { + "get": { + "operationId": "WorkspaceManagerAssignmentJobs_Get", + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Gets a job", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerAssignmentName", + "in": "path", + "description": "The name of the workspace manager assignment", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "jobName", + "in": "path", + "description": "The job name", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Job" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get a workspace manager job": { + "$ref": "./examples/workspaceManagerAssignments/GetJob.json" + } + } + }, + "delete": { + "operationId": "WorkspaceManagerAssignmentJobs_Delete", + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Deletes the specified job from the specified workspace manager assignment", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerAssignmentName", + "in": "path", + "description": "The name of the workspace manager assignment", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "jobName", + "in": "path", + "description": "The job name", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a workspace manager job.": { + "$ref": "./examples/workspaceManagerAssignments/DeleteJob.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations": { + "get": { + "operationId": "WorkspaceManagerConfigurations_List", + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Gets all workspace manager configurations for a Sentinel workspace.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfigurationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get all workspace manager configurations for a Sentinel workspace.": { + "$ref": "./examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}": { + "get": { + "operationId": "WorkspaceManagerConfigurations_Get", + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Gets a workspace manager configuration", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerConfigurationName", + "in": "path", + "description": "The name of the workspace manager configuration", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get a workspace manager configuration.": { + "$ref": "./examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json" + } + } + }, + "put": { + "operationId": "WorkspaceManagerConfigurations_CreateOrUpdate", + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Creates or updates a workspace manager configuration.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerConfigurationName", + "in": "path", + "description": "The name of the workspace manager configuration", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerConfiguration", + "in": "body", + "description": "The workspace manager configuration", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + } + ], + "responses": { + "200": { + "description": "Resource 'WorkspaceManagerConfiguration' update operation succeeded", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "201": { + "description": "Resource 'WorkspaceManagerConfiguration' create operation succeeded", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or Update a workspace manager Configuration": { + "$ref": "./examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json" + } + } + }, + "delete": { + "operationId": "WorkspaceManagerConfigurations_Delete", + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Deletes a workspace manager configuration", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerConfigurationName", + "in": "path", + "description": "The name of the workspace manager configuration", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a workspace manager configuration.": { + "$ref": "./examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups": { + "get": { + "operationId": "WorkspaceManagerGroups_List", + "tags": [ + "workspaceManagerGroups" + ], + "description": "Gets all workspace manager groups in the Sentinel workspace manager", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroupList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get all workspace manager groups in the Sentinel workspace manager.": { + "$ref": "./examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}": { + "get": { + "operationId": "WorkspaceManagerGroups_Get", + "tags": [ + "workspaceManagerGroups" + ], + "description": "Gets a workspace manager group", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerGroupName", + "in": "path", + "description": "The name of the workspace manager group", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get a workspace manager group": { + "$ref": "./examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json" + } + } + }, + "put": { + "operationId": "WorkspaceManagerGroups_CreateOrUpdate", + "tags": [ + "workspaceManagerGroups" + ], + "description": "Creates or updates a workspace manager group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerGroupName", + "in": "path", + "description": "The name of the workspace manager group", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerGroup", + "in": "body", + "description": "The workspace manager group object", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + } + ], + "responses": { + "200": { + "description": "Resource 'WorkspaceManagerGroup' update operation succeeded", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "201": { + "description": "Resource 'WorkspaceManagerGroup' create operation succeeded", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Creates or updates a workspace manager group.": { + "$ref": "./examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json" + } + } + }, + "delete": { + "operationId": "WorkspaceManagerGroups_Delete", + "tags": [ + "workspaceManagerGroups" + ], + "description": "Deletes a workspace manager group", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerGroupName", + "in": "path", + "description": "The name of the workspace manager group", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a workspace manager group.": { + "$ref": "./examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers": { + "get": { + "operationId": "WorkspaceManagerMembers_List", + "tags": [ + "workspaceManagerMember" + ], + "description": "Gets all workspace manager members that exist for the given Sentinel workspace manager", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMembersList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get all workspace manager members": { + "$ref": "./examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}": { + "get": { + "operationId": "WorkspaceManagerMembers_Get", + "tags": [ + "workspaceManagerMember" + ], + "description": "Gets a workspace manager member", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerMemberName", + "in": "path", + "description": "The name of the workspace manager member", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/GetWorkspaceManagerMember.json" + } + } + }, + "put": { + "operationId": "WorkspaceManagerMembers_CreateOrUpdate", + "tags": [ + "workspaceManagerMember" + ], + "description": "Creates or updates a workspace manager member", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerMemberName", + "in": "path", + "description": "The name of the workspace manager member", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerMember", + "in": "body", + "description": "The workspace manager member object", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + } + ], + "responses": { + "200": { + "description": "Resource 'WorkspaceManagerMember' update operation succeeded", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "201": { + "description": "Resource 'WorkspaceManagerMember' create operation succeeded", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or Update a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json" + } + } + }, + "delete": { + "operationId": "WorkspaceManagerMembers_Delete", + "tags": [ + "workspaceManagerMember" + ], + "description": "Deletes a workspace manager member", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "workspaceManagerMemberName", + "in": "path", + "description": "The name of the workspace manager member", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json" + } + } + } + } + }, + "definitions": { + "AADCheckRequirements": { + "type": "object", + "description": "Represents AADIP (Azure Active Directory Identity Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/AADCheckRequirementsProperties", + "description": "AADIP (Azure Active Directory Identity Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADCheckRequirementsProperties": { + "type": "object", + "description": "AADIP (Azure Active Directory Identity Protection) requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "AADDataConnector": { + "type": "object", + "description": "Represents AADIP (Azure Active Directory Identity Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AADDataConnectorProperties", + "description": "AADIP (Azure Active Directory Identity Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADDataConnectorProperties": { + "type": "object", + "description": "AADIP (Azure Active Directory Identity Protection) data connector properties.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "required": [ + "tenantId" + ] + }, + "AATPCheckRequirements": { + "type": "object", + "description": "Represents AATP (Azure Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPCheckRequirementsProperties", + "description": "AATP (Azure Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPCheckRequirementsProperties": { + "type": "object", + "description": "AATP (Azure Advanced Threat Protection) requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "AATPDataConnector": { + "type": "object", + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPDataConnectorProperties", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPDataConnectorProperties": { + "type": "object", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "required": [ + "tenantId" + ] + }, + "ASCCheckRequirements": { + "type": "object", + "description": "Represents ASC (Azure Security Center) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCCheckRequirementsProperties", + "description": "ASC (Azure Security Center) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCCheckRequirementsProperties": { + "type": "object", + "description": "ASC (Azure Security Center) requirements check properties.", + "properties": { + "subscriptionId": { + "type": "string", + "description": "The subscription id to connect to, and get the data from." + } + } + }, + "ASCDataConnector": { + "type": "object", + "description": "Represents ASC (Azure Security Center) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCDataConnectorProperties", + "description": "ASC (Azure Security Center) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCDataConnectorProperties": { + "type": "object", + "description": "ASC (Azure Security Center) data connector properties.", + "properties": { + "subscriptionId": { + "type": "string", + "description": "The subscription id to connect to, and get the data from." + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ] + }, + "AWSAuthModel": { + "type": "object", + "description": "Model for API authentication with AWS.", + "properties": { + "roleArn": { + "type": "string", + "description": "AWS STS assume role ARN" + }, + "externalId": { + "type": "string", + "description": "AWS STS assume role external ID. This is used to prevent the confused deputy problem: 'https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html'" + } + }, + "required": [ + "roleArn" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "AWS" + }, + "AccountEntity": { + "type": "object", + "description": "Represents an account entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AccountEntityProperties", + "description": "Account entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Account" + }, + "AccountEntityProperties": { + "type": "object", + "description": "Account entity property bag.", + "properties": { + "aadTenantId": { + "type": "string", + "description": "The Azure Active Directory tenant id.", + "readOnly": true + }, + "aadUserId": { + "type": "string", + "description": "The Azure Active Directory user id.", + "readOnly": true + }, + "accountName": { + "type": "string", + "description": "The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.", + "readOnly": true + }, + "displayName": { + "type": "string", + "description": "The display name of the account.", + "readOnly": true + }, + "hostEntityId": { + "type": "string", + "description": "The Host entity id that contains the account in case it is a local account (not domain joined)", + "readOnly": true + }, + "isDomainJoined": { + "type": "boolean", + "description": "Determines whether this is a domain account.", + "readOnly": true + }, + "ntDomain": { + "type": "string", + "description": "The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY.", + "readOnly": true + }, + "objectGuid": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.", + "readOnly": true + }, + "puid": { + "type": "string", + "description": "The Azure Active Directory Passport User ID.", + "readOnly": true + }, + "sid": { + "type": "string", + "description": "The account security identifier, e.g. S-1-5-18.", + "readOnly": true + }, + "upnSuffix": { + "type": "string", + "description": "The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.", + "readOnly": true + }, + "dnsDomain": { + "type": "string", + "description": "The fully qualified domain DNS name.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "ActionPropertiesBase": { + "type": "object", + "description": "Action property bag base.", + "properties": { + "logicAppResourceId": { + "type": "string", + "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}." + } + }, + "required": [ + "logicAppResourceId" + ] + }, + "ActionRequest": { + "type": "object", + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionRequestProperties", + "description": "Action properties for put request", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ] + }, + "ActionRequestProperties": { + "type": "object", + "description": "Action property bag.", + "properties": { + "triggerUri": { + "type": "string", + "format": "password", + "description": "Logic App Callback URL for this specific workflow.", + "x-ms-secret": true + } + }, + "required": [ + "triggerUri" + ], + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ] + }, + "ActionResponse": { + "type": "object", + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionResponseProperties", + "description": "Action properties for get request", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the action." + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "ActionResponseProperties": { + "type": "object", + "description": "Action property bag.", + "properties": { + "workflowId": { + "type": "string", + "description": "The name of the logic app's workflow." + } + }, + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ] + }, + "ActionType": { + "type": "string", + "description": "The type of the automation rule action.", + "enum": [ + "ModifyProperties", + "RunPlaybook", + "AddIncidentTask" + ], + "x-ms-enum": { + "name": "ActionType", + "modelAsString": true, + "values": [ + { + "name": "ModifyProperties", + "value": "ModifyProperties", + "description": "Modify an object's properties" + }, + { + "name": "RunPlaybook", + "value": "RunPlaybook", + "description": "Run a playbook on an object" + }, + { + "name": "AddIncidentTask", + "value": "AddIncidentTask", + "description": "Add a task to an incident object" + } + ] + } + }, + "ActionsList": { + "type": "object", + "description": "List all the actions.", + "properties": { + "value": { + "type": "array", + "description": "The ActionResponse items on this page", + "items": { + "$ref": "#/definitions/ActionResponse" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "ActivityCustomEntityQuery": { + "type": "object", + "description": "Represents Activity entity query.", + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueriesProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/CustomEntityQuery" + } + ], + "x-ms-discriminator-value": "Activity" + }, + "ActivityEntityQueriesProperties": { + "type": "object", + "description": "Describes activity entity query properties", + "properties": { + "title": { + "type": "string", + "description": "The entity query title" + }, + "content": { + "type": "string", + "description": "The entity query content to display in timeline" + }, + "description": { + "type": "string", + "description": "The entity query description" + }, + "queryDefinitions": { + "$ref": "#/definitions/ActivityEntityQueriesPropertiesQueryDefinitions", + "description": "The Activity query definitions" + }, + "inputEntityType": { + "$ref": "#/definitions/EntityType", + "description": "The type of the query's source entity" + }, + "requiredInputFieldsSets": { + "type": "array", + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "entitiesFilter": { + "type": "object", + "description": "The query applied only to entities matching to all filters", + "additionalProperties": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "templateName": { + "type": "string", + "description": "The template id this activity was created from" + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this activity is enabled or disabled." + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the activity was created", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The last time the activity was updated", + "readOnly": true + } + } + }, + "ActivityEntityQueriesPropertiesQueryDefinitions": { + "type": "object", + "description": "The Activity query definitions", + "properties": { + "query": { + "type": "string", + "description": "The Activity query to run on a given entity" + } + } + }, + "ActivityEntityQuery": { + "type": "object", + "description": "Represents Activity entity query.", + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueriesProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "x-ms-discriminator-value": "Activity" + }, + "ActivityEntityQueryTemplate": { + "type": "object", + "description": "Represents Activity entity query.", + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueryTemplateProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityQueryTemplate" + } + ], + "x-ms-discriminator-value": "Activity" + }, + "ActivityEntityQueryTemplateProperties": { + "type": "object", + "description": "Describes activity entity query properties", + "properties": { + "title": { + "type": "string", + "description": "The entity query title" + }, + "content": { + "type": "string", + "description": "The entity query content to display in timeline" + }, + "description": { + "type": "string", + "description": "The entity query description" + }, + "queryDefinitions": { + "$ref": "#/definitions/ActivityEntityQueryTemplatePropertiesQueryDefinitions", + "description": "The Activity query definitions" + }, + "dataTypes": { + "type": "array", + "description": "List of required data types for the given entity query template", + "items": { + "$ref": "#/definitions/DataTypeDefinitions" + } + }, + "inputEntityType": { + "$ref": "#/definitions/EntityType", + "description": "The type of the query's source entity" + }, + "requiredInputFieldsSets": { + "type": "array", + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "entitiesFilter": { + "type": "object", + "description": "The query applied only to entities matching to all filters", + "additionalProperties": { + "items": { + "type": "string" + }, + "type": "array" + } + } + } + }, + "ActivityEntityQueryTemplatePropertiesQueryDefinitions": { + "type": "object", + "description": "The Activity query definitions", + "properties": { + "query": { + "type": "string", + "description": "The Activity query to run on a given entity" + }, + "summarizeBy": { + "type": "string", + "description": "The dimensions we want to summarize the timeline results on, this is comma separated list" + } + } + }, + "ActivityTimelineItem": { + "type": "object", + "description": "Represents Activity timeline item.", + "properties": { + "queryId": { + "type": "string", + "description": "The activity query id." + }, + "bucketStartTimeUTC": { + "type": "string", + "format": "date-time", + "description": "The grouping bucket start time." + }, + "bucketEndTimeUTC": { + "type": "string", + "format": "date-time", + "description": "The grouping bucket end time." + }, + "firstActivityTimeUTC": { + "type": "string", + "format": "date-time", + "description": "The time of the first activity in the grouping bucket." + }, + "lastActivityTimeUTC": { + "type": "string", + "format": "date-time", + "description": "The time of the last activity in the grouping bucket." + }, + "content": { + "type": "string", + "description": "The activity timeline content." + }, + "title": { + "type": "string", + "description": "The activity timeline title." + } + }, + "required": [ + "queryId", + "bucketStartTimeUTC", + "bucketEndTimeUTC", + "firstActivityTimeUTC", + "lastActivityTimeUTC", + "content", + "title" + ], + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "x-ms-discriminator-value": "Activity" + }, + "AddIncidentTaskActionProperties": { + "type": "object", + "properties": { + "title": { + "type": "string", + "description": "The title of the task." + }, + "description": { + "type": "string", + "description": "The description of the task." + } + }, + "required": [ + "title" + ] + }, + "AlertDetail": { + "type": "string", + "description": "Alert detail", + "enum": [ + "DisplayName", + "Severity" + ], + "x-ms-enum": { + "name": "AlertDetail", + "modelAsString": true, + "values": [ + { + "name": "DisplayName", + "value": "DisplayName", + "description": "Alert display name" + }, + { + "name": "Severity", + "value": "Severity", + "description": "Alert severity" + } + ] + } + }, + "AlertDetailsOverride": { + "type": "object", + "description": "Settings for how to dynamically override alert static details", + "properties": { + "alertDisplayNameFormat": { + "type": "string", + "description": "the format containing columns name(s) to override the alert name" + }, + "alertDescriptionFormat": { + "type": "string", + "description": "the format containing columns name(s) to override the alert description" + }, + "alertTacticsColumnName": { + "type": "string", + "description": "the column name to take the alert tactics from" + }, + "alertSeverityColumnName": { + "type": "string", + "description": "the column name to take the alert severity from" + }, + "alertDynamicProperties": { + "type": "array", + "description": "List of additional dynamic properties to override", + "items": { + "$ref": "#/definitions/AlertPropertyMapping" + }, + "x-ms-identifiers": [] + } + } + }, + "AlertProperty": { + "type": "string", + "description": "The V3 alert property", + "enum": [ + "AlertLink", + "ConfidenceLevel", + "ConfidenceScore", + "ExtendedLinks", + "ProductName", + "ProviderName", + "ProductComponentName", + "RemediationSteps", + "Techniques", + "SubTechniques" + ], + "x-ms-enum": { + "name": "AlertProperty", + "modelAsString": true, + "values": [ + { + "name": "AlertLink", + "value": "AlertLink", + "description": "Alert's link" + }, + { + "name": "ConfidenceLevel", + "value": "ConfidenceLevel", + "description": "Confidence level property" + }, + { + "name": "ConfidenceScore", + "value": "ConfidenceScore", + "description": "Confidence score" + }, + { + "name": "ExtendedLinks", + "value": "ExtendedLinks", + "description": "Extended links to the alert" + }, + { + "name": "ProductName", + "value": "ProductName", + "description": "Product name alert property" + }, + { + "name": "ProviderName", + "value": "ProviderName", + "description": "Provider name alert property" + }, + { + "name": "ProductComponentName", + "value": "ProductComponentName", + "description": "Product component name alert property" + }, + { + "name": "RemediationSteps", + "value": "RemediationSteps", + "description": "Remediation steps alert property" + }, + { + "name": "Techniques", + "value": "Techniques", + "description": "Techniques alert property" + }, + { + "name": "SubTechniques", + "value": "SubTechniques", + "description": "SubTechniques alert property" + } + ] + } + }, + "AlertPropertyMapping": { + "type": "object", + "description": "A single alert property mapping to override", + "properties": { + "alertProperty": { + "$ref": "#/definitions/AlertProperty", + "description": "The V3 alert property" + }, + "value": { + "type": "string", + "description": "the column name to use to override this property" + } + } + }, + "AlertRule": { + "type": "object", + "description": "Alert rule.", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "AlertRuleKind": { + "type": "string", + "description": "The kind of the alert rule", + "enum": [ + "Scheduled", + "MicrosoftSecurityIncidentCreation", + "Fusion", + "MLBehaviorAnalytics", + "ThreatIntelligence", + "NRT" + ], + "x-ms-enum": { + "name": "AlertRuleKind", + "modelAsString": true, + "values": [ + { + "name": "Scheduled", + "value": "Scheduled", + "description": "Scheduled" + }, + { + "name": "MicrosoftSecurityIncidentCreation", + "value": "MicrosoftSecurityIncidentCreation", + "description": "MicrosoftSecurityIncidentCreation" + }, + { + "name": "Fusion", + "value": "Fusion", + "description": "Fusion" + }, + { + "name": "MLBehaviorAnalytics", + "value": "MLBehaviorAnalytics", + "description": "MLBehaviorAnalytics" + }, + { + "name": "ThreatIntelligence", + "value": "ThreatIntelligence", + "description": "ThreatIntelligence" + }, + { + "name": "NRT", + "value": "NRT", + "description": "NRT" + } + ] + } + }, + "AlertRuleTemplate": { + "type": "object", + "description": "Alert rule template.", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "AlertRuleTemplateDataSource": { + "type": "object", + "description": "alert rule template data sources", + "properties": { + "connectorId": { + "type": "string", + "description": "The connector id that provides the following data types" + }, + "dataTypes": { + "type": "array", + "description": "The data types used by the alert rule template", + "items": { + "type": "string" + } + } + } + }, + "AlertRuleTemplatePropertiesBase": { + "type": "object", + "description": "Base alert rule template property bag.", + "properties": { + "alertRulesCreatedByTemplateCount": { + "type": "integer", + "format": "int32", + "description": "The number of alert rules that were created by this template" + }, + "lastUpdatedDateUTC": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert rule template has been updated.", + "readOnly": true + }, + "createdDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template has been added.", + "readOnly": true + }, + "description": { + "type": "string", + "description": "The description of the alert rule template." + }, + "displayName": { + "type": "string", + "description": "The display name for alert rule template." + }, + "requiredDataConnectors": { + "type": "array", + "description": "The required data sources for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ] + }, + "status": { + "$ref": "#/definitions/TemplateStatus", + "description": "The alert rule template status." + } + } + }, + "AlertRuleTemplateWithMitreProperties": { + "type": "object", + "description": "Alert rule template with MITRE property bag.", + "properties": { + "tactics": { + "type": "array", + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + } + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ] + }, + "AlertRuleTemplatesList": { + "type": "object", + "description": "List all the alert rule templates.", + "properties": { + "value": { + "type": "array", + "description": "The AlertRuleTemplate items on this page", + "items": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "AlertRulesList": { + "type": "object", + "description": "List all the alert rules.", + "properties": { + "value": { + "type": "array", + "description": "The AlertRule items on this page", + "items": { + "$ref": "#/definitions/AlertRule" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "AlertSeverity": { + "type": "string", + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "x-ms-enum": { + "name": "AlertSeverity", + "modelAsString": true, + "values": [ + { + "name": "High", + "value": "High", + "description": "High severity" + }, + { + "name": "Medium", + "value": "Medium", + "description": "Medium severity" + }, + { + "name": "Low", + "value": "Low", + "description": "Low severity" + }, + { + "name": "Informational", + "value": "Informational", + "description": "Informational severity" + } + ] + } + }, + "AlertStatus": { + "type": "string", + "description": "The lifecycle status of the alert.", + "enum": [ + "Unknown", + "New", + "Resolved", + "Dismissed", + "InProgress" + ], + "x-ms-enum": { + "name": "AlertStatus", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown value" + }, + { + "name": "New", + "value": "New", + "description": "New alert" + }, + { + "name": "Resolved", + "value": "Resolved", + "description": "Alert closed after handling" + }, + { + "name": "Dismissed", + "value": "Dismissed", + "description": "Alert dismissed as false positive" + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "Alert is being handled" + } + ] + } + }, + "AlertsDataTypeOfDataConnector": { + "type": "object", + "description": "Alerts data type for data connectors.", + "properties": { + "alerts": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Alerts data type connection." + } + }, + "required": [ + "alerts" + ] + }, + "AnalyticsRuleRunTrigger": { + "type": "object", + "description": "Analytics Rule Run Trigger request", + "properties": { + "properties": { + "$ref": "#/definitions/AnalyticsRuleRunTriggerProperties", + "description": "The analytics Rule Run Trigger request", + "x-ms-client-flatten": true + } + }, + "required": [ + "properties" + ] + }, + "AnalyticsRuleRunTriggerProperties": { + "type": "object", + "description": "The Analytics Rule Run Trigger properties", + "properties": { + "executionTimeUtc": { + "type": "string", + "format": "date-time" + } + }, + "required": [ + "executionTimeUtc" + ] + }, + "Anomalies": { + "type": "object", + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/AnomaliesSettingsProperties", + "description": "Anomalies properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "x-ms-discriminator-value": "Anomalies" + }, + "AnomaliesSettingsProperties": { + "type": "object", + "description": "Anomalies property bag.", + "properties": { + "isEnabled": { + "type": "boolean", + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true + } + } + }, + "AnomalySecurityMLAnalyticsSettings": { + "type": "object", + "description": "Represents Anomaly Security ML Analytics Settings", + "properties": { + "properties": { + "$ref": "#/definitions/AnomalySecurityMLAnalyticsSettingsProperties", + "description": "Anomaly Security ML Analytics Settings properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + ], + "x-ms-discriminator-value": "Anomaly" + }, + "AnomalySecurityMLAnalyticsSettingsProperties": { + "type": "object", + "description": "AnomalySecurityMLAnalytics settings base property bag.", + "properties": { + "description": { + "type": "string", + "description": "The description of the SecurityMLAnalyticsSettings." + }, + "displayName": { + "type": "string", + "description": "The display name for settings created by this SecurityMLAnalyticsSettings." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this settings is enabled or disabled." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this SecurityMLAnalyticsSettings has been modified.", + "readOnly": true + }, + "requiredDataConnectors": { + "type": "array", + "description": "The required data sources for this SecurityMLAnalyticsSettings", + "items": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ] + }, + "tactics": { + "type": "array", + "description": "The tactics of the SecurityMLAnalyticsSettings", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the SecurityMLAnalyticsSettings", + "items": { + "type": "string" + } + }, + "anomalyVersion": { + "type": "string", + "description": "The anomaly version of the AnomalySecurityMLAnalyticsSettings." + }, + "customizableObservations": { + "description": "The customizable observations of the AnomalySecurityMLAnalyticsSettings." + }, + "frequency": { + "type": "string", + "format": "duration", + "description": "The frequency that this SecurityMLAnalyticsSettings will be run." + }, + "settingsStatus": { + "$ref": "#/definitions/SettingsStatus", + "description": "The anomaly SecurityMLAnalyticsSettings status" + }, + "isDefaultSettings": { + "type": "boolean", + "description": "Determines whether this anomaly security ml analytics settings is a default settings" + }, + "anomalySettingsVersion": { + "type": "integer", + "format": "int32", + "description": "The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not." + }, + "settingsDefinitionId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The anomaly settings definition Id" + } + }, + "required": [ + "displayName", + "enabled", + "anomalyVersion", + "frequency", + "settingsStatus", + "isDefaultSettings" + ] + }, + "AnomalyTimelineItem": { + "type": "object", + "description": "Represents anomaly timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The anomaly azure resource id." + }, + "productName": { + "type": "string", + "description": "The anomaly product name." + }, + "description": { + "type": "string", + "description": "The anomaly description." + }, + "displayName": { + "type": "string", + "description": "The anomaly name." + }, + "endTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The anomaly end time." + }, + "startTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The anomaly start time." + }, + "timeGenerated": { + "type": "string", + "format": "date-time", + "description": "The anomaly generated time." + }, + "vendor": { + "type": "string", + "description": "The name of the anomaly vendor." + }, + "intent": { + "type": "string", + "description": "The intent of the anomaly." + }, + "techniques": { + "type": "array", + "description": "The techniques of the anomaly.", + "items": { + "type": "string" + } + }, + "reasons": { + "type": "array", + "description": "The reasons that cause the anomaly.", + "items": { + "type": "string" + } + } + }, + "required": [ + "azureResourceId", + "displayName", + "endTimeUtc", + "startTimeUtc", + "timeGenerated" + ], + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "x-ms-discriminator-value": "Anomaly" + }, + "AntispamMailDirection": { + "type": "string", + "description": "The directionality of this mail message", + "enum": [ + "Unknown", + "Inbound", + "Outbound", + "Intraorg" + ], + "x-ms-enum": { + "name": "AntispamMailDirection", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown" + }, + { + "name": "Inbound", + "value": "Inbound", + "description": "Inbound" + }, + { + "name": "Outbound", + "value": "Outbound", + "description": "Outbound" + }, + { + "name": "Intraorg", + "value": "Intraorg", + "description": "Intraorg" + } + ] + } + }, + "ApiKeyAuthModel": { + "type": "object", + "description": "Model for authentication with the API Key. Will result in additional header on the request (default behavior) to the remote server: 'ApiKeyName: ApiKeyIdentifier ApiKey'. If 'IsApiKeyInPostPayload' is true it will send it in the body of the request and not the header.", + "properties": { + "apiKey": { + "type": "string", + "description": "API Key for the user secret key credential" + }, + "apiKeyName": { + "type": "string", + "description": "API Key name" + }, + "apiKeyIdentifier": { + "type": "string", + "description": "API Key Identifier" + }, + "isApiKeyInPostPayload": { + "type": "boolean", + "description": "Flag to indicate if API key is set in HTTP POST payload" + } + }, + "required": [ + "apiKey", + "apiKeyName" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "APIKey" + }, + "ApiPollingParameters": { + "type": "object", + "description": "Represents Codeless API Polling data connector", + "properties": { + "connectorUiConfig": { + "$ref": "#/definitions/CodelessUiConnectorConfigProperties", + "description": "Config to describe the instructions blade" + }, + "pollingConfig": { + "$ref": "#/definitions/CodelessConnectorPollingConfigProperties", + "description": "Config to describe the polling instructions" + } + } + }, + "AttackPattern": { + "type": "object", + "description": "Represents an attack pattern in Azure Security Insights.", + "allOf": [ + { + "$ref": "#/definitions/TIObject" + } + ], + "x-ms-discriminator-value": "AttackPattern" + }, + "AttackTactic": { + "type": "string", + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "Reconnaissance", + "ResourceDevelopment", + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "PreAttack", + "ImpairProcessControl", + "InhibitResponseFunction" + ], + "x-ms-enum": { + "name": "AttackTactic", + "modelAsString": true, + "values": [ + { + "name": "Reconnaissance", + "value": "Reconnaissance", + "description": "Reconnaissance" + }, + { + "name": "ResourceDevelopment", + "value": "ResourceDevelopment", + "description": "ResourceDevelopment" + }, + { + "name": "InitialAccess", + "value": "InitialAccess", + "description": "InitialAccess" + }, + { + "name": "Execution", + "value": "Execution", + "description": "Execution" + }, + { + "name": "Persistence", + "value": "Persistence", + "description": "Persistence" + }, + { + "name": "PrivilegeEscalation", + "value": "PrivilegeEscalation", + "description": "PrivilegeEscalation" + }, + { + "name": "DefenseEvasion", + "value": "DefenseEvasion", + "description": "DefenseEvasion" + }, + { + "name": "CredentialAccess", + "value": "CredentialAccess", + "description": "CredentialAccess" + }, + { + "name": "Discovery", + "value": "Discovery", + "description": "Discovery" + }, + { + "name": "LateralMovement", + "value": "LateralMovement", + "description": "LateralMovement" + }, + { + "name": "Collection", + "value": "Collection", + "description": "Collection" + }, + { + "name": "Exfiltration", + "value": "Exfiltration", + "description": "Exfiltration" + }, + { + "name": "CommandAndControl", + "value": "CommandAndControl", + "description": "CommandAndControl" + }, + { + "name": "Impact", + "value": "Impact", + "description": "Impact" + }, + { + "name": "PreAttack", + "value": "PreAttack", + "description": "PreAttack" + }, + { + "name": "ImpairProcessControl", + "value": "ImpairProcessControl", + "description": "ImpairProcessControl" + }, + { + "name": "InhibitResponseFunction", + "value": "InhibitResponseFunction", + "description": "InhibitResponseFunction" + } + ] + } + }, + "AutomationRule": { + "type": "object", + "description": "Concrete proxy resource types can be created by aliasing this type using a specific property type.", + "properties": { + "properties": { + "$ref": "#/definitions/AutomationRuleProperties", + "description": "Automation rule properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "required": [ + "properties" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "AutomationRuleAction": { + "type": "object", + "description": "Describes an automation rule action.", + "properties": { + "order": { + "type": "integer", + "format": "int32" + }, + "actionType": { + "$ref": "#/definitions/ActionType", + "description": "The type of the automation rule action." + } + }, + "discriminator": "actionType", + "required": [ + "order", + "actionType" + ] + }, + "AutomationRuleAddIncidentTaskAction": { + "type": "object", + "description": "Describes an automation rule action to add a task to an incident", + "properties": { + "actionConfiguration": { + "$ref": "#/definitions/AddIncidentTaskActionProperties" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "x-ms-discriminator-value": "AddIncidentTask" + }, + "AutomationRuleBooleanCondition": { + "type": "object", + "properties": { + "operator": { + "$ref": "#/definitions/AutomationRuleBooleanConditionSupportedOperator" + }, + "innerConditions": { + "type": "array", + "minItems": 2, + "maxItems": 10, + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [] + } + } + }, + "AutomationRuleBooleanConditionSupportedOperator": { + "type": "string", + "enum": [ + "And", + "Or" + ], + "x-ms-enum": { + "name": "AutomationRuleBooleanConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "name": "And", + "value": "And", + "description": "Evaluates as true if all the item conditions are evaluated as true" + }, + { + "name": "Or", + "value": "Or", + "description": "Evaluates as true if at least one of the item conditions are evaluated as true" + } + ] + } + }, + "AutomationRuleCondition": { + "type": "object", + "description": "Describes an automation rule condition.", + "properties": { + "conditionType": { + "$ref": "#/definitions/ConditionType" + } + }, + "discriminator": "conditionType", + "required": [ + "conditionType" + ] + }, + "AutomationRuleModifyPropertiesAction": { + "type": "object", + "description": "Describes an automation rule action to modify an object's properties", + "properties": { + "actionConfiguration": { + "$ref": "#/definitions/IncidentPropertiesAction" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "x-ms-discriminator-value": "ModifyProperties" + }, + "AutomationRuleProperties": { + "type": "object", + "description": "Automation rule properties", + "properties": { + "displayName": { + "type": "string", + "description": "The display name of the automation rule.", + "maxLength": 500 + }, + "order": { + "type": "integer", + "format": "int32", + "description": "The order of execution of the automation rule.", + "minimum": 1, + "maximum": 1000 + }, + "triggeringLogic": { + "$ref": "#/definitions/AutomationRuleTriggeringLogic", + "description": "Describes automation rule triggering logic." + }, + "actions": { + "type": "array", + "description": "The actions to execute when the automation rule is triggered.", + "maxItems": 20, + "items": { + "$ref": "#/definitions/AutomationRuleAction" + }, + "x-ms-identifiers": [] + }, + "lastModifiedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The last time the automation rule was updated.", + "readOnly": true + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the automation rule was created.", + "readOnly": true + }, + "lastModifiedBy": { + "$ref": "#/definitions/ClientInfo", + "description": "Information on the client (user or application) that made some action", + "readOnly": true + }, + "createdBy": { + "$ref": "#/definitions/ClientInfo", + "description": "Information on the client (user or application) that made some action", + "readOnly": true + } + }, + "required": [ + "displayName", + "order", + "triggeringLogic", + "actions" + ] + }, + "AutomationRulePropertyArrayChangedConditionSupportedArrayType": { + "type": "string", + "enum": [ + "Alerts", + "Labels", + "Tactics", + "Comments" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "name": "Alerts", + "value": "Alerts", + "description": "Evaluate the condition on the alerts" + }, + { + "name": "Labels", + "value": "Labels", + "description": "Evaluate the condition on the labels" + }, + { + "name": "Tactics", + "value": "Tactics", + "description": "Evaluate the condition on the tactics" + }, + { + "name": "Comments", + "value": "Comments", + "description": "Evaluate the condition on the comments" + } + ] + } + }, + "AutomationRulePropertyArrayChangedConditionSupportedChangeType": { + "type": "string", + "enum": [ + "Added" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedChangeType", + "modelAsString": true, + "values": [ + { + "name": "Added", + "value": "Added", + "description": "Evaluate the condition on items added to the array" + } + ] + } + }, + "AutomationRulePropertyArrayChangedValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedArrayType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedChangeType" + } + } + }, + "AutomationRulePropertyArrayConditionSupportedArrayConditionType": { + "type": "string", + "enum": [ + "AnyItem", + "AllItems" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyArrayConditionSupportedArrayConditionType", + "modelAsString": true, + "values": [ + { + "name": "AnyItem", + "value": "AnyItem", + "description": "Evaluate the condition as true if any item fulfills it" + }, + { + "name": "AllItems", + "value": "AllItems", + "description": "Evaluate the condition as true if all the items fulfill it" + } + ] + } + }, + "AutomationRulePropertyArrayConditionSupportedArrayType": { + "type": "string", + "enum": [ + "CustomDetails", + "CustomDetailValues", + "IncidentLabels" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyArrayConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "name": "CustomDetails", + "value": "CustomDetails", + "description": "Evaluate the condition on the custom detail keys" + }, + { + "name": "CustomDetailValues", + "value": "CustomDetailValues", + "description": "Evaluate the condition on a custom detail's values" + }, + { + "name": "IncidentLabels", + "value": "IncidentLabels", + "description": "Evaluate the condition on the incident labels" + } + ] + } + }, + "AutomationRulePropertyArrayValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayType" + }, + "arrayConditionType": { + "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayConditionType" + }, + "itemConditions": { + "type": "array", + "maxItems": 10, + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [] + } + } + }, + "AutomationRulePropertyChangedConditionSupportedChangedType": { + "type": "string", + "enum": [ + "ChangedFrom", + "ChangedTo" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedChangedType", + "modelAsString": true, + "values": [ + { + "name": "ChangedFrom", + "value": "ChangedFrom", + "description": "Evaluate the condition on the previous value of the property" + }, + { + "name": "ChangedTo", + "value": "ChangedTo", + "description": "Evaluate the condition on the updated value of the property" + } + ] + } + }, + "AutomationRulePropertyChangedConditionSupportedPropertyType": { + "type": "string", + "enum": [ + "IncidentSeverity", + "IncidentStatus", + "IncidentOwner" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedPropertyType", + "modelAsString": true, + "values": [ + { + "name": "IncidentSeverity", + "value": "IncidentSeverity", + "description": "Evaluate the condition on the incident severity" + }, + { + "name": "IncidentStatus", + "value": "IncidentStatus", + "description": "Evaluate the condition on the incident status" + }, + { + "name": "IncidentOwner", + "value": "IncidentOwner", + "description": "Evaluate the condition on the incident owner" + } + ] + } + }, + "AutomationRulePropertyConditionSupportedOperator": { + "type": "string", + "enum": [ + "Equals", + "NotEquals", + "Contains", + "NotContains", + "StartsWith", + "NotStartsWith", + "EndsWith", + "NotEndsWith" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "name": "Equals", + "value": "Equals", + "description": "Evaluates if the property equals at least one of the condition values" + }, + { + "name": "NotEquals", + "value": "NotEquals", + "description": "Evaluates if the property does not equal any of the condition values" + }, + { + "name": "Contains", + "value": "Contains", + "description": "Evaluates if the property contains at least one of the condition values" + }, + { + "name": "NotContains", + "value": "NotContains", + "description": "Evaluates if the property does not contain any of the condition values" + }, + { + "name": "StartsWith", + "value": "StartsWith", + "description": "Evaluates if the property starts with any of the condition values" + }, + { + "name": "NotStartsWith", + "value": "NotStartsWith", + "description": "Evaluates if the property does not start with any of the condition values" + }, + { + "name": "EndsWith", + "value": "EndsWith", + "description": "Evaluates if the property ends with any of the condition values" + }, + { + "name": "NotEndsWith", + "value": "NotEndsWith", + "description": "Evaluates if the property does not end with any of the condition values" + } + ] + } + }, + "AutomationRulePropertyConditionSupportedProperty": { + "type": "string", + "description": "The property to evaluate in an automation rule property condition.", + "enum": [ + "IncidentTitle", + "IncidentDescription", + "IncidentSeverity", + "IncidentStatus", + "IncidentRelatedAnalyticRuleIds", + "IncidentTactics", + "IncidentLabel", + "IncidentProviderName", + "IncidentUpdatedBySource", + "IncidentCustomDetailsKey", + "IncidentCustomDetailsValue", + "IncidentCustomDetectionRuleIds", + "IncidentAlertTitle", + "AccountAadTenantId", + "AccountAadUserId", + "AccountName", + "AccountNTDomain", + "AccountPUID", + "AccountSid", + "AccountObjectGuid", + "AccountUPNSuffix", + "AlertProductNames", + "AlertAnalyticRuleIds", + "AzureResourceResourceId", + "AzureResourceSubscriptionId", + "CloudApplicationAppId", + "CloudApplicationAppName", + "DNSDomainName", + "FileDirectory", + "FileName", + "FileHashValue", + "HostAzureID", + "HostName", + "HostNetBiosName", + "HostNTDomain", + "HostOSVersion", + "IoTDeviceId", + "IoTDeviceName", + "IoTDeviceType", + "IoTDeviceVendor", + "IoTDeviceModel", + "IoTDeviceOperatingSystem", + "IPAddress", + "MailboxDisplayName", + "MailboxPrimaryAddress", + "MailboxUPN", + "MailMessageDeliveryAction", + "MailMessageDeliveryLocation", + "MailMessageRecipient", + "MailMessageSenderIP", + "MailMessageSubject", + "MailMessageP1Sender", + "MailMessageP2Sender", + "MalwareCategory", + "MalwareName", + "ProcessCommandLine", + "ProcessId", + "RegistryKey", + "RegistryValueData", + "Url" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedProperty", + "modelAsString": true, + "values": [ + { + "name": "IncidentTitle", + "value": "IncidentTitle", + "description": "The title of the incident" + }, + { + "name": "IncidentDescription", + "value": "IncidentDescription", + "description": "The description of the incident" + }, + { + "name": "IncidentSeverity", + "value": "IncidentSeverity", + "description": "The severity of the incident" + }, + { + "name": "IncidentStatus", + "value": "IncidentStatus", + "description": "The status of the incident" + }, + { + "name": "IncidentRelatedAnalyticRuleIds", + "value": "IncidentRelatedAnalyticRuleIds", + "description": "The related Analytic rule ids of the incident" + }, + { + "name": "IncidentTactics", + "value": "IncidentTactics", + "description": "The tactics of the incident" + }, + { + "name": "IncidentLabel", + "value": "IncidentLabel", + "description": "The labels of the incident" + }, + { + "name": "IncidentProviderName", + "value": "IncidentProviderName", + "description": "The provider name of the incident" + }, + { + "name": "IncidentUpdatedBySource", + "value": "IncidentUpdatedBySource", + "description": "The update source of the incident" + }, + { + "name": "IncidentCustomDetailsKey", + "value": "IncidentCustomDetailsKey", + "description": "The incident custom detail key" + }, + { + "name": "IncidentCustomDetailsValue", + "value": "IncidentCustomDetailsValue", + "description": "The incident custom detail value" + }, + { + "name": "IncidentCustomDetectionRuleIds", + "value": "IncidentCustomDetectionRuleIds", + "description": "The Custom-Detection rule ids associated with any of the incident alerts" + }, + { + "name": "IncidentAlertTitle", + "value": "IncidentAlertTitle", + "description": "The alert title associated with any of the incident alerts" + }, + { + "name": "AccountAadTenantId", + "value": "AccountAadTenantId", + "description": "The account Azure Active Directory tenant id" + }, + { + "name": "AccountAadUserId", + "value": "AccountAadUserId", + "description": "The account Azure Active Directory user id" + }, + { + "name": "AccountName", + "value": "AccountName", + "description": "The account name" + }, + { + "name": "AccountNTDomain", + "value": "AccountNTDomain", + "description": "The account NetBIOS domain name" + }, + { + "name": "AccountPUID", + "value": "AccountPUID", + "description": "The account Azure Active Directory Passport User ID" + }, + { + "name": "AccountSid", + "value": "AccountSid", + "description": "The account security identifier" + }, + { + "name": "AccountObjectGuid", + "value": "AccountObjectGuid", + "description": "The account unique identifier" + }, + { + "name": "AccountUPNSuffix", + "value": "AccountUPNSuffix", + "description": "The account user principal name suffix" + }, + { + "name": "AlertProductNames", + "value": "AlertProductNames", + "description": "The name of the product of the alert" + }, + { + "name": "AlertAnalyticRuleIds", + "value": "AlertAnalyticRuleIds", + "description": "The analytic rule ids of the alert" + }, + { + "name": "AzureResourceResourceId", + "value": "AzureResourceResourceId", + "description": "The Azure resource id" + }, + { + "name": "AzureResourceSubscriptionId", + "value": "AzureResourceSubscriptionId", + "description": "The Azure resource subscription id" + }, + { + "name": "CloudApplicationAppId", + "value": "CloudApplicationAppId", + "description": "The cloud application identifier" + }, + { + "name": "CloudApplicationAppName", + "value": "CloudApplicationAppName", + "description": "The cloud application name" + }, + { + "name": "DNSDomainName", + "value": "DNSDomainName", + "description": "The dns record domain name" + }, + { + "name": "FileDirectory", + "value": "FileDirectory", + "description": "The file directory full path" + }, + { + "name": "FileName", + "value": "FileName", + "description": "The file name without path" + }, + { + "name": "FileHashValue", + "value": "FileHashValue", + "description": "The file hash value" + }, + { + "name": "HostAzureID", + "value": "HostAzureID", + "description": "The host Azure resource id" + }, + { + "name": "HostName", + "value": "HostName", + "description": "The host name without domain" + }, + { + "name": "HostNetBiosName", + "value": "HostNetBiosName", + "description": "The host NetBIOS name" + }, + { + "name": "HostNTDomain", + "value": "HostNTDomain", + "description": "The host NT domain" + }, + { + "name": "HostOSVersion", + "value": "HostOSVersion", + "description": "The host operating system" + }, + { + "name": "IoTDeviceId", + "value": "IoTDeviceId", + "description": "\"The IoT device id" + }, + { + "name": "IoTDeviceName", + "value": "IoTDeviceName", + "description": "The IoT device name" + }, + { + "name": "IoTDeviceType", + "value": "IoTDeviceType", + "description": "The IoT device type" + }, + { + "name": "IoTDeviceVendor", + "value": "IoTDeviceVendor", + "description": "The IoT device vendor" + }, + { + "name": "IoTDeviceModel", + "value": "IoTDeviceModel", + "description": "The IoT device model" + }, + { + "name": "IoTDeviceOperatingSystem", + "value": "IoTDeviceOperatingSystem", + "description": "The IoT device operating system" + }, + { + "name": "IPAddress", + "value": "IPAddress", + "description": "The IP address" + }, + { + "name": "MailboxDisplayName", + "value": "MailboxDisplayName", + "description": "The mailbox display name" + }, + { + "name": "MailboxPrimaryAddress", + "value": "MailboxPrimaryAddress", + "description": "The mailbox primary address" + }, + { + "name": "MailboxUPN", + "value": "MailboxUPN", + "description": "The mailbox user principal name" + }, + { + "name": "MailMessageDeliveryAction", + "value": "MailMessageDeliveryAction", + "description": "The mail message delivery action" + }, + { + "name": "MailMessageDeliveryLocation", + "value": "MailMessageDeliveryLocation", + "description": "The mail message delivery location" + }, + { + "name": "MailMessageRecipient", + "value": "MailMessageRecipient", + "description": "The mail message recipient" + }, + { + "name": "MailMessageSenderIP", + "value": "MailMessageSenderIP", + "description": "The mail message sender IP address" + }, + { + "name": "MailMessageSubject", + "value": "MailMessageSubject", + "description": "The mail message subject" + }, + { + "name": "MailMessageP1Sender", + "value": "MailMessageP1Sender", + "description": "The mail message P1 sender" + }, + { + "name": "MailMessageP2Sender", + "value": "MailMessageP2Sender", + "description": "The mail message P2 sender" + }, + { + "name": "MalwareCategory", + "value": "MalwareCategory", + "description": "The malware category" + }, + { + "name": "MalwareName", + "value": "MalwareName", + "description": "The malware name" + }, + { + "name": "ProcessCommandLine", + "value": "ProcessCommandLine", + "description": "The process execution command line" + }, + { + "name": "ProcessId", + "value": "ProcessId", + "description": "The process id" + }, + { + "name": "RegistryKey", + "value": "RegistryKey", + "description": "The registry key path" + }, + { + "name": "RegistryValueData", + "value": "RegistryValueData", + "description": "The registry key value in string formatted representation" + }, + { + "name": "Url", + "value": "Url", + "description": "The url" + } + ] + } + }, + "AutomationRulePropertyValuesChangedCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedPropertyType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedChangedType" + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRulePropertyValuesCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedProperty", + "description": "The property to evaluate in an automation rule property condition." + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRuleRunPlaybookAction": { + "type": "object", + "description": "Describes an automation rule action to run a playbook", + "properties": { + "actionConfiguration": { + "$ref": "#/definitions/PlaybookActionProperties" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "x-ms-discriminator-value": "RunPlaybook" + }, + "AutomationRuleTriggeringLogic": { + "type": "object", + "description": "Describes automation rule triggering logic.", + "properties": { + "isEnabled": { + "type": "boolean", + "description": "Determines whether the automation rule is enabled or disabled." + }, + "expirationTimeUtc": { + "type": "string", + "format": "date-time", + "description": "Determines when the automation rule should automatically expire and be disabled." + }, + "triggersOn": { + "$ref": "#/definitions/TriggersOn" + }, + "triggersWhen": { + "$ref": "#/definitions/TriggersWhen" + }, + "conditions": { + "type": "array", + "description": "The conditions to evaluate to determine if the automation rule should be triggered on a given object.", + "maxItems": 50, + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [ + "conditionType" + ] + } + }, + "required": [ + "isEnabled", + "triggersOn", + "triggersWhen" + ] + }, + "AutomationRulesList": { + "type": "object", + "description": "Paged collection of AutomationRule items", + "properties": { + "value": { + "type": "array", + "description": "The AutomationRule items on this page", + "items": { + "$ref": "#/definitions/AutomationRule" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "Availability": { + "type": "object", + "description": "Connector Availability Status", + "properties": { + "status": { + "type": "number", + "description": "The connector Availability Status", + "enum": [ + 1 + ] + }, + "isPreview": { + "type": "boolean", + "description": "Set connector as preview" + } + } + }, + "AwsCloudTrailCheckRequirements": { + "type": "object", + "description": "Amazon Web Services CloudTrail requirements check request.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsCloudTrailDataConnector": { + "type": "object", + "description": "Represents Amazon Web Services CloudTrail data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", + "description": "Amazon Web Services CloudTrail data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsCloudTrailDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Amazon Web Services CloudTrail data connector.", + "properties": { + "logs": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypesLogs", + "description": "Logs data type." + } + }, + "required": [ + "logs" + ] + }, + "AwsCloudTrailDataConnectorDataTypesLogs": { + "type": "object", + "description": "Logs data type.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "AwsCloudTrailDataConnectorProperties": { + "type": "object", + "description": "Amazon Web Services CloudTrail data connector properties.", + "properties": { + "awsRoleArn": { + "type": "string", + "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account." + }, + "dataTypes": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ] + }, + "AwsS3CheckRequirements": { + "type": "object", + "description": "Amazon Web Services S3 requirements check request.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "AmazonWebServicesS3" + }, + "AwsS3DataConnector": { + "type": "object", + "description": "Represents Amazon Web Services S3 data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsS3DataConnectorProperties", + "description": "Amazon Web Services S3 data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "AmazonWebServicesS3" + }, + "AwsS3DataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Amazon Web Services S3 data connector.", + "properties": { + "logs": { + "$ref": "#/definitions/AwsS3DataConnectorDataTypesLogs", + "description": "Logs data type." + } + }, + "required": [ + "logs" + ] + }, + "AwsS3DataConnectorDataTypesLogs": { + "type": "object", + "description": "Logs data type.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "AwsS3DataConnectorProperties": { + "type": "object", + "description": "Amazon Web Services S3 data connector properties.", + "properties": { + "destinationTable": { + "type": "string", + "description": "The logs destination table name in LogAnalytics." + }, + "sqsUrls": { + "type": "array", + "description": "The AWS sqs urls for the connector.", + "items": { + "type": "string" + } + }, + "roleArn": { + "type": "string", + "description": "The Aws Role Arn that is used to access the Aws account." + }, + "dataTypes": { + "$ref": "#/definitions/AwsS3DataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "destinationTable", + "sqsUrls", + "roleArn", + "dataTypes" + ] + }, + "Azure.Core.uuid": { + "type": "string", + "format": "uuid", + "description": "Universally Unique Identifier" + }, + "AzureDevOpsResourceInfo": { + "type": "object", + "description": "Resources created in Azure DevOps repository.", + "properties": { + "pipelineId": { + "type": "string", + "description": "Id of the pipeline created for the source-control." + }, + "serviceConnectionId": { + "type": "string", + "description": "Id of the service-connection created for the source-control." + } + } + }, + "AzureResourceEntity": { + "type": "object", + "description": "Represents an azure resource entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AzureResourceEntityProperties", + "description": "AzureResource entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "AzureResource" + }, + "AzureResourceEntityProperties": { + "type": "object", + "description": "AzureResource entity property bag.", + "properties": { + "resourceId": { + "type": "string", + "description": "The azure resource id of the resource", + "readOnly": true + }, + "subscriptionId": { + "type": "string", + "description": "The subscription id of the resource", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "BasicAuthModel": { + "type": "object", + "description": "Model for API authentication with basic flow - user name + password.", + "properties": { + "userName": { + "type": "string", + "description": "The user name." + }, + "password": { + "type": "string", + "format": "password", + "description": "The password", + "x-ms-secret": true + } + }, + "required": [ + "userName", + "password" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "Basic" + }, + "BillingStatistic": { + "type": "object", + "description": "Billing statistic", + "properties": { + "kind": { + "$ref": "#/definitions/BillingStatisticKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Resource Etag.", + "readOnly": true + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "BillingStatisticKind": { + "type": "string", + "description": "The kind of the billing statistic", + "enum": [ + "SapSolutionUsage" + ], + "x-ms-enum": { + "name": "BillingStatisticKind", + "modelAsString": true, + "values": [ + { + "name": "SapSolutionUsage", + "value": "SapSolutionUsage", + "description": "SapSolutionUsage" + } + ] + } + }, + "BillingStatisticList": { + "type": "object", + "description": "List of all Microsoft Sentinel billing statistics.", + "properties": { + "value": { + "type": "array", + "description": "The BillingStatistic items on this page", + "items": { + "$ref": "#/definitions/BillingStatistic" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "Bookmark": { + "type": "object", + "description": "Represents a bookmark in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/BookmarkProperties", + "description": "Bookmark properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "BookmarkEntityMappings": { + "type": "object", + "description": "Describes the entity mappings of a single entity", + "properties": { + "entityType": { + "type": "string", + "description": "The entity type" + }, + "fieldMappings": { + "type": "array", + "description": "Array of fields mapping for that entity type", + "items": { + "$ref": "#/definitions/EntityFieldMapping" + }, + "x-ms-identifiers": [] + } + } + }, + "BookmarkExpandParameters": { + "type": "object", + "description": "The parameters required to execute an expand operation on the given bookmark.", + "properties": { + "endTime": { + "type": "string", + "format": "date-time", + "description": "The end date filter, so the only expansion results returned are before this date." + }, + "expansionId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The Id of the expansion to perform." + }, + "startTime": { + "type": "string", + "format": "date-time", + "description": "The start date filter, so the only expansion results returned are after this date." + } + } + }, + "BookmarkExpandResponse": { + "type": "object", + "description": "The entity expansion result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/ExpansionResultsMetadata", + "description": "The metadata from the expansion operation results." + }, + "value": { + "$ref": "#/definitions/BookmarkExpandResponseValue", + "description": "The expansion result values." + } + } + }, + "BookmarkExpandResponseValue": { + "type": "object", + "description": "The expansion result values.", + "properties": { + "entities": { + "type": "array", + "description": "Array of the expansion result entities.", + "items": { + "$ref": "#/definitions/Entity" + } + }, + "edges": { + "type": "array", + "description": "Array of expansion result connected entities", + "items": { + "$ref": "#/definitions/ConnectedEntity" + } + } + } + }, + "BookmarkList": { + "type": "object", + "description": "List all the bookmarks.", + "properties": { + "value": { + "type": "array", + "description": "The Bookmark items on this page", + "items": { + "$ref": "#/definitions/Bookmark" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "BookmarkProperties": { + "type": "object", + "description": "Describes bookmark properties", + "properties": { + "created": { + "type": "string", + "format": "date-time", + "description": "The time the bookmark was created" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark" + }, + "displayName": { + "type": "string", + "description": "The display name of the bookmark" + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this bookmark", + "items": { + "type": "string" + } + }, + "notes": { + "type": "string", + "description": "The notes of the bookmark" + }, + "query": { + "type": "string", + "description": "The query of the bookmark." + }, + "queryResult": { + "type": "string", + "description": "The query result of the bookmark." + }, + "updated": { + "type": "string", + "format": "date-time", + "description": "The last time the bookmark was updated" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark" + }, + "eventTime": { + "type": "string", + "format": "date-time", + "description": "The bookmark event time" + }, + "queryStartTime": { + "type": "string", + "format": "date-time", + "description": "The start time for the query" + }, + "queryEndTime": { + "type": "string", + "format": "date-time", + "description": "The end time for the query" + }, + "incidentInfo": { + "$ref": "#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark" + }, + "entityMappings": { + "type": "array", + "description": "Describes the entity mappings of the bookmark", + "items": { + "$ref": "#/definitions/BookmarkEntityMappings" + } + }, + "tactics": { + "type": "array", + "description": "A list of relevant mitre attacks", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "A list of relevant mitre techniques", + "items": { + "type": "string" + } + } + }, + "required": [ + "displayName", + "query" + ] + }, + "BookmarkTimelineItem": { + "type": "object", + "description": "Represents bookmark timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The bookmark azure resource id." + }, + "displayName": { + "type": "string", + "description": "The bookmark display name." + }, + "notes": { + "type": "string", + "description": "The notes of the bookmark" + }, + "endTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The bookmark end time." + }, + "startTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The bookmark start time." + }, + "eventTime": { + "type": "string", + "format": "date-time", + "description": "The bookmark event time." + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark" + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this bookmark", + "items": { + "type": "string" + } + } + }, + "required": [ + "azureResourceId" + ], + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "x-ms-discriminator-value": "Bookmark" + }, + "BooleanConditionProperties": { + "type": "object", + "description": "Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions", + "properties": { + "conditionProperties": { + "$ref": "#/definitions/AutomationRuleBooleanCondition" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "x-ms-discriminator-value": "Boolean" + }, + "CcpAuthConfig": { + "type": "object", + "description": "Base Model for API authentication.", + "properties": { + "type": { + "$ref": "#/definitions/CcpAuthType", + "description": "The auth type" + } + }, + "discriminator": "type", + "required": [ + "type" + ] + }, + "CcpAuthType": { + "type": "string", + "description": "Type of paging", + "enum": [ + "Basic", + "APIKey", + "OAuth2", + "AWS", + "GCP", + "Session", + "JwtToken", + "GitHub", + "ServiceBus", + "Oracle", + "None" + ], + "x-ms-enum": { + "name": "CcpAuthType", + "modelAsString": true, + "values": [ + { + "name": "Basic", + "value": "Basic", + "description": "Basic" + }, + { + "name": "APIKey", + "value": "APIKey", + "description": "APIKey" + }, + { + "name": "OAuth2", + "value": "OAuth2", + "description": "OAuth2" + }, + { + "name": "AWS", + "value": "AWS", + "description": "AWS" + }, + { + "name": "GCP", + "value": "GCP", + "description": "GCP" + }, + { + "name": "Session", + "value": "Session", + "description": "Session" + }, + { + "name": "JwtToken", + "value": "JwtToken", + "description": "JwtToken" + }, + { + "name": "GitHub", + "value": "GitHub", + "description": "GitHub" + }, + { + "name": "ServiceBus", + "value": "ServiceBus", + "description": "ServiceBus" + }, + { + "name": "Oracle", + "value": "Oracle", + "description": "Oracle" + }, + { + "name": "None", + "value": "None", + "description": "None" + } + ] + } + }, + "CcpResponseConfig": { + "type": "object", + "description": "A custom response configuration for a rule.", + "properties": { + "eventsJsonPaths": { + "type": "array", + "description": "The json paths, '$' char is the json root.", + "items": { + "type": "string" + } + }, + "successStatusJsonPath": { + "type": "string", + "description": "The value where the status message/code should appear in the response." + }, + "successStatusValue": { + "type": "string", + "description": "The status value.", + "x-nullable": true + }, + "isGzipCompressed": { + "type": "boolean", + "description": "The value indicating whether the remote server support Gzip and we should expect Gzip response." + }, + "compressionAlgo": { + "type": "string", + "description": "The compression algorithm. For Example: 'gzip', 'multi-gzip', 'deflate'.", + "default": "gzip" + }, + "format": { + "type": "string", + "description": "The response format. possible values are json,csv,xml", + "default": "json" + }, + "csvDelimiter": { + "type": "string", + "description": "The csv delimiter, in case the response format is CSV." + }, + "hasCsvBoundary": { + "type": "boolean", + "description": "The value indicating whether the response has CSV boundary in case the response in CSV format.", + "x-nullable": true + }, + "hasCsvHeader": { + "type": "boolean", + "description": "The value indicating whether the response has headers in case the response in CSV format.", + "x-nullable": true + }, + "convertChildPropertiesToArray": { + "type": "boolean", + "description": "The value indicating whether the response isn't an array of events / logs. By setting this flag to true it means the remote server will response with an object which each property has as a value an array of events / logs.", + "x-nullable": true + }, + "csvEscape": { + "type": "string", + "description": "The character used to escape characters in CSV.", + "default": "\"", + "minLength": 1, + "maxLength": 1, + "x-nullable": true + } + }, + "required": [ + "eventsJsonPaths" + ] + }, + "ClientInfo": { + "type": "object", + "description": "Information on the client (user or application) that made some action", + "properties": { + "email": { + "type": "string", + "description": "The email of the client." + }, + "name": { + "type": "string", + "description": "The name of the client." + }, + "objectId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The object id of the client." + }, + "userPrincipalName": { + "type": "string", + "description": "The user principal name of the client." + } + } + }, + "CloudApplicationEntity": { + "type": "object", + "description": "Represents a cloud application entity.", + "properties": { + "properties": { + "$ref": "#/definitions/CloudApplicationEntityProperties", + "description": "CloudApplication entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "CloudApplication" + }, + "CloudApplicationEntityProperties": { + "type": "object", + "description": "CloudApplication entity property bag.", + "properties": { + "appId": { + "type": "integer", + "format": "int32", + "description": "The technical identifier of the application.", + "readOnly": true + }, + "appName": { + "type": "string", + "description": "The name of the related cloud application.", + "readOnly": true + }, + "instanceName": { + "type": "string", + "description": "The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "CloudError": { + "type": "object", + "description": "Error response structure.", + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody", + "description": "Error data" + } + } + }, + "CloudErrorBody": { + "type": "object", + "description": "Error details.", + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", + "readOnly": true + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface.", + "readOnly": true + } + } + }, + "CodelessApiPollingDataConnector": { + "type": "object", + "description": "Represents Codeless API Polling data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ApiPollingParameters", + "description": "Codeless poling data connector properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "APIPolling" + }, + "CodelessConnectorPollingAuthProperties": { + "type": "object", + "description": "Describe the authentication properties needed to successfully authenticate with the server", + "properties": { + "authType": { + "type": "string", + "description": "The authentication type" + }, + "apiKeyName": { + "type": "string", + "description": "The header name which the token is sent with" + }, + "apiKeyIdentifier": { + "type": "string", + "description": "A prefix send in the header before the actual token" + }, + "isApiKeyInPostPayload": { + "type": "string", + "description": "Marks if the key should sent in header" + }, + "flowName": { + "type": "string", + "description": "Describes the flow name, for example 'AuthCode' for Oauth 2.0" + }, + "tokenEndpoint": { + "type": "string", + "description": "The endpoint used to issue a token, used in Oauth 2.0 flow" + }, + "authorizationEndpoint": { + "type": "string", + "description": "The endpoint used to authorize the user, used in Oauth 2.0 flow" + }, + "authorizationEndpointQueryParameters": { + "description": "The query parameters used in authorization request, used in Oauth 2.0 flow" + }, + "redirectionEndpoint": { + "type": "string", + "description": "The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow" + }, + "tokenEndpointHeaders": { + "description": "The query headers used in token request, used in Oauth 2.0 flow" + }, + "tokenEndpointQueryParameters": { + "description": "The query parameters used in token request, used in Oauth 2.0 flow" + }, + "isClientSecretInHeader": { + "type": "boolean", + "description": "Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow" + }, + "scope": { + "type": "string", + "description": "The OAuth token scope" + } + }, + "required": [ + "authType" + ] + }, + "CodelessConnectorPollingConfigProperties": { + "type": "object", + "description": "Config to describe the polling config for API poller connector", + "properties": { + "isActive": { + "type": "boolean", + "description": "The poller active status" + }, + "auth": { + "$ref": "#/definitions/CodelessConnectorPollingAuthProperties", + "description": "Describe the authentication type of the poller" + }, + "request": { + "$ref": "#/definitions/CodelessConnectorPollingRequestProperties", + "description": "Describe the poll request config parameters of the poller" + }, + "paging": { + "$ref": "#/definitions/CodelessConnectorPollingPagingProperties", + "description": "Describe the poll request paging config of the poller" + }, + "response": { + "$ref": "#/definitions/CodelessConnectorPollingResponseProperties", + "description": "Describe the response config parameters of the poller" + } + }, + "required": [ + "auth", + "request" + ] + }, + "CodelessConnectorPollingPagingProperties": { + "type": "object", + "description": "Describe the properties needed to make a pagination call", + "properties": { + "pagingType": { + "type": "string", + "description": "Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'" + }, + "nextPageParaName": { + "type": "string", + "description": "Defines the name of a next page attribute" + }, + "nextPageTokenJsonPath": { + "type": "string", + "description": "Defines the path to a next page token JSON" + }, + "pageCountAttributePath": { + "type": "string", + "description": "Defines the path to a page count attribute" + }, + "pageTotalCountAttributePath": { + "type": "string", + "description": "Defines the path to a page total count attribute" + }, + "pageTimeStampAttributePath": { + "type": "string", + "description": "Defines the path to a paging time stamp attribute" + }, + "searchTheLatestTimeStampFromEventsList": { + "type": "string", + "description": "Determines whether to search for the latest time stamp in the events list" + }, + "pageSizeParaName": { + "type": "string", + "description": "Defines the name of the page size parameter" + }, + "pageSize": { + "type": "integer", + "format": "int32", + "description": "Defines the paging size" + } + }, + "required": [ + "pagingType" + ] + }, + "CodelessConnectorPollingRequestProperties": { + "type": "object", + "description": "Describe the request properties needed to successfully pull from the server", + "properties": { + "apiEndpoint": { + "type": "string", + "description": "Describe the endpoint we should pull the data from" + }, + "rateLimitQps": { + "type": "integer", + "format": "int32", + "description": "Defines the rate limit QPS" + }, + "queryWindowInMin": { + "type": "integer", + "format": "int32", + "description": "The window interval we will use the pull the data" + }, + "httpMethod": { + "type": "string", + "description": "The http method type we will use in the poll request, GET or POST" + }, + "queryTimeFormat": { + "type": "string", + "description": "The time format will be used the query events in a specific window" + }, + "retryCount": { + "type": "integer", + "format": "int32", + "description": "Describe the amount of time we should try and poll the data in case of failure" + }, + "timeoutInSeconds": { + "type": "integer", + "format": "int32", + "description": "The number of seconds we will consider as a request timeout" + }, + "headers": { + "description": "Describe the headers sent in the poll request" + }, + "queryParameters": { + "description": "Describe the query parameters sent in the poll request" + }, + "queryParametersTemplate": { + "type": "string", + "description": "For advanced scenarios for example user name/password embedded in nested JSON payload" + }, + "startTimeAttributeName": { + "type": "string", + "description": "This will be used the query events from a start of the time window" + }, + "endTimeAttributeName": { + "type": "string", + "description": "This will be used the query events from the end of the time window" + } + }, + "required": [ + "apiEndpoint", + "queryWindowInMin", + "httpMethod", + "queryTimeFormat" + ] + }, + "CodelessConnectorPollingResponseProperties": { + "type": "object", + "description": "Describes the response from the external server", + "properties": { + "eventsJsonPaths": { + "type": "array", + "description": "Describes the path we should extract the data in the response", + "items": { + "type": "string" + } + }, + "successStatusJsonPath": { + "type": "string", + "description": "Describes the path we should extract the status code in the response" + }, + "successStatusValue": { + "type": "string", + "description": "Describes the path we should extract the status value in the response" + }, + "isGzipCompressed": { + "type": "boolean", + "description": "Describes if the data in the response is Gzip" + } + }, + "required": [ + "eventsJsonPaths" + ] + }, + "CodelessParameters": { + "type": "object", + "description": "Represents Codeless UI data connector", + "properties": { + "connectorUiConfig": { + "$ref": "#/definitions/CodelessUiConnectorConfigProperties", + "description": "Config to describe the instructions blade" + } + } + }, + "CodelessUiConnectorConfigProperties": { + "type": "object", + "description": "Config to describe the instructions blade", + "properties": { + "title": { + "type": "string", + "description": "Connector blade title" + }, + "publisher": { + "type": "string", + "description": "Connector publisher name" + }, + "descriptionMarkdown": { + "type": "string", + "description": "Connector description" + }, + "customImage": { + "type": "string", + "description": "An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery" + }, + "graphQueriesTableName": { + "type": "string", + "description": "Name of the table the connector will insert the data to" + }, + "graphQueries": { + "type": "array", + "description": "The graph query to show the current data status", + "items": { + "$ref": "#/definitions/CodelessUiConnectorConfigPropertiesGraphQueriesItem" + }, + "x-ms-identifiers": [] + }, + "sampleQueries": { + "type": "array", + "description": "The sample queries for the connector", + "items": { + "$ref": "#/definitions/CodelessUiConnectorConfigPropertiesSampleQueriesItem" + }, + "x-ms-identifiers": [] + }, + "dataTypes": { + "type": "array", + "description": "Data types to check for last data received", + "items": { + "$ref": "#/definitions/CodelessUiConnectorConfigPropertiesDataTypesItem" + }, + "x-ms-identifiers": [] + }, + "connectivityCriteria": { + "type": "array", + "description": "Define the way the connector check connectivity", + "items": { + "$ref": "#/definitions/CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem" + }, + "x-ms-identifiers": [] + }, + "availability": { + "$ref": "#/definitions/Availability", + "description": "Connector Availability Status" + }, + "permissions": { + "$ref": "#/definitions/Permissions", + "description": "Permissions required for the connector" + }, + "instructionSteps": { + "type": "array", + "description": "Instruction steps to enable the connector", + "items": { + "$ref": "#/definitions/CodelessUiConnectorConfigPropertiesInstructionStepsItem" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "title", + "publisher", + "descriptionMarkdown", + "graphQueriesTableName", + "graphQueries", + "sampleQueries", + "dataTypes", + "connectivityCriteria", + "availability", + "permissions", + "instructionSteps" + ] + }, + "CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem": { + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ConnectivityCriteria" + } + ] + }, + "CodelessUiConnectorConfigPropertiesDataTypesItem": { + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/LastDataReceivedDataType" + } + ] + }, + "CodelessUiConnectorConfigPropertiesGraphQueriesItem": { + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/GraphQueries" + } + ] + }, + "CodelessUiConnectorConfigPropertiesInstructionStepsItem": { + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/InstructionSteps" + } + ] + }, + "CodelessUiConnectorConfigPropertiesSampleQueriesItem": { + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/SampleQueries" + } + ] + }, + "CodelessUiDataConnector": { + "type": "object", + "description": "Represents Codeless UI data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/CodelessParameters", + "description": "Codeless UI data connector properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "GenericUI" + }, + "ConditionClause": { + "type": "object", + "description": "Represents a single clause to be evaluated by a NormalizedCondition.", + "properties": { + "clauseConnective": { + "$ref": "#/definitions/Connective", + "description": "The connective used to join all values in this ConditionClause", + "readOnly": true + }, + "field": { + "type": "string", + "description": "The name of the field that is evaluated." + }, + "operator": { + "$ref": "#/definitions/Operator", + "description": "Represents an operator in a ConditionClause." + }, + "values": { + "type": "array", + "description": "The top level connective operator for this condition.", + "items": { + "type": "string" + } + } + }, + "required": [ + "field", + "operator", + "values" + ] + }, + "ConditionProperties": { + "type": "object", + "description": "Represents a condition used to query for TI objects.", + "properties": { + "stixObjectType": { + "type": "string", + "description": "The STIX type for the objects returned by this query.", + "readOnly": true + }, + "clauses": { + "type": "array", + "description": "The list of clauses to be evaluated in disjunction or conjunction base on the specified top level connective operator.", + "items": { + "$ref": "#/definitions/ConditionClause" + } + }, + "conditionConnective": { + "$ref": "#/definitions/Connective", + "description": "The top level connective operator for this condition.", + "readOnly": true + } + }, + "required": [ + "clauses" + ] + }, + "ConditionType": { + "type": "string", + "enum": [ + "Property", + "PropertyArray", + "PropertyChanged", + "PropertyArrayChanged", + "Boolean" + ], + "x-ms-enum": { + "name": "ConditionType", + "modelAsString": true, + "values": [ + { + "name": "Property", + "value": "Property", + "description": "Evaluate an object property value" + }, + { + "name": "PropertyArray", + "value": "PropertyArray", + "description": "Evaluate an object array property value" + }, + { + "name": "PropertyChanged", + "value": "PropertyChanged", + "description": "Evaluate an object property changed value" + }, + { + "name": "PropertyArrayChanged", + "value": "PropertyArrayChanged", + "description": "Evaluate an object array property changed value" + }, + { + "name": "Boolean", + "value": "Boolean", + "description": "Apply a boolean operator (e.g AND, OR) to conditions" + } + ] + } + }, + "ConfidenceLevel": { + "type": "string", + "description": "The confidence level of this alert.", + "enum": [ + "Unknown", + "Low", + "High" + ], + "x-ms-enum": { + "name": "ConfidenceLevel", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown confidence, the is the default value" + }, + { + "name": "Low", + "value": "Low", + "description": "Low confidence, meaning we have some doubts this is indeed malicious or part of an attack" + }, + { + "name": "High", + "value": "High", + "description": "High confidence that the alert is true positive malicious" + } + ] + } + }, + "ConfidenceScoreStatus": { + "type": "string", + "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", + "enum": [ + "NotApplicable", + "InProcess", + "NotFinal", + "Final" + ], + "x-ms-enum": { + "name": "ConfidenceScoreStatus", + "modelAsString": true, + "values": [ + { + "name": "NotApplicable", + "value": "NotApplicable", + "description": "Score will not be calculated for this alert as it is not supported by virtual analyst" + }, + { + "name": "InProcess", + "value": "InProcess", + "description": "No score was set yet and calculation is in progress" + }, + { + "name": "NotFinal", + "value": "NotFinal", + "description": "Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data" + }, + { + "name": "Final", + "value": "Final", + "description": "Final score was calculated and available" + } + ] + } + }, + "ConnectAuthKind": { + "type": "string", + "description": "The authentication kind used to poll the data", + "enum": [ + "Basic", + "OAuth2", + "APIKey" + ], + "x-ms-enum": { + "name": "ConnectAuthKind", + "modelAsString": true, + "values": [ + { + "name": "Basic", + "value": "Basic", + "description": "Basic" + }, + { + "name": "OAuth2", + "value": "OAuth2", + "description": "OAuth2" + }, + { + "name": "APIKey", + "value": "APIKey", + "description": "APIKey" + } + ] + } + }, + "ConnectedEntity": { + "type": "object", + "description": "Expansion result connected entities", + "properties": { + "targetEntityId": { + "type": "string", + "description": "Entity Id of the connected entity" + }, + "additionalData": { + "description": "key-value pairs for a connected entity mapping" + } + } + }, + "Connective": { + "type": "string", + "description": "Represents boolean connectives used to join clauses in conditions.", + "enum": [ + "And", + "Or" + ], + "x-ms-enum": { + "name": "Connective", + "modelAsString": true, + "values": [ + { + "name": "And", + "value": "And", + "description": "'And' connective" + }, + { + "name": "Or", + "value": "Or", + "description": "'Or' connective" + } + ] + } + }, + "ConnectivityCriteria": { + "type": "object", + "description": "Setting for the connector check connectivity", + "properties": { + "type": { + "$ref": "#/definitions/ConnectivityType", + "description": "type of connectivity" + }, + "value": { + "type": "array", + "description": "Queries for checking connectivity", + "items": { + "type": "string" + } + } + } + }, + "ConnectivityCriterion": { + "type": "object", + "description": "The criteria by which we determine whether the connector is connected or not.\nFor Example, use a KQL query to check if the expected data type is flowing).", + "properties": { + "type": { + "type": "string", + "description": "Gets or sets the type of connectivity." + }, + "value": { + "type": "array", + "description": "Gets or sets the queries for checking connectivity.", + "items": { + "type": "string" + } + } + }, + "required": [ + "type" + ] + }, + "ConnectivityType": { + "type": "string", + "description": "type of connectivity", + "enum": [ + "IsConnectedQuery" + ], + "x-ms-enum": { + "name": "ConnectivityType", + "modelAsString": true, + "values": [ + { + "name": "IsConnectedQuery", + "value": "IsConnectedQuery", + "description": "IsConnectedQuery" + } + ] + } + }, + "ConnectorDataType": { + "type": "object", + "description": "The data type which is created by the connector,\nincluding a query indicated when was the last time that data type was received in the workspace.", + "properties": { + "name": { + "type": "string", + "description": "Gets or sets the name of the data type to show in the graph." + }, + "lastDataReceivedQuery": { + "type": "string", + "description": "Gets or sets the query to indicate when relevant data was last received in the workspace." + } + }, + "required": [ + "name", + "lastDataReceivedQuery" + ] + }, + "ConnectorDefinitionsAvailability": { + "type": "object", + "description": "The exposure status of the connector to the customers.", + "properties": { + "status": { + "type": "integer", + "format": "int32", + "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." + }, + "isPreview": { + "type": "boolean", + "description": "Gets or sets a value indicating whether the connector is preview." + } + } + }, + "ConnectorDefinitionsPermissions": { + "type": "object", + "description": "The required Permissions for the connector.", + "properties": { + "tenant": { + "type": "array", + "description": "Gets or sets the required tenant permissions for the connector.", + "items": { + "type": "string" + } + }, + "licenses": { + "type": "array", + "description": "Gets or sets the required licenses for the user to create connections.", + "items": { + "type": "string" + } + }, + "resourceProvider": { + "type": "array", + "description": "Gets or sets the resource provider permissions required for the user to create connections.", + "items": { + "$ref": "#/definitions/ConnectorDefinitionsResourceProvider" + }, + "x-ms-identifiers": [] + }, + "customs": { + "type": "array", + "description": "Gets or sets the customs permissions required for the user to create connections.", + "items": { + "$ref": "#/definitions/CustomPermissionDetails" + }, + "x-ms-identifiers": [] + } + } + }, + "ConnectorDefinitionsResourceProvider": { + "type": "object", + "description": "The resource provider details include the required permissions for the user to create connections.\nThe user should have the required permissions(Read\\Write, ..) in the specified scope ProviderPermissionsScope against the specified resource provider.", + "properties": { + "provider": { + "type": "string", + "description": "Gets or sets the provider name." + }, + "permissionsDisplayText": { + "type": "string", + "description": "Gets or sets the permissions description text." + }, + "providerDisplayName": { + "type": "string", + "description": "Gets or sets the permissions provider display name." + }, + "scope": { + "$ref": "#/definitions/ProviderPermissionsScope", + "description": "The scope on which the user should have permissions, in order to be able to create connections." + }, + "requiredPermissions": { + "$ref": "#/definitions/ResourceProviderRequiredPermissions", + "description": "Required permissions for the connector resource provider that define in ResourceProviders.\nFor more information about the permissions see here." + } + }, + "required": [ + "provider", + "permissionsDisplayText", + "providerDisplayName", + "scope", + "requiredPermissions" + ] + }, + "ConnectorInstructionModelBase": { + "type": "object", + "description": "Instruction step details", + "properties": { + "parameters": { + "description": "The parameters for the setting" + }, + "type": { + "$ref": "#/definitions/SettingType", + "description": "The kind of the setting" + } + }, + "required": [ + "type" + ] + }, + "ContentType": { + "type": "string", + "description": "The content type of a source control path.", + "enum": [ + "AnalyticsRule", + "AutomationRule", + "HuntingQuery", + "Parser", + "Playbook", + "Workbook" + ], + "x-ms-enum": { + "name": "ContentType", + "modelAsString": true, + "values": [ + { + "name": "AnalyticsRule", + "value": "AnalyticsRule", + "description": "AnalyticsRule" + }, + { + "name": "AutomationRule", + "value": "AutomationRule", + "description": "AutomationRule" + }, + { + "name": "HuntingQuery", + "value": "HuntingQuery", + "description": "HuntingQuery" + }, + { + "name": "Parser", + "value": "Parser", + "description": "Parser" + }, + { + "name": "Playbook", + "value": "Playbook", + "description": "Playbook" + }, + { + "name": "Workbook", + "value": "Workbook", + "description": "Workbook" + } + ] + } + }, + "CountQuery": { + "type": "object", + "description": "Represents a query to run on the TI objects in the workspace.", + "properties": { + "properties": { + "$ref": "#/definitions/QueryProperties", + "description": "Query properties", + "x-ms-client-flatten": true + } + } + }, + "CreatedByType": { + "type": "string", + "description": "The type of identity that created the resource.", + "enum": [ + "User", + "Application", + "ManagedIdentity", + "Key" + ], + "x-ms-enum": { + "name": "CreatedByType", + "modelAsString": true, + "values": [ + { + "name": "User", + "value": "User", + "description": "User" + }, + { + "name": "Application", + "value": "Application", + "description": "Application" + }, + { + "name": "ManagedIdentity", + "value": "ManagedIdentity", + "description": "ManagedIdentity" + }, + { + "name": "Key", + "value": "Key", + "description": "Key" + } + ] + } + }, + "CustomEntityQuery": { + "type": "object", + "description": "Specific entity query that supports put requests.", + "properties": { + "kind": { + "$ref": "#/definitions/CustomEntityQueryKind", + "description": "the entity query kind" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ] + }, + "CustomEntityQueryKind": { + "type": "string", + "description": "The kind of the entity query that supports put request.", + "enum": [ + "Activity" + ], + "x-ms-enum": { + "name": "CustomEntityQueryKind", + "modelAsString": true, + "values": [ + { + "name": "Activity", + "value": "Activity", + "description": "Activity" + } + ] + } + }, + "CustomPermissionDetails": { + "type": "object", + "description": "The Custom permissions required for the connector.", + "properties": { + "name": { + "type": "string", + "description": "Gets or sets the custom permissions name." + }, + "description": { + "type": "string", + "description": "Gets or sets the custom permissions description." + } + }, + "required": [ + "name", + "description" + ] + }, + "CustomizableConnectionsConfig": { + "type": "object", + "description": "The UiConfig for 'Customizable' connector definition kind.", + "properties": { + "templateSpecName": { + "type": "string", + "description": "Gets or sets the template name. The template includes ARM templates that can be created by the connector, usually it will be the dataConnectors ARM templates." + }, + "templateSpecVersion": { + "type": "string", + "description": "Gets or sets the template version." + } + }, + "required": [ + "templateSpecName", + "templateSpecVersion" + ] + }, + "CustomizableConnectorDefinition": { + "type": "object", + "description": "Connector definition for kind 'Customizable'.", + "properties": { + "properties": { + "$ref": "#/definitions/CustomizableConnectorDefinitionProperties", + "description": "Customizable properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDefinition" + } + ], + "x-ms-discriminator-value": "Customizable" + }, + "CustomizableConnectorDefinitionProperties": { + "type": "object", + "description": "The UiConfig for 'Customizable' connector definition kind.", + "properties": { + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "Gets or sets the connector definition created date in UTC format." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "Gets or sets the connector definition last modified date in UTC format." + }, + "connectorUiConfig": { + "$ref": "#/definitions/CustomizableConnectorUiConfig", + "description": "The UiConfig for 'Customizable' connector definition kind." + }, + "connectionsConfig": { + "$ref": "#/definitions/CustomizableConnectionsConfig", + "description": "The UiConfig for 'Customizable' connector definition kind." + } + }, + "required": [ + "connectorUiConfig" + ] + }, + "CustomizableConnectorUiConfig": { + "type": "object", + "description": "The UiConfig for 'Customizable' connector definition kind.", + "properties": { + "id": { + "type": "string", + "description": "Gets or sets custom connector id. optional field." + }, + "title": { + "type": "string", + "description": "Gets or sets the connector blade title." + }, + "publisher": { + "type": "string", + "description": "Gets or sets the connector publisher name." + }, + "descriptionMarkdown": { + "type": "string", + "description": "Gets or sets the connector description in markdown format." + }, + "graphQueries": { + "type": "array", + "description": "Gets or sets the graph queries to show the current data volume over time.", + "items": { + "$ref": "#/definitions/GraphQuery" + }, + "x-ms-identifiers": [] + }, + "dataTypes": { + "type": "array", + "description": "Gets or sets the data types to check for last data received.", + "items": { + "$ref": "#/definitions/ConnectorDataType" + }, + "x-ms-identifiers": [] + }, + "connectivityCriteria": { + "type": "array", + "description": "Gets or sets the way the connector checks whether the connector is connected.", + "items": { + "$ref": "#/definitions/ConnectivityCriterion" + }, + "x-ms-identifiers": [] + }, + "availability": { + "$ref": "#/definitions/ConnectorDefinitionsAvailability", + "description": "The exposure status of the connector to the customers." + }, + "permissions": { + "$ref": "#/definitions/ConnectorDefinitionsPermissions", + "description": "The required Permissions for the connector." + }, + "instructionSteps": { + "type": "array", + "description": "Gets or sets the instruction steps to enable the connector.", + "items": { + "$ref": "#/definitions/InstructionStep" + }, + "x-ms-identifiers": [] + }, + "logo": { + "type": "string", + "description": "Gets or sets the connector logo to be used when displaying the connector within Azure Sentinel's connector's gallery.\nThe logo value should be in SVG format." + }, + "isConnectivityCriteriasMatchSome": { + "type": "boolean", + "description": "Gets or sets a value indicating whether to use 'OR'(SOME) or 'AND' between ConnectivityCriteria items." + } + }, + "required": [ + "title", + "publisher", + "descriptionMarkdown", + "graphQueries", + "dataTypes", + "connectivityCriteria", + "permissions", + "instructionSteps" + ] + }, + "Customs": { + "type": "object", + "description": "Customs permissions required for the connector", + "allOf": [ + { + "$ref": "#/definitions/CustomsPermission" + } + ] + }, + "CustomsPermission": { + "type": "object", + "description": "Customs permissions required for the connector", + "properties": { + "name": { + "type": "string", + "description": "Customs permissions name" + }, + "description": { + "type": "string", + "description": "Customs permissions description" + } + } + }, + "DCRConfiguration": { + "type": "object", + "description": "The configuration of the destination of the data.", + "properties": { + "dataCollectionEndpoint": { + "type": "string", + "description": "Represents the data collection ingestion endpoint in log analytics." + }, + "dataCollectionRuleImmutableId": { + "type": "string", + "description": "The data collection rule immutable id, the rule defines the transformation and data destination." + }, + "streamName": { + "type": "string", + "description": "The stream we are sending the data to." + } + }, + "required": [ + "dataCollectionEndpoint", + "dataCollectionRuleImmutableId", + "streamName" + ] + }, + "DataConnector": { + "type": "object", + "description": "Data connector", + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "DataConnectorAuthorizationState": { + "type": "string", + "description": "Describes the state of user's authorization for a connector kind.", + "enum": [ + "Valid", + "Invalid" + ], + "x-ms-enum": { + "name": "DataConnectorAuthorizationState", + "modelAsString": true, + "values": [ + { + "name": "Valid", + "value": "Valid", + "description": "Valid" + }, + { + "name": "Invalid", + "value": "Invalid", + "description": "Invalid" + } + ] + } + }, + "DataConnectorConnectBody": { + "type": "object", + "description": "Represents Codeless API Polling data connector.", + "properties": { + "kind": { + "$ref": "#/definitions/ConnectAuthKind", + "description": "The authentication kind used to poll the data" + }, + "apiKey": { + "type": "string", + "format": "password", + "description": "The API key of the audit server.", + "x-ms-secret": true + }, + "dataCollectionEndpoint": { + "type": "string", + "description": "Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics." + }, + "dataCollectionRuleImmutableId": { + "type": "string", + "description": "Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination." + }, + "outputStream": { + "type": "string", + "description": "Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in the DCR." + }, + "clientSecret": { + "type": "string", + "description": "The client secret of the OAuth 2.0 application." + }, + "clientId": { + "type": "string", + "description": "The client id of the OAuth 2.0 application." + }, + "authorizationCode": { + "type": "string", + "description": "The authorization code used in OAuth 2.0 code flow to issue a token." + }, + "userName": { + "type": "string", + "description": "The user name in the audit log server." + }, + "password": { + "type": "string", + "format": "password", + "description": "The user password in the audit log server.", + "x-ms-secret": true + }, + "requestConfigUserInputValues": { + "type": "array", + "items": {} + } + } + }, + "DataConnectorDataTypeCommon": { + "type": "object", + "description": "Common field for data type in data connectors.", + "properties": { + "state": { + "$ref": "#/definitions/DataTypeState", + "description": "Describe whether this data type connection is enabled or not." + } + }, + "required": [ + "state" + ] + }, + "DataConnectorDefinition": { + "type": "object", + "description": "An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal,\nand the info required to define data connections.", + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorDefinitionKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "DataConnectorDefinitionArmCollectionWrapper": { + "type": "object", + "description": "Encapsulate the data connector definition object", + "properties": { + "value": { + "type": "array", + "description": "The DataConnectorDefinition items on this page", + "items": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "DataConnectorDefinitionKind": { + "type": "string", + "description": "The kind of the data connector definitions", + "enum": [ + "Customizable" + ], + "x-ms-enum": { + "name": "DataConnectorDefinitionKind", + "modelAsString": true, + "values": [ + { + "name": "Customizable", + "value": "Customizable", + "description": "Customizable" + } + ] + } + }, + "DataConnectorKind": { + "type": "string", + "description": "The kind of the data connector", + "enum": [ + "AzureActiveDirectory", + "AzureSecurityCenter", + "MicrosoftCloudAppSecurity", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "Office365", + "OfficeATP", + "OfficeIRM", + "Office365Project", + "MicrosoftPurviewInformationProtection", + "OfficePowerBI", + "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", + "Dynamics365", + "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", + "PremiumMicrosoftDefenderForThreatIntelligence", + "GenericUI", + "APIPolling", + "IOT", + "GCP", + "RestApiPoller", + "PurviewAudit" + ], + "x-ms-enum": { + "name": "DataConnectorKind", + "modelAsString": true, + "values": [ + { + "name": "AzureActiveDirectory", + "value": "AzureActiveDirectory", + "description": "AzureActiveDirectory" + }, + { + "name": "AzureSecurityCenter", + "value": "AzureSecurityCenter", + "description": "AzureSecurityCenter" + }, + { + "name": "MicrosoftCloudAppSecurity", + "value": "MicrosoftCloudAppSecurity", + "description": "MicrosoftCloudAppSecurity" + }, + { + "name": "ThreatIntelligence", + "value": "ThreatIntelligence", + "description": "ThreatIntelligence" + }, + { + "name": "ThreatIntelligenceTaxii", + "value": "ThreatIntelligenceTaxii", + "description": "ThreatIntelligenceTaxii" + }, + { + "name": "Office365", + "value": "Office365", + "description": "Office365" + }, + { + "name": "OfficeATP", + "value": "OfficeATP", + "description": "OfficeATP" + }, + { + "name": "OfficeIRM", + "value": "OfficeIRM", + "description": "OfficeIRM" + }, + { + "name": "Office365Project", + "value": "Office365Project", + "description": "Office365Project" + }, + { + "name": "MicrosoftPurviewInformationProtection", + "value": "MicrosoftPurviewInformationProtection", + "description": "MicrosoftPurviewInformationProtection" + }, + { + "name": "OfficePowerBI", + "value": "OfficePowerBI", + "description": "OfficePowerBI" + }, + { + "name": "AmazonWebServicesCloudTrail", + "value": "AmazonWebServicesCloudTrail", + "description": "AmazonWebServicesCloudTrail" + }, + { + "name": "AmazonWebServicesS3", + "value": "AmazonWebServicesS3", + "description": "AmazonWebServicesS3" + }, + { + "name": "AzureAdvancedThreatProtection", + "value": "AzureAdvancedThreatProtection", + "description": "AzureAdvancedThreatProtection" + }, + { + "name": "MicrosoftDefenderAdvancedThreatProtection", + "value": "MicrosoftDefenderAdvancedThreatProtection", + "description": "MicrosoftDefenderAdvancedThreatProtection" + }, + { + "name": "Dynamics365", + "value": "Dynamics365", + "description": "Dynamics365" + }, + { + "name": "MicrosoftThreatProtection", + "value": "MicrosoftThreatProtection", + "description": "MicrosoftThreatProtection" + }, + { + "name": "MicrosoftThreatIntelligence", + "value": "MicrosoftThreatIntelligence", + "description": "MicrosoftThreatIntelligence" + }, + { + "name": "PremiumMicrosoftDefenderForThreatIntelligence", + "value": "PremiumMicrosoftDefenderForThreatIntelligence", + "description": "PremiumMicrosoftDefenderForThreatIntelligence" + }, + { + "name": "GenericUI", + "value": "GenericUI", + "description": "GenericUI" + }, + { + "name": "APIPolling", + "value": "APIPolling", + "description": "APIPolling" + }, + { + "name": "IOT", + "value": "IOT", + "description": "IOT" + }, + { + "name": "GCP", + "value": "GCP", + "description": "GCP" + }, + { + "name": "RestApiPoller", + "value": "RestApiPoller", + "description": "RestApiPoller" + }, + { + "name": "PurviewAudit", + "value": "PurviewAudit", + "description": "PurviewAudit" + } + ] + } + }, + "DataConnectorLicenseState": { + "type": "string", + "description": "Describes the state of user's license for a connector kind.", + "enum": [ + "Valid", + "Invalid", + "Unknown" + ], + "x-ms-enum": { + "name": "DataConnectorLicenseState", + "modelAsString": true, + "values": [ + { + "name": "Valid", + "value": "Valid", + "description": "Valid" + }, + { + "name": "Invalid", + "value": "Invalid", + "description": "Invalid" + }, + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown" + } + ] + } + }, + "DataConnectorList": { + "type": "object", + "description": "List all the data connectors.", + "properties": { + "value": { + "type": "array", + "description": "The DataConnector items on this page", + "items": { + "$ref": "#/definitions/DataConnector" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "DataConnectorRequirementsState": { + "type": "object", + "description": "Data connector requirements status.", + "properties": { + "authorizationState": { + "$ref": "#/definitions/DataConnectorAuthorizationState", + "description": "Authorization state for this connector" + }, + "licenseState": { + "$ref": "#/definitions/DataConnectorLicenseState", + "description": "License state for this connector" + } + } + }, + "DataConnectorTenantId": { + "type": "object", + "description": "Properties data connector on tenant level.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + } + }, + "required": [ + "tenantId" + ] + }, + "DataConnectorWithAlertsProperties": { + "type": "object", + "description": "Data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + } + }, + "DataConnectorsCheckRequirements": { + "type": "object", + "description": "Data connector requirements properties.", + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "Describes the kind of connector to be checked." + } + }, + "discriminator": "kind", + "required": [ + "kind" + ] + }, + "DataTypeDefinitions": { + "type": "object", + "description": "The data type definition", + "properties": { + "dataType": { + "type": "string", + "description": "The data type name" + } + } + }, + "DataTypeState": { + "type": "string", + "description": "Describe whether this data type connection is enabled or not.", + "enum": [ + "Enabled", + "Disabled" + ], + "x-ms-enum": { + "name": "DataTypeState", + "modelAsString": true, + "values": [ + { + "name": "Enabled", + "value": "Enabled", + "description": "Enabled" + }, + { + "name": "Disabled", + "value": "Disabled", + "description": "Disabled" + } + ] + } + }, + "DeleteStatus": { + "type": "string", + "description": "Indicates whether the file was deleted from the storage account.", + "enum": [ + "Deleted", + "NotDeleted", + "Unspecified" + ], + "x-ms-enum": { + "name": "DeleteStatus", + "modelAsString": true, + "values": [ + { + "name": "Deleted", + "value": "Deleted", + "description": "The file was deleted." + }, + { + "name": "NotDeleted", + "value": "NotDeleted", + "description": "The file was not deleted." + }, + { + "name": "Unspecified", + "value": "Unspecified", + "description": "Unspecified" + } + ] + } + }, + "DeliveryAction": { + "type": "string", + "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc", + "enum": [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ], + "x-ms-enum": { + "name": "DeliveryAction", + "modelAsString": false, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown" + }, + { + "name": "DeliveredAsSpam", + "value": "DeliveredAsSpam", + "description": "DeliveredAsSpam" + }, + { + "name": "Delivered", + "value": "Delivered", + "description": "Delivered" + }, + { + "name": "Blocked", + "value": "Blocked", + "description": "Blocked" + }, + { + "name": "Replaced", + "value": "Replaced", + "description": "Replaced" + } + ] + } + }, + "DeliveryLocation": { + "type": "string", + "description": "The delivery location of this mail message like Inbox, JunkFolder etc", + "enum": [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ], + "x-ms-enum": { + "name": "DeliveryLocation", + "modelAsString": false, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown" + }, + { + "name": "Inbox", + "value": "Inbox", + "description": "Inbox" + }, + { + "name": "JunkFolder", + "value": "JunkFolder", + "description": "JunkFolder" + }, + { + "name": "DeletedFolder", + "value": "DeletedFolder", + "description": "DeletedFolder" + }, + { + "name": "Quarantine", + "value": "Quarantine", + "description": "Quarantine" + }, + { + "name": "External", + "value": "External", + "description": "External" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + }, + { + "name": "Dropped", + "value": "Dropped", + "description": "Dropped" + }, + { + "name": "Forwarded", + "value": "Forwarded", + "description": "Forwarded" + } + ] + } + }, + "Deployment": { + "type": "object", + "description": "Description about a deployment.", + "properties": { + "deploymentId": { + "type": "string", + "description": "Deployment identifier." + }, + "deploymentState": { + "$ref": "#/definitions/DeploymentState", + "description": "Current status of the deployment." + }, + "deploymentResult": { + "$ref": "#/definitions/DeploymentResult", + "description": "The outcome of the deployment." + }, + "deploymentTime": { + "type": "string", + "format": "date-time", + "description": "The time when the deployment finished." + }, + "deploymentLogsUrl": { + "type": "string", + "description": "Url to access repository action logs." + } + } + }, + "DeploymentFetchStatus": { + "type": "string", + "description": "Status while trying to fetch the deployment information.", + "enum": [ + "Success", + "Unauthorized", + "NotFound" + ], + "x-ms-enum": { + "name": "DeploymentFetchStatus", + "modelAsString": true, + "values": [ + { + "name": "Success", + "value": "Success", + "description": "Success" + }, + { + "name": "Unauthorized", + "value": "Unauthorized", + "description": "Unauthorized" + }, + { + "name": "NotFound", + "value": "NotFound", + "description": "NotFound" + } + ] + } + }, + "DeploymentInfo": { + "type": "object", + "description": "Information regarding a deployment.", + "properties": { + "deploymentFetchStatus": { + "$ref": "#/definitions/DeploymentFetchStatus", + "description": "Status while fetching the last deployment." + }, + "deployment": { + "$ref": "#/definitions/Deployment", + "description": "Deployment information." + }, + "message": { + "type": "string", + "description": "Additional details about the deployment that can be shown to the user." + } + } + }, + "DeploymentResult": { + "type": "string", + "description": "Status while trying to fetch the deployment information.", + "enum": [ + "Success", + "Canceled", + "Failed" + ], + "x-ms-enum": { + "name": "DeploymentResult", + "modelAsString": true, + "values": [ + { + "name": "Success", + "value": "Success", + "description": "Success" + }, + { + "name": "Canceled", + "value": "Canceled", + "description": "Canceled" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + } + ] + } + }, + "DeploymentState": { + "type": "string", + "description": "The current state of the deployment.", + "enum": [ + "In_Progress", + "Completed", + "Queued", + "Canceling" + ], + "x-ms-enum": { + "name": "DeploymentState", + "modelAsString": true, + "values": [ + { + "name": "In_Progress", + "value": "In_Progress", + "description": "In_Progress" + }, + { + "name": "Completed", + "value": "Completed", + "description": "Completed" + }, + { + "name": "Queued", + "value": "Queued", + "description": "Queued" + }, + { + "name": "Canceling", + "value": "Canceling", + "description": "Canceling" + } + ] + } + }, + "DeviceImportance": { + "type": "string", + "description": "Device importance, determines if the device classified as 'crown jewel'", + "enum": [ + "Unknown", + "Low", + "Normal", + "High" + ], + "x-ms-enum": { + "name": "DeviceImportance", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown - Default value" + }, + { + "name": "Low", + "value": "Low", + "description": "Low" + }, + { + "name": "Normal", + "value": "Normal", + "description": "Normal" + }, + { + "name": "High", + "value": "High", + "description": "High" + } + ] + } + }, + "DnsEntity": { + "type": "object", + "description": "Represents a dns entity.", + "properties": { + "properties": { + "$ref": "#/definitions/DnsEntityProperties", + "description": "Dns entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "DnsResolution" + }, + "DnsEntityProperties": { + "type": "object", + "description": "Dns entity property bag.", + "properties": { + "dnsServerIpEntityId": { + "type": "string", + "description": "An ip entity id for the dns server resolving the request", + "readOnly": true + }, + "domainName": { + "type": "string", + "description": "The name of the dns record associated with the alert", + "readOnly": true + }, + "hostIpAddressEntityId": { + "type": "string", + "description": "An ip entity id for the dns request client", + "readOnly": true + }, + "ipAddressEntityIds": { + "type": "array", + "description": "Ip entity identifiers for the resolved ip address.", + "items": { + "type": "string" + }, + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "Dynamics365CheckRequirements": { + "type": "object", + "description": "Represents Dynamics365 requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365CheckRequirementsProperties", + "description": "Dynamics365 requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365CheckRequirementsProperties": { + "type": "object", + "description": "Dynamics365 requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "Dynamics365DataConnector": { + "type": "object", + "description": "Represents Dynamics365 data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365DataConnectorProperties", + "description": "Dynamics365 data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365DataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Dynamics365 data connector.", + "properties": { + "dynamics365CdsActivities": { + "$ref": "#/definitions/Dynamics365DataConnectorDataTypesDynamics365CdsActivities", + "description": "Common Data Service data type connection." + } + }, + "required": [ + "dynamics365CdsActivities" + ] + }, + "Dynamics365DataConnectorDataTypesDynamics365CdsActivities": { + "type": "object", + "description": "Common Data Service data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "Dynamics365DataConnectorProperties": { + "type": "object", + "description": "Dynamics365 data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/Dynamics365DataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "ElevationToken": { + "type": "string", + "description": "The elevation token associated with the process.", + "enum": [ + "Default", + "Full", + "Limited" + ], + "x-ms-enum": { + "name": "ElevationToken", + "modelAsString": false, + "values": [ + { + "name": "Default", + "value": "Default", + "description": "Default elevation token" + }, + { + "name": "Full", + "value": "Full", + "description": "Full elevation token" + }, + { + "name": "Limited", + "value": "Limited", + "description": "Limited elevation token" + } + ] + } + }, + "EnrichmentDomainBody": { + "type": "object", + "description": "Domain name to be enriched", + "properties": { + "domain": { + "type": "string", + "description": "The domain name" + } + } + }, + "EnrichmentDomainWhois": { + "type": "object", + "description": "Whois information for a given domain and associated metadata", + "properties": { + "domain": { + "type": "string", + "description": "The domain for this whois record" + }, + "server": { + "type": "string", + "description": "The hostname of this registrar's whois server" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The timestamp at which this record was created" + }, + "updated": { + "type": "string", + "format": "date-time", + "description": "The timestamp at which this record was last updated" + }, + "expires": { + "type": "string", + "format": "date-time", + "description": "The timestamp at which this record will expire" + }, + "parsedWhois": { + "$ref": "#/definitions/EnrichmentDomainWhoisDetails", + "description": "The whois record for a given domain" + } + } + }, + "EnrichmentDomainWhoisContact": { + "type": "object", + "description": "An individual contact associated with this domain", + "properties": { + "name": { + "type": "string", + "description": "The name of this contact" + }, + "org": { + "type": "string", + "description": "The organization for this contact" + }, + "street": { + "type": "array", + "description": "A list describing the street address for this contact", + "items": { + "type": "string" + } + }, + "city": { + "type": "string", + "description": "The city for this contact" + }, + "state": { + "type": "string", + "description": "The state for this contact" + }, + "postal": { + "type": "string", + "description": "The postal code for this contact" + }, + "country": { + "type": "string", + "description": "The country for this contact" + }, + "phone": { + "type": "string", + "description": "The phone number for this contact" + }, + "fax": { + "type": "string", + "description": "The fax number for this contact" + }, + "email": { + "type": "string", + "description": "The email address for this contact" + } + } + }, + "EnrichmentDomainWhoisContacts": { + "type": "object", + "description": "The set of contacts associated with this domain", + "properties": { + "admin": { + "$ref": "#/definitions/EnrichmentDomainWhoisContact", + "description": "The admin contact for this whois record" + }, + "billing": { + "$ref": "#/definitions/EnrichmentDomainWhoisContact", + "description": "The billing contact for this whois record" + }, + "registrant": { + "$ref": "#/definitions/EnrichmentDomainWhoisContact", + "description": "The registrant contact for this whois record" + }, + "tech": { + "$ref": "#/definitions/EnrichmentDomainWhoisContact", + "description": "The technical contact for this whois record" + } + } + }, + "EnrichmentDomainWhoisDetails": { + "type": "object", + "description": "The whois record for a given domain", + "properties": { + "registrar": { + "$ref": "#/definitions/EnrichmentDomainWhoisRegistrarDetails", + "description": "The registrar associated with this domain" + }, + "contacts": { + "$ref": "#/definitions/EnrichmentDomainWhoisContacts", + "description": "The set of contacts associated with this domain" + }, + "nameServers": { + "type": "array", + "description": "A list of name servers associated with this domain", + "items": { + "type": "string" + } + }, + "statuses": { + "type": "array", + "description": "The set of status flags for this whois record", + "items": { + "type": "string" + } + } + } + }, + "EnrichmentDomainWhoisRegistrarDetails": { + "type": "object", + "description": "The registrar associated with this domain", + "properties": { + "name": { + "type": "string", + "description": "The name of this registrar" + }, + "abuseContactEmail": { + "type": "string", + "description": "This registrar's abuse contact email" + }, + "abuseContactPhone": { + "type": "string", + "description": "This registrar's abuse contact phone number" + }, + "ianaId": { + "type": "string", + "description": "This registrar's Internet Assigned Numbers Authority id" + }, + "url": { + "type": "string", + "description": "This registrar's URL" + }, + "whoisServer": { + "type": "string", + "description": "The hostname of this registrar's whois server" + } + } + }, + "EnrichmentIpAddressBody": { + "type": "object", + "description": "IP address (v4 or v6) to be enriched", + "properties": { + "ipAddress": { + "type": "string", + "description": "The dotted-decimal or colon-separated string representation of the IP address" + } + } + }, + "EnrichmentIpGeodata": { + "type": "object", + "description": "Geodata information for a given IP address", + "properties": { + "asn": { + "type": "string", + "description": "The autonomous system number associated with this IP address" + }, + "carrier": { + "type": "string", + "description": "The name of the carrier for this IP address" + }, + "city": { + "type": "string", + "description": "The city this IP address is located in" + }, + "cityConfidenceFactor": { + "type": "integer", + "format": "int32", + "description": "A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100", + "minimum": 0, + "maximum": 100 + }, + "continent": { + "type": "string", + "description": "The continent this IP address is located on" + }, + "country": { + "type": "string", + "description": "The county this IP address is located in" + }, + "countryConfidenceFactor": { + "type": "integer", + "format": "int32", + "description": "A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100", + "minimum": 0, + "maximum": 100 + }, + "ipAddr": { + "type": "string", + "description": "The dotted-decimal or colon-separated string representation of the IP address" + }, + "ipRoutingType": { + "type": "string", + "description": "A description of the connection type of this IP address" + }, + "latitude": { + "type": "string", + "description": "The latitude of this IP address" + }, + "longitude": { + "type": "string", + "description": "The longitude of this IP address" + }, + "organization": { + "type": "string", + "description": "The name of the organization for this IP address" + }, + "organizationType": { + "type": "string", + "description": "The type of the organization for this IP address" + }, + "region": { + "type": "string", + "description": "The geographic region this IP address is located in" + }, + "state": { + "type": "string", + "description": "The state this IP address is located in" + }, + "stateConfidenceFactor": { + "type": "integer", + "format": "int32", + "description": "A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100", + "minimum": 0, + "maximum": 100 + }, + "stateCode": { + "type": "string", + "description": "The abbreviated name for the state this IP address is located in" + } + } + }, + "EnrichmentType": { + "type": "string", + "enum": [ + "main" + ], + "x-ms-enum": { + "name": "EnrichmentType", + "modelAsString": true, + "values": [ + { + "name": "main", + "value": "main", + "description": "main" + } + ] + } + }, + "Entity": { + "type": "object", + "description": "Specific entity.", + "properties": { + "kind": { + "$ref": "#/definitions/EntityKindEnum", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "EntityAnalytics": { + "type": "object", + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EntityAnalyticsProperties", + "description": "EntityAnalytics properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "x-ms-discriminator-value": "EntityAnalytics" + }, + "EntityAnalyticsProperties": { + "type": "object", + "description": "EntityAnalytics property bag.", + "properties": { + "entityProviders": { + "type": "array", + "description": "The relevant entity providers that are synced", + "items": { + "$ref": "#/definitions/EntityProviders" + } + } + } + }, + "EntityCommonProperties": { + "type": "object", + "description": "Entity common property bag.", + "properties": { + "additionalData": { + "type": "object", + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "additionalProperties": {}, + "readOnly": true + }, + "friendlyName": { + "type": "string", + "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", + "readOnly": true + } + } + }, + "EntityEdges": { + "type": "object", + "description": "The edge that connects the entity to the other entity.", + "properties": { + "targetEntityId": { + "type": "string", + "description": "The target entity Id." + }, + "additionalData": { + "type": "object", + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "additionalProperties": {} + } + } + }, + "EntityExpandParameters": { + "type": "object", + "description": "The parameters required to execute an expand operation on the given entity.", + "properties": { + "endTime": { + "type": "string", + "format": "date-time", + "description": "The end date filter, so the only expansion results returned are before this date." + }, + "expansionId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The Id of the expansion to perform." + }, + "startTime": { + "type": "string", + "format": "date-time", + "description": "The start date filter, so the only expansion results returned are after this date." + } + } + }, + "EntityExpandResponse": { + "type": "object", + "description": "The entity expansion result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/ExpansionResultsMetadata", + "description": "The metadata from the expansion operation results." + }, + "value": { + "$ref": "#/definitions/EntityExpandResponseValue", + "description": "The expansion result values." + } + } + }, + "EntityExpandResponseValue": { + "type": "object", + "description": "The expansion result values.", + "properties": { + "entities": { + "type": "array", + "description": "Array of the expansion result entities.", + "items": { + "$ref": "#/definitions/Entity" + }, + "x-ms-identifiers": [] + }, + "edges": { + "type": "array", + "description": "Array of edges that connects the entity to the list of entities.", + "items": { + "$ref": "#/definitions/EntityEdges" + }, + "x-ms-identifiers": [] + } + } + }, + "EntityFieldMapping": { + "type": "object", + "description": "Map identifiers of a single entity", + "properties": { + "identifier": { + "type": "string", + "description": "Alert V3 identifier" + }, + "value": { + "type": "string", + "description": "The value of the identifier" + } + } + }, + "EntityGetInsightsParameters": { + "type": "object", + "description": "The parameters required to execute insights operation on the given entity.", + "properties": { + "startTime": { + "type": "string", + "format": "date-time", + "description": "The start timeline date, so the results returned are after this date." + }, + "endTime": { + "type": "string", + "format": "date-time", + "description": "The end timeline date, so the results returned are before this date." + }, + "addDefaultExtendedTimeRange": { + "type": "boolean", + "description": "Indicates if query time range should be extended with default time range of the query. Default value is false" + }, + "insightQueryIds": { + "type": "array", + "description": "List of Insights Query Id. If empty, default value is all insights of this entity", + "items": { + "$ref": "#/definitions/Azure.Core.uuid" + } + } + }, + "required": [ + "startTime", + "endTime" + ] + }, + "EntityGetInsightsResponse": { + "type": "object", + "description": "The Get Insights result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/GetInsightsResultsMetadata", + "description": "The metadata from the get insights operation results." + }, + "value": { + "type": "array", + "description": "The insights result values.", + "items": { + "$ref": "#/definitions/EntityInsightItem" + }, + "x-ms-identifiers": [] + } + } + }, + "EntityInsightItem": { + "type": "object", + "description": "Entity insight Item.", + "properties": { + "queryId": { + "type": "string", + "description": "The query id of the insight" + }, + "queryTimeInterval": { + "$ref": "#/definitions/EntityInsightItemQueryTimeInterval", + "description": "The Time interval that the query actually executed on." + }, + "tableQueryResults": { + "$ref": "#/definitions/InsightsTableResult", + "description": "Query results for table insights query." + }, + "chartQueryResults": { + "type": "array", + "description": "Query results for table insights query.", + "items": { + "$ref": "#/definitions/InsightsTableResult" + }, + "x-ms-identifiers": [] + } + } + }, + "EntityInsightItemQueryTimeInterval": { + "type": "object", + "description": "The Time interval that the query actually executed on.", + "properties": { + "startTime": { + "type": "string", + "format": "date-time", + "description": "Insight query start time" + }, + "endTime": { + "type": "string", + "format": "date-time", + "description": "Insight query end time" + } + } + }, + "EntityItemQueryKind": { + "type": "string", + "enum": [ + "Insight" + ], + "x-ms-enum": { + "name": "EntityItemQueryKind", + "modelAsString": true, + "values": [ + { + "name": "Insight", + "value": "Insight", + "description": "insight" + } + ] + } + }, + "EntityKindEnum": { + "type": "string", + "description": "The kind of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DnsResolution", + "FileHash", + "Ip", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "Url", + "IoTDevice", + "SecurityAlert", + "Bookmark", + "MailCluster", + "MailMessage", + "Mailbox", + "SubmissionMail", + "Nic" + ], + "x-ms-enum": { + "name": "EntityKindEnum", + "modelAsString": true, + "values": [ + { + "name": "Account", + "value": "Account", + "description": "Entity represents account in the system." + }, + { + "name": "Host", + "value": "Host", + "description": "Entity represents host in the system." + }, + { + "name": "File", + "value": "File", + "description": "Entity represents file in the system." + }, + { + "name": "AzureResource", + "value": "AzureResource", + "description": "Entity represents azure resource in the system." + }, + { + "name": "CloudApplication", + "value": "CloudApplication", + "description": "Entity represents cloud application in the system." + }, + { + "name": "DnsResolution", + "value": "DnsResolution", + "description": "Entity represents dns resolution in the system." + }, + { + "name": "FileHash", + "value": "FileHash", + "description": "Entity represents file hash in the system." + }, + { + "name": "Ip", + "value": "Ip", + "description": "Entity represents ip in the system." + }, + { + "name": "Malware", + "value": "Malware", + "description": "Entity represents malware in the system." + }, + { + "name": "Process", + "value": "Process", + "description": "Entity represents process in the system." + }, + { + "name": "RegistryKey", + "value": "RegistryKey", + "description": "Entity represents registry key in the system." + }, + { + "name": "RegistryValue", + "value": "RegistryValue", + "description": "Entity represents registry value in the system." + }, + { + "name": "SecurityGroup", + "value": "SecurityGroup", + "description": "Entity represents security group in the system." + }, + { + "name": "Url", + "value": "Url", + "description": "Entity represents url in the system." + }, + { + "name": "IoTDevice", + "value": "IoTDevice", + "description": "Entity represents IoT device in the system." + }, + { + "name": "SecurityAlert", + "value": "SecurityAlert", + "description": "Entity represents security alert in the system." + }, + { + "name": "Bookmark", + "value": "Bookmark", + "description": "Entity represents bookmark in the system." + }, + { + "name": "MailCluster", + "value": "MailCluster", + "description": "Entity represents mail cluster in the system." + }, + { + "name": "MailMessage", + "value": "MailMessage", + "description": "Entity represents mail message in the system." + }, + { + "name": "Mailbox", + "value": "Mailbox", + "description": "Entity represents mailbox in the system." + }, + { + "name": "SubmissionMail", + "value": "SubmissionMail", + "description": "Entity represents submission mail in the system." + }, + { + "name": "Nic", + "value": "Nic", + "description": "Entity represents network interface in the system." + } + ] + } + }, + "EntityList": { + "type": "object", + "description": "List of all the entities.", + "properties": { + "value": { + "type": "array", + "description": "The Entity items on this page", + "items": { + "$ref": "#/definitions/Entity" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "EntityManualTriggerRequestBody": { + "type": "object", + "description": "Describes the request body for triggering a playbook on an entity.", + "properties": { + "incidentArmId": { + "type": "string", + "format": "arm-id", + "description": "Incident ARM id.", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "scopes": [ + "Extension" + ], + "type": "Microsoft.SecurityInsights/incidents" + } + ] + } + }, + "tenantId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The tenant id of the playbook resource." + }, + "logicAppsResourceId": { + "type": "string", + "format": "arm-id", + "description": "The resource id of the playbook resource.", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "type": "Microsoft.Logic/workflows" + }, + { + "type": "Microsoft.Web/sites" + } + ] + } + } + }, + "required": [ + "logicAppsResourceId" + ] + }, + "EntityMapping": { + "type": "object", + "description": "Single entity mapping for the alert rule", + "properties": { + "entityType": { + "$ref": "#/definitions/EntityMappingType", + "description": "The V3 type of the mapped entity" + }, + "fieldMappings": { + "type": "array", + "description": "array of field mappings for the given entity mapping", + "items": { + "$ref": "#/definitions/FieldMapping" + }, + "x-ms-identifiers": [] + } + } + }, + "EntityMappingType": { + "type": "string", + "description": "The V3 type of the mapped entity", + "enum": [ + "Account", + "Host", + "IP", + "Malware", + "File", + "Process", + "CloudApplication", + "DNS", + "AzureResource", + "FileHash", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail" + ], + "x-ms-enum": { + "name": "EntityMappingType", + "modelAsString": true, + "values": [ + { + "name": "Account", + "value": "Account", + "description": "User account entity type" + }, + { + "name": "Host", + "value": "Host", + "description": "Host entity type" + }, + { + "name": "IP", + "value": "IP", + "description": "IP address entity type" + }, + { + "name": "Malware", + "value": "Malware", + "description": "Malware entity type" + }, + { + "name": "File", + "value": "File", + "description": "System file entity type" + }, + { + "name": "Process", + "value": "Process", + "description": "Process entity type" + }, + { + "name": "CloudApplication", + "value": "CloudApplication", + "description": "Cloud app entity type" + }, + { + "name": "DNS", + "value": "DNS", + "description": "DNS entity type" + }, + { + "name": "AzureResource", + "value": "AzureResource", + "description": "Azure resource entity type" + }, + { + "name": "FileHash", + "value": "FileHash", + "description": "File-hash entity type" + }, + { + "name": "RegistryKey", + "value": "RegistryKey", + "description": "Registry key entity type" + }, + { + "name": "RegistryValue", + "value": "RegistryValue", + "description": "Registry value entity type" + }, + { + "name": "SecurityGroup", + "value": "SecurityGroup", + "description": "Security group entity type" + }, + { + "name": "URL", + "value": "URL", + "description": "URL entity type" + }, + { + "name": "Mailbox", + "value": "Mailbox", + "description": "Mailbox entity type" + }, + { + "name": "MailCluster", + "value": "MailCluster", + "description": "Mail cluster entity type" + }, + { + "name": "MailMessage", + "value": "MailMessage", + "description": "Mail message entity type" + }, + { + "name": "SubmissionMail", + "value": "SubmissionMail", + "description": "Submission mail entity type" + } + ] + } + }, + "EntityProviders": { + "type": "string", + "description": "The entity provider that is synced.", + "enum": [ + "ActiveDirectory", + "AzureActiveDirectory" + ], + "x-ms-enum": { + "name": "EntityProviders", + "modelAsString": true, + "values": [ + { + "name": "ActiveDirectory", + "value": "ActiveDirectory", + "description": "ActiveDirectory" + }, + { + "name": "AzureActiveDirectory", + "value": "AzureActiveDirectory", + "description": "AzureActiveDirectory" + } + ] + } + }, + "EntityQuery": { + "type": "object", + "description": "Specific entity query.", + "properties": { + "kind": { + "$ref": "#/definitions/EntityQueryKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "EntityQueryItem": { + "type": "object", + "description": "An abstract Query item for entity", + "properties": { + "id": { + "type": "string", + "description": "Query Template ARM ID", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Query Template ARM Name" + }, + "type": { + "type": "string", + "description": "ARM Type" + }, + "kind": { + "$ref": "#/definitions/EntityQueryKind", + "description": "The kind of the entity query" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ] + }, + "EntityQueryItemProperties": { + "type": "object", + "description": "An properties abstract Query item for entity", + "properties": { + "dataTypes": { + "type": "array", + "description": "Data types for template", + "items": { + "$ref": "#/definitions/EntityQueryItemPropertiesDataTypesItem" + }, + "x-ms-identifiers": [] + }, + "inputEntityType": { + "$ref": "#/definitions/EntityType", + "description": "The type of the entity" + }, + "requiredInputFieldsSets": { + "type": "array", + "description": "Data types for template", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters" + } + } + }, + "EntityQueryItemPropertiesDataTypesItem": { + "type": "object", + "properties": { + "dataType": { + "type": "string", + "description": "Data type name" + } + } + }, + "EntityQueryKind": { + "type": "string", + "description": "The kind of the entity query", + "enum": [ + "Expansion", + "Insight", + "Activity" + ], + "x-ms-enum": { + "name": "EntityQueryKind", + "modelAsString": true, + "values": [ + { + "name": "Expansion", + "value": "Expansion", + "description": "Expansion" + }, + { + "name": "Insight", + "value": "Insight", + "description": "Insight" + }, + { + "name": "Activity", + "value": "Activity", + "description": "Activity" + } + ] + } + }, + "EntityQueryList": { + "type": "object", + "description": "List of all the entity queries.", + "properties": { + "value": { + "type": "array", + "description": "The EntityQuery items on this page", + "items": { + "$ref": "#/definitions/EntityQuery" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "EntityQueryTemplate": { + "type": "object", + "description": "Specific entity query template.", + "properties": { + "kind": { + "$ref": "#/definitions/EntityQueryTemplateKind", + "description": "The kind of the entity query template." + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "EntityQueryTemplateKind": { + "type": "string", + "enum": [ + "Activity", + "Insight", + "SecurityAlert", + "Bookmark", + "Expansion", + "GuidedInsight", + "Anomaly" + ], + "x-ms-enum": { + "name": "EntityQueryTemplateKind", + "modelAsString": true, + "values": [ + { + "name": "Activity", + "value": "Activity", + "description": "Activity" + }, + { + "name": "Insight", + "value": "Insight", + "description": "Insight" + }, + { + "name": "SecurityAlert", + "value": "SecurityAlert", + "description": "SecurityAlert" + }, + { + "name": "Bookmark", + "value": "Bookmark", + "description": "Bookmark" + }, + { + "name": "Expansion", + "value": "Expansion", + "description": "Expansion" + }, + { + "name": "GuidedInsight", + "value": "GuidedInsight", + "description": "GuidedInsight" + }, + { + "name": "Anomaly", + "value": "Anomaly", + "description": "Anomaly" + } + ] + } + }, + "EntityQueryTemplateList": { + "type": "object", + "description": "List of all the entity query templates.", + "properties": { + "value": { + "type": "array", + "description": "The EntityQueryTemplate items on this page", + "items": { + "$ref": "#/definitions/EntityQueryTemplate" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "EntityResource": { + "type": "object", + "description": "Entity resource model", + "properties": { + "name": { + "type": "string", + "description": "The name of the EntityResource", + "readOnly": true + } + }, + "required": [ + "name" + ] + }, + "EntityTimelineItem": { + "type": "object", + "description": "Entity timeline Item.", + "properties": { + "kind": { + "$ref": "#/definitions/EntityTimelineKind", + "description": "The entity query kind type." + } + }, + "discriminator": "kind", + "required": [ + "kind" + ] + }, + "EntityTimelineKind": { + "type": "string", + "description": "The entity query kind", + "enum": [ + "Activity", + "Bookmark", + "SecurityAlert", + "Anomaly" + ], + "x-ms-enum": { + "name": "EntityTimelineKind", + "modelAsString": true, + "values": [ + { + "name": "Activity", + "value": "Activity", + "description": "activity" + }, + { + "name": "Bookmark", + "value": "Bookmark", + "description": "bookmarks" + }, + { + "name": "SecurityAlert", + "value": "SecurityAlert", + "description": "security alerts" + }, + { + "name": "Anomaly", + "value": "Anomaly", + "description": "anomaly" + } + ] + } + }, + "EntityTimelineParameters": { + "type": "object", + "description": "The parameters required to execute s timeline operation on the given entity.", + "properties": { + "kinds": { + "type": "array", + "description": "Array of timeline Item kinds.", + "items": { + "$ref": "#/definitions/EntityTimelineKind" + } + }, + "startTime": { + "type": "string", + "format": "date-time", + "description": "The start timeline date, so the results returned are after this date." + }, + "endTime": { + "type": "string", + "format": "date-time", + "description": "The end timeline date, so the results returned are before this date." + }, + "numberOfBucket": { + "type": "integer", + "format": "int32", + "description": "The number of bucket for timeline queries aggregation." + } + }, + "required": [ + "startTime", + "endTime" + ] + }, + "EntityTimelineResponse": { + "type": "object", + "description": "The entity timeline result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/TimelineResultsMetadata", + "description": "The metadata from the timeline operation results." + }, + "value": { + "type": "array", + "description": "The timeline result values.", + "items": { + "$ref": "#/definitions/EntityTimelineItem" + }, + "x-ms-identifiers": [] + } + } + }, + "EntityType": { + "type": "string", + "description": "The type of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DNS", + "FileHash", + "IP", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "IoTDevice", + "SecurityAlert", + "HuntingBookmark", + "MailCluster", + "MailMessage", + "Mailbox", + "SubmissionMail", + "Nic" + ], + "x-ms-enum": { + "name": "EntityType", + "modelAsString": true, + "values": [ + { + "name": "Account", + "value": "Account", + "description": "Entity represents account in the system." + }, + { + "name": "Host", + "value": "Host", + "description": "Entity represents host in the system." + }, + { + "name": "File", + "value": "File", + "description": "Entity represents file in the system." + }, + { + "name": "AzureResource", + "value": "AzureResource", + "description": "Entity represents azure resource in the system." + }, + { + "name": "CloudApplication", + "value": "CloudApplication", + "description": "Entity represents cloud application in the system." + }, + { + "name": "DNS", + "value": "DNS", + "description": "Entity represents dns in the system." + }, + { + "name": "FileHash", + "value": "FileHash", + "description": "Entity represents file hash in the system." + }, + { + "name": "IP", + "value": "IP", + "description": "Entity represents ip in the system." + }, + { + "name": "Malware", + "value": "Malware", + "description": "Entity represents malware in the system." + }, + { + "name": "Process", + "value": "Process", + "description": "Entity represents process in the system." + }, + { + "name": "RegistryKey", + "value": "RegistryKey", + "description": "Entity represents registry key in the system." + }, + { + "name": "RegistryValue", + "value": "RegistryValue", + "description": "Entity represents registry value in the system." + }, + { + "name": "SecurityGroup", + "value": "SecurityGroup", + "description": "Entity represents security group in the system." + }, + { + "name": "URL", + "value": "URL", + "description": "Entity represents url in the system." + }, + { + "name": "IoTDevice", + "value": "IoTDevice", + "description": "Entity represents IoT device in the system." + }, + { + "name": "SecurityAlert", + "value": "SecurityAlert", + "description": "Entity represents security alert in the system." + }, + { + "name": "HuntingBookmark", + "value": "HuntingBookmark", + "description": "Entity represents HuntingBookmark in the system." + }, + { + "name": "MailCluster", + "value": "MailCluster", + "description": "Entity represents mail cluster in the system." + }, + { + "name": "MailMessage", + "value": "MailMessage", + "description": "Entity represents mail message in the system." + }, + { + "name": "Mailbox", + "value": "Mailbox", + "description": "Entity represents mailbox in the system." + }, + { + "name": "SubmissionMail", + "value": "SubmissionMail", + "description": "Entity represents submission mail in the system." + }, + { + "name": "Nic", + "value": "Nic", + "description": "Entity represents network interface in the system." + } + ] + } + }, + "EventGroupingAggregationKind": { + "type": "string", + "description": "The event grouping aggregation kinds", + "enum": [ + "SingleAlert", + "AlertPerResult" + ], + "x-ms-enum": { + "name": "EventGroupingAggregationKind", + "modelAsString": true, + "values": [ + { + "name": "SingleAlert", + "value": "SingleAlert", + "description": "SingleAlert" + }, + { + "name": "AlertPerResult", + "value": "AlertPerResult", + "description": "AlertPerResult" + } + ] + } + }, + "EventGroupingSettings": { + "type": "object", + "description": "Event grouping settings property bag.", + "properties": { + "aggregationKind": { + "$ref": "#/definitions/EventGroupingAggregationKind", + "description": "The event grouping aggregation kinds" + } + } + }, + "ExpansionEntityQueriesProperties": { + "type": "object", + "description": "Describes expansion entity query properties", + "properties": { + "dataSources": { + "type": "array", + "description": "List of the data sources that are required to run the query", + "items": { + "type": "string" + } + }, + "displayName": { + "type": "string", + "description": "The query display name" + }, + "inputEntityType": { + "$ref": "#/definitions/EntityType", + "description": "The type of the query's source entity" + }, + "inputFields": { + "type": "array", + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "type": "string" + } + }, + "outputEntityTypes": { + "type": "array", + "description": "List of the desired output types to be constructed from the result", + "items": { + "$ref": "#/definitions/EntityType" + } + }, + "queryTemplate": { + "type": "string", + "description": "The template query string to be parsed and formatted" + } + } + }, + "ExpansionEntityQuery": { + "type": "object", + "description": "Represents Expansion entity query.", + "properties": { + "properties": { + "$ref": "#/definitions/ExpansionEntityQueriesProperties", + "description": "Expansion entity query properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "x-ms-discriminator-value": "Expansion" + }, + "ExpansionResultAggregation": { + "type": "object", + "description": "Information of a specific aggregation in the expansion result.", + "properties": { + "aggregationType": { + "type": "string", + "description": "The common type of the aggregation. (for e.g. entity field name)" + }, + "count": { + "type": "integer", + "format": "int32", + "description": "Total number of aggregations of the given kind (and aggregationType if given) in the expansion result." + }, + "displayName": { + "type": "string", + "description": "The display name of the aggregation by type." + }, + "entityKind": { + "$ref": "#/definitions/EntityKindEnum", + "description": "The kind of the aggregated entity." + } + }, + "required": [ + "count", + "entityKind" + ] + }, + "ExpansionResultsMetadata": { + "type": "object", + "description": "Expansion result metadata.", + "properties": { + "aggregations": { + "type": "array", + "description": "Information of the aggregated nodes in the expansion result.", + "items": { + "$ref": "#/definitions/ExpansionResultAggregation" + }, + "x-ms-identifiers": [] + } + } + }, + "EyesOn": { + "type": "object", + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EyesOnSettingsProperties", + "description": "EyesOn properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "x-ms-discriminator-value": "EyesOn" + }, + "EyesOnSettingsProperties": { + "type": "object", + "description": "EyesOn property bag.", + "properties": { + "isEnabled": { + "type": "boolean", + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true + } + } + }, + "FieldMapping": { + "type": "object", + "description": "A single field mapping of the mapped entity", + "properties": { + "identifier": { + "type": "string", + "description": "the V3 identifier of the entity" + }, + "columnName": { + "type": "string", + "description": "the column name to be mapped to the identifier" + } + } + }, + "FileEntity": { + "type": "object", + "description": "Represents a file entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "File" + }, + "FileEntityProperties": { + "type": "object", + "description": "File entity property bag.", + "properties": { + "directory": { + "type": "string", + "description": "The full path to the file.", + "readOnly": true + }, + "fileHashEntityIds": { + "type": "array", + "description": "The file hash entity identifiers associated with this file", + "items": { + "type": "string" + }, + "readOnly": true + }, + "fileName": { + "type": "string", + "description": "The file name without path (some alerts might not include path).", + "readOnly": true + }, + "hostEntityId": { + "type": "string", + "description": "The Host entity id which the file belongs to", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "FileFormat": { + "type": "string", + "description": "The format of the file", + "enum": [ + "CSV", + "JSON", + "Unspecified" + ], + "x-ms-enum": { + "name": "FileFormat", + "modelAsString": true, + "values": [ + { + "name": "CSV", + "value": "CSV", + "description": "A CSV file." + }, + { + "name": "JSON", + "value": "JSON", + "description": "A JSON file." + }, + { + "name": "Unspecified", + "value": "Unspecified", + "description": "A file of other format." + } + ] + } + }, + "FileHashAlgorithm": { + "type": "string", + "description": "The hash algorithm type.", + "enum": [ + "Unknown", + "MD5", + "SHA1", + "SHA256", + "SHA256AC" + ], + "x-ms-enum": { + "name": "FileHashAlgorithm", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown hash algorithm" + }, + { + "name": "MD5", + "value": "MD5", + "description": "MD5 hash type" + }, + { + "name": "SHA1", + "value": "SHA1", + "description": "SHA1 hash type" + }, + { + "name": "SHA256", + "value": "SHA256", + "description": "SHA256 hash type" + }, + { + "name": "SHA256AC", + "value": "SHA256AC", + "description": "SHA256 Authenticode hash type" + } + ] + } + }, + "FileHashEntity": { + "type": "object", + "description": "Represents a file hash entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileHashEntityProperties", + "description": "FileHash entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "FileHash" + }, + "FileHashEntityProperties": { + "type": "object", + "description": "FileHash entity property bag.", + "properties": { + "algorithm": { + "$ref": "#/definitions/FileHashAlgorithm", + "description": "The hash algorithm type.", + "readOnly": true + }, + "hashValue": { + "type": "string", + "description": "The file hash value.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "FileImport": { + "type": "object", + "description": "Represents a file import in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/FileImportProperties", + "description": "File import properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "FileImportContentType": { + "type": "string", + "description": "The content type of this file.", + "enum": [ + "BasicIndicator", + "StixIndicator", + "Unspecified" + ], + "x-ms-enum": { + "name": "FileImportContentType", + "modelAsString": true, + "values": [ + { + "name": "BasicIndicator", + "value": "BasicIndicator", + "description": "File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern." + }, + { + "name": "StixIndicator", + "value": "StixIndicator", + "description": "File containing STIX indicators." + }, + { + "name": "Unspecified", + "value": "Unspecified", + "description": "File containing other records." + } + ] + } + }, + "FileImportList": { + "type": "object", + "description": "List all the file imports.", + "properties": { + "value": { + "type": "array", + "description": "The FileImport items on this page", + "items": { + "$ref": "#/definitions/FileImport" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "FileImportProperties": { + "type": "object", + "description": "Describes the FileImport's properties", + "properties": { + "ingestionMode": { + "$ref": "#/definitions/IngestionMode", + "description": "Describes how to ingest the records in the file." + }, + "contentType": { + "$ref": "#/definitions/FileImportContentType", + "description": "The content type of this file." + }, + "createdTimeUTC": { + "type": "string", + "format": "date-time", + "description": "The time the file was imported.", + "readOnly": true + }, + "errorFile": { + "$ref": "#/definitions/FileMetadata", + "description": "Represents the error file (if the import was ingested with errors or failed the validation).", + "readOnly": true + }, + "errorsPreview": { + "type": "array", + "description": "An ordered list of some of the errors that were encountered during validation.", + "items": { + "$ref": "#/definitions/ValidationError" + }, + "readOnly": true, + "x-ms-identifiers": [] + }, + "importFile": { + "$ref": "#/definitions/FileMetadata", + "description": "Represents the imported file." + }, + "ingestedRecordCount": { + "type": "integer", + "format": "int32", + "description": "The number of records that have been successfully ingested.", + "readOnly": true + }, + "source": { + "type": "string", + "description": "The source for the data in the file." + }, + "state": { + "$ref": "#/definitions/FileImportState", + "description": "The state of the file import.", + "readOnly": true + }, + "totalRecordCount": { + "type": "integer", + "format": "int32", + "description": "The number of records in the file.", + "readOnly": true + }, + "validRecordCount": { + "type": "integer", + "format": "int32", + "description": "The number of records that have passed validation.", + "readOnly": true + }, + "filesValidUntilTimeUTC": { + "type": "string", + "format": "date-time", + "description": "The time the files associated with this import are deleted from the storage account.", + "readOnly": true + }, + "importValidUntilTimeUTC": { + "type": "string", + "format": "date-time", + "description": "The time the file import record is soft deleted from the database and history.", + "readOnly": true + } + }, + "required": [ + "ingestionMode", + "contentType", + "importFile", + "source" + ] + }, + "FileImportState": { + "type": "string", + "description": "The state of the file import.", + "enum": [ + "FatalError", + "Ingested", + "IngestedWithErrors", + "InProgress", + "Invalid", + "WaitingForUpload", + "Unspecified" + ], + "x-ms-enum": { + "name": "FileImportState", + "modelAsString": true, + "values": [ + { + "name": "FatalError", + "value": "FatalError", + "description": "A fatal error has occurred while ingesting the file." + }, + { + "name": "Ingested", + "value": "Ingested", + "description": "The file has been ingested." + }, + { + "name": "IngestedWithErrors", + "value": "IngestedWithErrors", + "description": "The file has been ingested with errors." + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "The file ingestion is in progress." + }, + { + "name": "Invalid", + "value": "Invalid", + "description": "The file is invalid." + }, + { + "name": "WaitingForUpload", + "value": "WaitingForUpload", + "description": "Waiting for the file to be uploaded." + }, + { + "name": "Unspecified", + "value": "Unspecified", + "description": "Unspecified state." + } + ] + } + }, + "FileMetadata": { + "type": "object", + "description": "Represents a file.", + "properties": { + "fileFormat": { + "$ref": "#/definitions/FileFormat", + "description": "The format of the file" + }, + "fileName": { + "type": "string", + "description": "The name of the file." + }, + "fileSize": { + "type": "integer", + "format": "int32", + "description": "The size of the file." + }, + "fileContentUri": { + "type": "string", + "description": "A URI with a valid SAS token to allow uploading / downloading the file.", + "readOnly": true + }, + "deleteStatus": { + "$ref": "#/definitions/DeleteStatus", + "description": "Indicates whether the file was deleted from the storage account.", + "readOnly": true + } + } + }, + "Flag": { + "type": "string", + "description": "The boolean value the metadata is for.", + "enum": [ + "true", + "false" + ], + "x-ms-enum": { + "name": "Flag", + "modelAsString": true, + "values": [ + { + "name": "true", + "value": "true", + "description": "true" + }, + { + "name": "false", + "value": "false", + "description": "false" + } + ] + } + }, + "FusionAlertRule": { + "type": "object", + "description": "Represents Fusion alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleProperties", + "description": "Fusion alert rule properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleProperties": { + "type": "object", + "description": "Fusion alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "type": "string", + "description": "The Name of the alert rule template used to create this rule." + }, + "description": { + "type": "string", + "description": "The description of the alert rule.", + "readOnly": true + }, + "displayName": { + "type": "string", + "description": "The display name for alerts created by this alert rule.", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "sourceSettings": { + "type": "array", + "description": "Configuration for all supported source signals in fusion detection.", + "items": { + "$ref": "#/definitions/FusionSourceSettings" + }, + "x-ms-identifiers": [] + }, + "scenarioExclusionPatterns": { + "type": "array", + "description": "Configuration to exclude scenarios in fusion detection.", + "items": { + "$ref": "#/definitions/FusionScenarioExclusionPattern" + }, + "x-ms-identifiers": [] + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert has been modified.", + "readOnly": true + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true + }, + "subTechniques": { + "type": "array", + "description": "The sub-techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ] + }, + "FusionAlertRuleTemplate": { + "type": "object", + "description": "Represents Fusion alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleTemplateProperties", + "description": "Fusion alert rule template properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleTemplateProperties": { + "type": "object", + "description": "Fusion alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "type": "integer", + "format": "int32", + "description": "The number of alert rules that were created by this template" + }, + "createdDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template has been added.", + "readOnly": true + }, + "lastUpdatedDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template was last updated.", + "readOnly": true + }, + "description": { + "type": "string", + "description": "The description of the alert rule template." + }, + "displayName": { + "type": "string", + "description": "The display name for alert rule template." + }, + "requiredDataConnectors": { + "type": "array", + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "x-ms-identifiers": [] + }, + "status": { + "$ref": "#/definitions/TemplateStatus", + "description": "The alert rule template status." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + } + }, + "subTechniques": { + "type": "array", + "description": "The sub-techniques of the alert rule", + "items": { + "type": "string" + } + }, + "sourceSettings": { + "type": "array", + "description": "All supported source signal configurations consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionTemplateSourceSetting" + }, + "x-ms-identifiers": [] + } + } + }, + "FusionScenarioExclusionPattern": { + "type": "object", + "description": "Represents a Fusion scenario exclusion patterns in Fusion detection.", + "properties": { + "exclusionPattern": { + "type": "string", + "description": "Scenario exclusion pattern." + }, + "dateAddedInUTC": { + "type": "string", + "description": "DateTime when scenario exclusion pattern is added in UTC." + } + }, + "required": [ + "exclusionPattern", + "dateAddedInUTC" + ] + }, + "FusionSourceSettings": { + "type": "object", + "description": "Represents a supported source signal configuration in Fusion detection.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines whether this source signal is enabled or disabled in Fusion detection." + }, + "sourceName": { + "type": "string", + "description": "Name of the Fusion source signal. Refer to Fusion alert rule template for supported values." + }, + "sourceSubTypes": { + "type": "array", + "description": "Configuration for all source subtypes under this source signal consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionSourceSubTypeSetting" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "enabled", + "sourceName" + ] + }, + "FusionSourceSubTypeSetting": { + "type": "object", + "description": "Represents a supported source subtype configuration under a source signal in Fusion detection.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Determines whether this source subtype under source signal is enabled or disabled in Fusion detection." + }, + "sourceSubTypeName": { + "type": "string", + "description": "The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values." + }, + "sourceSubTypeDisplayName": { + "type": "string", + "description": "The display name of source subtype under a source signal consumed in Fusion detection.", + "readOnly": true + }, + "severityFilters": { + "$ref": "#/definitions/FusionSubTypeSeverityFilter", + "description": "Severity configuration for a source subtype consumed in fusion detection." + } + }, + "required": [ + "enabled", + "sourceSubTypeName", + "severityFilters" + ] + }, + "FusionSubTypeSeverityFilter": { + "type": "object", + "description": "Represents severity configuration for a source subtype consumed in Fusion detection.", + "properties": { + "isSupported": { + "type": "boolean", + "description": "Determines whether this source subtype supports severity configuration or not.", + "readOnly": true + }, + "filters": { + "type": "array", + "description": "Individual Severity configuration settings for a given source subtype consumed in Fusion detection.", + "items": { + "$ref": "#/definitions/FusionSubTypeSeverityFiltersItem" + }, + "x-ms-identifiers": [] + } + } + }, + "FusionSubTypeSeverityFiltersItem": { + "type": "object", + "description": "Represents a Severity filter setting for a given source subtype consumed in Fusion detection.", + "properties": { + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The Severity for a given source subtype consumed in Fusion detection." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection." + } + }, + "required": [ + "severity", + "enabled" + ] + }, + "FusionTemplateSourceSetting": { + "type": "object", + "description": "Represents a source signal consumed in Fusion detection.", + "properties": { + "sourceName": { + "type": "string", + "description": "The name of a source signal consumed in Fusion detection." + }, + "sourceSubTypes": { + "type": "array", + "description": "All supported source subtypes under this source signal consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionTemplateSourceSubType" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "sourceName" + ] + }, + "FusionTemplateSourceSubType": { + "type": "object", + "description": "Represents a source subtype under a source signal consumed in Fusion detection.", + "properties": { + "sourceSubTypeName": { + "type": "string", + "description": "The name of source subtype under a source signal consumed in Fusion detection." + }, + "sourceSubTypeDisplayName": { + "type": "string", + "description": "The display name of source subtype under a source signal consumed in Fusion detection.", + "readOnly": true + }, + "severityFilter": { + "$ref": "#/definitions/FusionTemplateSubTypeSeverityFilter", + "description": "Severity configuration available for a source subtype consumed in fusion detection." + } + }, + "required": [ + "sourceSubTypeName", + "severityFilter" + ] + }, + "FusionTemplateSubTypeSeverityFilter": { + "type": "object", + "description": "Represents severity configurations available for a source subtype consumed in Fusion detection.", + "properties": { + "isSupported": { + "type": "boolean", + "description": "Determines whether severity configuration is supported for this source subtype consumed in Fusion detection." + }, + "severityFilters": { + "type": "array", + "description": "List of all supported severities for this source subtype consumed in Fusion detection.", + "items": { + "$ref": "#/definitions/AlertSeverity" + } + } + }, + "required": [ + "isSupported" + ] + }, + "GCPAuthModel": { + "type": "object", + "description": "Model for API authentication for all GCP kind connectors.", + "properties": { + "serviceAccountEmail": { + "type": "string", + "description": "GCP Service Account Email" + }, + "projectNumber": { + "type": "string", + "description": "GCP Project Number" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "GCP Workload Identity Provider ID" + } + }, + "required": [ + "serviceAccountEmail", + "projectNumber", + "workloadIdentityProviderId" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "GCP" + }, + "GCPAuthProperties": { + "type": "object", + "description": "Google Cloud Platform auth section properties.", + "properties": { + "serviceAccountEmail": { + "type": "string", + "description": "The service account that is used to access the GCP project." + }, + "projectNumber": { + "type": "string", + "description": "The GCP project number." + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id that is used to gain access to the GCP project." + } + }, + "required": [ + "serviceAccountEmail", + "projectNumber", + "workloadIdentityProviderId" + ] + }, + "GCPDataConnector": { + "type": "object", + "description": "Represents Google Cloud Platform data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/GCPDataConnectorProperties", + "description": "Google Cloud Platform data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "GCP" + }, + "GCPDataConnectorProperties": { + "type": "object", + "description": "Google Cloud Platform data connector properties.", + "properties": { + "connectorDefinitionName": { + "type": "string", + "description": "The name of the connector definition that represents the UI config." + }, + "auth": { + "$ref": "#/definitions/GCPAuthProperties", + "description": "The auth section of the connector." + }, + "request": { + "$ref": "#/definitions/GCPRequestProperties", + "description": "The request section of the connector." + }, + "dcrConfig": { + "$ref": "#/definitions/DCRConfiguration", + "description": "The configuration of the destination of the data." + } + }, + "required": [ + "connectorDefinitionName", + "auth", + "request" + ] + }, + "GCPRequestProperties": { + "type": "object", + "description": "Google Cloud Platform request section properties.", + "properties": { + "projectId": { + "type": "string", + "description": "The GCP project id." + }, + "subscriptionNames": { + "type": "array", + "description": "The GCP pub/sub subscription names.", + "items": { + "type": "string" + } + } + }, + "required": [ + "projectId", + "subscriptionNames" + ] + }, + "GenericBlobSbsAuthModel": { + "type": "object", + "description": "Model for API authentication for working with service bus or storage account.", + "properties": { + "credentialsConfig": { + "type": "object", + "description": "Credentials for service bus namespace, keyvault uri for access key", + "additionalProperties": { + "type": "string" + } + }, + "storageAccountCredentialsConfig": { + "type": "object", + "description": "Credentials for storage account, keyvault uri for access key", + "additionalProperties": { + "type": "string" + } + } + }, + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "ServiceBus" + }, + "GeoLocation": { + "type": "object", + "description": "The geo-location context attached to the ip entity", + "properties": { + "asn": { + "type": "integer", + "format": "int32", + "description": "Autonomous System Number", + "readOnly": true + }, + "city": { + "type": "string", + "description": "City name", + "readOnly": true + }, + "countryCode": { + "type": "string", + "description": "The country code according to ISO 3166 format", + "readOnly": true + }, + "countryName": { + "type": "string", + "description": "Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name", + "readOnly": true + }, + "latitude": { + "type": "number", + "format": "double", + "description": "The latitude of the identified location, expressed as a floating point number with range of - 90 to 90. Latitude and longitude are derived from the city or postal code.", + "readOnly": true + }, + "longitude": { + "type": "number", + "format": "double", + "description": "The longitude of the identified location, expressed as a floating point number with range of -180 to 180. Latitude and longitude are derived from the city or postal code.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State name", + "readOnly": true + } + } + }, + "GetInsightsError": { + "type": "string", + "description": "the query kind", + "enum": [ + "Insight" + ], + "x-ms-enum": { + "name": "GetInsightsError", + "modelAsString": true, + "values": [ + { + "name": "Insight", + "value": "Insight", + "description": "Insight" + } + ] + } + }, + "GetInsightsErrorKind": { + "type": "object", + "description": "GetInsights Query Errors.", + "properties": { + "kind": { + "$ref": "#/definitions/GetInsightsError", + "description": "the query kind" + }, + "queryId": { + "type": "string", + "description": "the query id" + }, + "errorMessage": { + "type": "string", + "description": "the error message" + } + }, + "required": [ + "kind", + "errorMessage" + ] + }, + "GetInsightsResultsMetadata": { + "type": "object", + "description": "Get Insights result metadata.", + "properties": { + "totalCount": { + "type": "integer", + "format": "int32", + "description": "the total items found for the insights request" + }, + "errors": { + "type": "array", + "description": "information about the failed queries", + "items": { + "$ref": "#/definitions/GetInsightsErrorKind" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "totalCount" + ] + }, + "GetQueriesResponse": { + "type": "object", + "description": "Retrieve queries for entity result operation response.", + "properties": { + "value": { + "type": "array", + "description": "The query result values.", + "items": { + "$ref": "#/definitions/EntityQueryItem" + } + }, + "nextLink": { + "type": "string" + } + } + }, + "GitHubAuthModel": { + "type": "object", + "description": "Model for API authentication for GitHub. For this authentication first we need to approve the Router app (Microsoft Security DevOps) to access the GitHub account, Then we only need the InstallationId to get the access token from https://api.github.com/app/installations/{installId}/access_tokens.", + "properties": { + "installationId": { + "type": "string", + "description": "The GitHubApp auth installation id." + } + }, + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "GitHub" + }, + "GitHubResourceInfo": { + "type": "object", + "description": "Resources created in GitHub repository.", + "properties": { + "appInstallationId": { + "type": "string", + "description": "GitHub application installation id." + } + } + }, + "GraphQueries": { + "type": "object", + "description": "The graph query to show the current data status", + "properties": { + "metricName": { + "type": "string", + "description": "the metric that the query is checking" + }, + "legend": { + "type": "string", + "description": "The legend for the graph" + }, + "baseQuery": { + "type": "string", + "description": "The base query for the graph" + } + } + }, + "GraphQuery": { + "type": "object", + "description": "The graph query to show the volume of data arriving into the workspace over time.", + "properties": { + "metricName": { + "type": "string", + "description": "Gets or sets the metric name that the query is checking. For example: 'Total data receive'." + }, + "legend": { + "type": "string", + "description": "Gets or sets the legend for the graph." + }, + "baseQuery": { + "type": "string", + "description": "Gets or sets the base query for the graph.\nThe base query is wrapped by Sentinel UI infra with a KQL query, that measures the volume over time." + } + }, + "required": [ + "metricName", + "legend", + "baseQuery" + ] + }, + "GroupingConfiguration": { + "type": "object", + "description": "Grouping configuration property bag.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Grouping enabled" + }, + "reopenClosedIncident": { + "type": "boolean", + "description": "Re-open closed matching incidents" + }, + "lookbackDuration": { + "type": "string", + "format": "duration", + "description": "Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)" + }, + "matchingMethod": { + "$ref": "#/definitions/MatchingMethod", + "description": "Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty." + }, + "groupByEntities": { + "type": "array", + "description": "A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.", + "items": { + "$ref": "#/definitions/EntityMappingType" + } + }, + "groupByAlertDetails": { + "type": "array", + "description": "A list of alert details to group by (when matchingMethod is Selected)", + "items": { + "$ref": "#/definitions/AlertDetail" + } + }, + "groupByCustomDetails": { + "type": "array", + "description": "A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.", + "items": { + "type": "string" + } + } + }, + "required": [ + "enabled", + "reopenClosedIncident", + "lookbackDuration", + "matchingMethod" + ] + }, + "HostEntity": { + "type": "object", + "description": "Represents a host entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HostEntityProperties", + "description": "Host entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Host" + }, + "HostEntityProperties": { + "type": "object", + "description": "Host entity property bag.", + "properties": { + "azureID": { + "type": "string", + "description": "The azure resource id of the VM.", + "readOnly": true + }, + "dnsDomain": { + "type": "string", + "description": "The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain", + "readOnly": true + }, + "hostName": { + "type": "string", + "description": "The hostname without the domain suffix.", + "readOnly": true + }, + "isDomainJoined": { + "type": "boolean", + "description": "Determines whether this host belongs to a domain.", + "readOnly": true + }, + "netBiosName": { + "type": "string", + "description": "The host name (pre-windows2000).", + "readOnly": true + }, + "ntDomain": { + "type": "string", + "description": "The NT domain that this host belongs to.", + "readOnly": true + }, + "omsAgentID": { + "type": "string", + "description": "The OMS agent id, if the host has OMS agent installed.", + "readOnly": true + }, + "osFamily": { + "$ref": "#/definitions/OSFamily", + "description": "The operating system type." + }, + "osVersion": { + "type": "string", + "description": "A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "HttpMethodVerb": { + "type": "string", + "description": "The HTTP method, default value GET.", + "enum": [ + "GET", + "POST", + "PUT", + "DELETE" + ], + "x-ms-enum": { + "name": "HttpMethodVerb", + "modelAsString": true, + "values": [ + { + "name": "GET", + "value": "GET", + "description": "GET" + }, + { + "name": "POST", + "value": "POST", + "description": "POST" + }, + { + "name": "PUT", + "value": "PUT", + "description": "PUT" + }, + { + "name": "DELETE", + "value": "DELETE", + "description": "DELETE" + } + ] + } + }, + "Hunt": { + "type": "object", + "description": "Represents a Hunt in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntProperties", + "description": "Hunt properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "HuntComment": { + "type": "object", + "description": "Represents a Hunt Comment in Azure Security Insights", + "properties": { + "properties": { + "$ref": "#/definitions/HuntCommentProperties", + "description": "Hunt Comment properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "HuntCommentList": { + "type": "object", + "description": "List of all hunt comments", + "properties": { + "value": { + "type": "array", + "description": "The HuntComment items on this page", + "items": { + "$ref": "#/definitions/HuntComment" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "HuntCommentProperties": { + "type": "object", + "description": "Describes a hunt comment properties", + "properties": { + "message": { + "type": "string", + "description": "The message for the comment" + } + }, + "required": [ + "message" + ] + }, + "HuntList": { + "type": "object", + "description": "List all the hunts.", + "properties": { + "value": { + "type": "array", + "description": "The Hunt items on this page", + "items": { + "$ref": "#/definitions/Hunt" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "HuntOwner": { + "type": "object", + "description": "Describes a user that the hunt is assigned to", + "properties": { + "email": { + "type": "string", + "description": "The email of the user the hunt is assigned to." + }, + "assignedTo": { + "type": "string", + "description": "The name of the user the hunt is assigned to." + }, + "objectId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The object id of the user the hunt is assigned to.", + "x-nullable": true + }, + "userPrincipalName": { + "type": "string", + "description": "The user principal name of the user the hunt is assigned to." + }, + "ownerType": { + "$ref": "#/definitions/OwnerType", + "description": "The type of the owner the hunt is assigned to." + } + } + }, + "HuntProperties": { + "type": "object", + "description": "Describes hunt properties", + "properties": { + "displayName": { + "type": "string", + "description": "The display name of the hunt" + }, + "description": { + "type": "string", + "description": "The description of the hunt" + }, + "status": { + "type": "string", + "description": "The status of the hunt.", + "default": "New", + "enum": [ + "New", + "Active", + "Closed", + "Backlog", + "Approved", + "Succeeded", + "Failed", + "InProgress" + ], + "x-ms-enum": { + "name": "Status", + "modelAsString": true, + "values": [ + { + "name": "New", + "value": "New", + "description": "New" + }, + { + "name": "Active", + "value": "Active", + "description": "Active" + }, + { + "name": "Closed", + "value": "Closed", + "description": "Closed" + }, + { + "name": "Backlog", + "value": "Backlog", + "description": "Backlog" + }, + { + "name": "Approved", + "value": "Approved", + "description": "Approved" + }, + { + "name": "Succeeded", + "value": "Succeeded", + "description": "Succeeded" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "InProgress" + } + ] + } + }, + "hypothesisStatus": { + "type": "string", + "description": "The hypothesis status of the hunt.", + "default": "Unknown", + "enum": [ + "Unknown", + "Invalidated", + "Validated" + ], + "x-ms-enum": { + "name": "HypothesisStatus", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown" + }, + { + "name": "Invalidated", + "value": "Invalidated", + "description": "Invalidated" + }, + { + "name": "Validated", + "value": "Validated", + "description": "Validated" + } + ] + } + }, + "attackTactics": { + "type": "array", + "description": "A list of mitre attack tactics the hunt is associated with", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "attackTechniques": { + "type": "array", + "description": "A list of a mitre attack techniques the hunt is associated with", + "items": { + "type": "string" + } + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this hunt", + "items": { + "type": "string" + } + }, + "owner": { + "$ref": "#/definitions/HuntOwner", + "description": "Describes a user that the hunt is assigned to" + } + }, + "required": [ + "displayName", + "description" + ] + }, + "HuntRelation": { + "type": "object", + "description": "Represents a Hunt Relation in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntRelationProperties", + "description": "Hunt Relation properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "HuntRelationList": { + "type": "object", + "description": "List of all the hunt relations", + "properties": { + "value": { + "type": "array", + "description": "The HuntRelation items on this page", + "items": { + "$ref": "#/definitions/HuntRelation" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "HuntRelationProperties": { + "type": "object", + "description": "Describes hunt relation properties", + "properties": { + "relatedResourceId": { + "type": "string", + "description": "The id of the related resource" + }, + "relatedResourceName": { + "type": "string", + "description": "The name of the related resource", + "readOnly": true + }, + "relationType": { + "type": "string", + "description": "The type of the hunt relation", + "readOnly": true + }, + "relatedResourceKind": { + "type": "string", + "description": "The resource that the relation is related to", + "readOnly": true + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this hunt", + "items": { + "type": "string" + } + } + }, + "required": [ + "relatedResourceId" + ] + }, + "HuntingBookmark": { + "type": "object", + "description": "Represents a Hunting bookmark entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntingBookmarkProperties", + "description": "HuntingBookmark entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Bookmark" + }, + "HuntingBookmarkProperties": { + "type": "object", + "description": "Describes bookmark properties", + "properties": { + "created": { + "type": "string", + "format": "date-time", + "description": "The time the bookmark was created" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark" + }, + "displayName": { + "type": "string", + "description": "The display name of the bookmark" + }, + "eventTime": { + "type": "string", + "format": "date-time", + "description": "The time of the event" + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this bookmark", + "items": { + "type": "string" + } + }, + "notes": { + "type": "string", + "description": "The notes of the bookmark" + }, + "query": { + "type": "string", + "description": "The query of the bookmark." + }, + "queryResult": { + "type": "string", + "description": "The query result of the bookmark." + }, + "updated": { + "type": "string", + "format": "date-time", + "description": "The last time the bookmark was updated" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark" + }, + "incidentInfo": { + "$ref": "#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark" + } + }, + "required": [ + "displayName", + "query" + ], + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "HypothesisStatus": { + "type": "string", + "description": "The hypothesis status of the hunt.", + "enum": [ + "Unknown", + "Invalidated", + "Validated" + ], + "x-ms-enum": { + "name": "HypothesisStatus", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown" + }, + { + "name": "Invalidated", + "value": "Invalidated", + "description": "Invalidated" + }, + { + "name": "Validated", + "value": "Validated", + "description": "Validated" + } + ] + } + }, + "Identity": { + "type": "object", + "description": "Represents an identity in Azure Security Insights.", + "allOf": [ + { + "$ref": "#/definitions/TIObject" + } + ], + "x-ms-discriminator-value": "Identity" + }, + "Incident": { + "type": "object", + "description": "Represents an incident in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentProperties", + "description": "Incident properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "IncidentAdditionalData": { + "type": "object", + "description": "Incident additional data property bag.", + "properties": { + "alertsCount": { + "type": "integer", + "format": "int32", + "description": "The number of alerts in the incident", + "readOnly": true + }, + "bookmarksCount": { + "type": "integer", + "format": "int32", + "description": "The number of bookmarks in the incident", + "readOnly": true + }, + "commentsCount": { + "type": "integer", + "format": "int32", + "description": "The number of comments in the incident", + "readOnly": true + }, + "alertProductNames": { + "type": "array", + "description": "List of product names of alerts in the incident", + "items": { + "type": "string" + }, + "readOnly": true + }, + "tactics": { + "type": "array", + "description": "The tactics associated with incident", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true + }, + "techniques": { + "type": "array", + "description": "The techniques associated with incident's tactics", + "items": { + "type": "string" + }, + "readOnly": true + }, + "providerIncidentUrl": { + "type": "string", + "description": "The provider incident url to the incident in Microsoft 365 Defender portal", + "readOnly": true + }, + "mergedIncidentNumber": { + "type": "string", + "description": "The incident number of the incident that the current incident was merged into", + "readOnly": true + }, + "mergedIncidentUrl": { + "type": "string", + "description": "The URL to the incident that the current incident was merged into", + "readOnly": true + } + } + }, + "IncidentAlertList": { + "type": "object", + "description": "List of incident alerts.", + "properties": { + "value": { + "type": "array", + "description": "Array of incident alerts.", + "items": { + "$ref": "#/definitions/SecurityAlert" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ] + }, + "IncidentBookmarkList": { + "type": "object", + "description": "List of incident bookmarks.", + "properties": { + "value": { + "type": "array", + "description": "Array of incident bookmarks.", + "items": { + "$ref": "#/definitions/HuntingBookmark" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ] + }, + "IncidentClassification": { + "type": "string", + "description": "The reason the incident was closed", + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ], + "x-ms-enum": { + "name": "IncidentClassification", + "modelAsString": true, + "values": [ + { + "name": "Undetermined", + "value": "Undetermined", + "description": "Incident classification was undetermined" + }, + { + "name": "TruePositive", + "value": "TruePositive", + "description": "Incident was true positive" + }, + { + "name": "BenignPositive", + "value": "BenignPositive", + "description": "Incident was benign positive" + }, + { + "name": "FalsePositive", + "value": "FalsePositive", + "description": "Incident was false positive" + } + ] + } + }, + "IncidentClassificationReason": { + "type": "string", + "description": "The classification reason the incident was closed with", + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ], + "x-ms-enum": { + "name": "IncidentClassificationReason", + "modelAsString": true, + "values": [ + { + "name": "SuspiciousActivity", + "value": "SuspiciousActivity", + "description": "Classification reason was suspicious activity" + }, + { + "name": "SuspiciousButExpected", + "value": "SuspiciousButExpected", + "description": "Classification reason was suspicious but expected" + }, + { + "name": "IncorrectAlertLogic", + "value": "IncorrectAlertLogic", + "description": "Classification reason was incorrect alert logic" + }, + { + "name": "InaccurateData", + "value": "InaccurateData", + "description": "Classification reason was inaccurate data" + } + ] + } + }, + "IncidentComment": { + "type": "object", + "description": "Represents an incident comment", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentCommentProperties", + "description": "Incident comment properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "IncidentCommentList": { + "type": "object", + "description": "List of incident comments.", + "properties": { + "value": { + "type": "array", + "description": "The IncidentComment items on this page", + "items": { + "$ref": "#/definitions/IncidentComment" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "IncidentCommentProperties": { + "type": "object", + "description": "Incident comment property bag.", + "properties": { + "message": { + "type": "string", + "description": "The comment message" + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the comment was created", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the comment was updated", + "readOnly": true + }, + "author": { + "$ref": "#/definitions/ClientInfo", + "description": "Describes the client that created the comment", + "readOnly": true + } + }, + "required": [ + "message" + ] + }, + "IncidentConfiguration": { + "type": "object", + "description": "Incident Configuration property bag.", + "properties": { + "createIncident": { + "type": "boolean", + "description": "Create incidents from alerts triggered by this analytics rule" + }, + "groupingConfiguration": { + "$ref": "#/definitions/GroupingConfiguration", + "description": "Set how the alerts that are triggered by this analytics rule, are grouped into incidents" + } + }, + "required": [ + "createIncident" + ] + }, + "IncidentEntitiesResponse": { + "type": "object", + "description": "The incident related entities response.", + "properties": { + "entities": { + "type": "array", + "description": "Array of the incident related entities.", + "items": { + "$ref": "#/definitions/Entity" + }, + "x-ms-identifiers": [] + }, + "metaData": { + "type": "array", + "description": "The metadata from the incident related entities results.", + "items": { + "$ref": "#/definitions/IncidentEntitiesResultsMetadata" + }, + "x-ms-identifiers": [] + } + } + }, + "IncidentEntitiesResultsMetadata": { + "type": "object", + "description": "Information of a specific aggregation in the incident related entities result.", + "properties": { + "entityKind": { + "$ref": "#/definitions/EntityKindEnum", + "description": "The kind of the aggregated entity." + }, + "count": { + "type": "integer", + "format": "int32", + "description": "Total number of aggregations of the given kind in the incident related entities result." + } + }, + "required": [ + "entityKind", + "count" + ] + }, + "IncidentInfo": { + "type": "object", + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "type": "string", + "description": "Incident Id" + }, + "severity": { + "$ref": "#/definitions/IncidentSeverity", + "description": "The severity of the incident" + }, + "title": { + "type": "string", + "description": "The title of the incident" + }, + "relationName": { + "type": "string", + "description": "Relation Name" + } + } + }, + "IncidentLabel": { + "type": "object", + "description": "Represents an incident label", + "properties": { + "labelName": { + "type": "string", + "description": "The name of the label" + }, + "labelType": { + "$ref": "#/definitions/IncidentLabelType", + "description": "The type of the label", + "readOnly": true + } + }, + "required": [ + "labelName" + ] + }, + "IncidentLabelType": { + "type": "string", + "description": "The type of the label", + "enum": [ + "User", + "AutoAssigned" + ], + "x-ms-enum": { + "name": "IncidentLabelType", + "modelAsString": true, + "values": [ + { + "name": "User", + "value": "User", + "description": "Label manually created by a user" + }, + { + "name": "AutoAssigned", + "value": "AutoAssigned", + "description": "Label automatically created by the system" + } + ] + } + }, + "IncidentList": { + "type": "object", + "description": "List all the incidents.", + "properties": { + "value": { + "type": "array", + "description": "The Incident items on this page", + "items": { + "$ref": "#/definitions/Incident" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "IncidentOwnerInfo": { + "type": "object", + "description": "Information on the user an incident is assigned to", + "properties": { + "email": { + "type": "string", + "description": "The email of the user the incident is assigned to." + }, + "assignedTo": { + "type": "string", + "description": "The name of the user the incident is assigned to." + }, + "objectId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The object id of the user the incident is assigned to." + }, + "userPrincipalName": { + "type": "string", + "description": "The user principal name of the user the incident is assigned to." + }, + "ownerType": { + "$ref": "#/definitions/OwnerType", + "description": "The type of the owner the incident is assigned to." + } + } + }, + "IncidentProperties": { + "type": "object", + "description": "Describes incident properties", + "properties": { + "title": { + "type": "string", + "description": "The title of the incident" + }, + "description": { + "type": "string", + "description": "The description of the incident" + }, + "severity": { + "$ref": "#/definitions/IncidentSeverity", + "description": "The severity of the incident" + }, + "status": { + "$ref": "#/definitions/IncidentStatus", + "description": "The status of the incident" + }, + "classification": { + "$ref": "#/definitions/IncidentClassification", + "description": "The reason the incident was closed" + }, + "classificationReason": { + "$ref": "#/definitions/IncidentClassificationReason", + "description": "The classification reason the incident was closed with" + }, + "classificationComment": { + "type": "string", + "description": "Describes the reason the incident was closed" + }, + "owner": { + "$ref": "#/definitions/IncidentOwnerInfo", + "description": "Describes a user that the incident is assigned to" + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this incident", + "items": { + "$ref": "#/definitions/IncidentLabel" + }, + "x-ms-identifiers": [] + }, + "firstActivityTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time of the first activity in the incident" + }, + "lastActivityTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time of the last activity in the incident" + }, + "lastModifiedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The last time the incident was updated", + "readOnly": true + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the incident was created", + "readOnly": true + }, + "incidentNumber": { + "type": "integer", + "format": "int32", + "description": "A sequential number", + "readOnly": true + }, + "additionalData": { + "$ref": "#/definitions/IncidentAdditionalData", + "description": "Additional data on the incident", + "readOnly": true + }, + "relatedAnalyticRuleIds": { + "type": "array", + "description": "List of resource ids of Analytic rules related to the incident", + "items": { + "type": "string", + "format": "arm-id", + "description": "Related Analytic rule resource id", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "scopes": [ + "Extension" + ], + "type": "Microsoft.SecurityInsights/alertRules" + } + ] + } + }, + "readOnly": true + }, + "incidentUrl": { + "type": "string", + "description": "The deep-link url to the incident in Azure portal", + "readOnly": true + }, + "providerName": { + "type": "string", + "description": "The name of the source provider that generated the incident", + "readOnly": true + }, + "providerIncidentId": { + "type": "string", + "description": "The incident ID assigned by the incident provider", + "readOnly": true + }, + "teamInformation": { + "$ref": "#/definitions/TeamInformation", + "description": "Describes a team for the incident" + } + }, + "required": [ + "title", + "severity", + "status" + ] + }, + "IncidentPropertiesAction": { + "type": "object", + "properties": { + "severity": { + "$ref": "#/definitions/IncidentSeverity", + "description": "The severity of the incident" + }, + "status": { + "$ref": "#/definitions/IncidentStatus", + "description": "The status of the incident" + }, + "classification": { + "$ref": "#/definitions/IncidentClassification", + "description": "The reason the incident was closed" + }, + "classificationReason": { + "$ref": "#/definitions/IncidentClassificationReason", + "description": "The classification reason the incident was closed with" + }, + "classificationComment": { + "type": "string", + "description": "Describes the reason the incident was closed." + }, + "owner": { + "$ref": "#/definitions/IncidentOwnerInfo", + "description": "Information on the user an incident is assigned to" + }, + "labels": { + "type": "array", + "description": "List of labels to add to the incident.", + "items": { + "$ref": "#/definitions/IncidentLabel" + }, + "x-ms-identifiers": [ + "labelName" + ] + } + } + }, + "IncidentSeverity": { + "type": "string", + "description": "The severity of the incident", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "x-ms-enum": { + "name": "IncidentSeverity", + "modelAsString": true, + "values": [ + { + "name": "High", + "value": "High", + "description": "High severity" + }, + { + "name": "Medium", + "value": "Medium", + "description": "Medium severity" + }, + { + "name": "Low", + "value": "Low", + "description": "Low severity" + }, + { + "name": "Informational", + "value": "Informational", + "description": "Informational severity" + } + ] + } + }, + "IncidentStatus": { + "type": "string", + "description": "The status of the incident", + "enum": [ + "New", + "Active", + "Closed" + ], + "x-ms-enum": { + "name": "IncidentStatus", + "modelAsString": true, + "values": [ + { + "name": "New", + "value": "New", + "description": "An active incident which isn't being handled currently" + }, + { + "name": "Active", + "value": "Active", + "description": "An active incident which is being handled" + }, + { + "name": "Closed", + "value": "Closed", + "description": "A non-active incident" + } + ] + } + }, + "IncidentTask": { + "type": "object", + "description": "Describes incident task properties", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentTaskProperties", + "description": "Describes the properties of an incident task", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "required": [ + "properties" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "IncidentTaskList": { + "type": "object", + "description": "List of incident tasks", + "properties": { + "value": { + "type": "array", + "description": "The IncidentTask items on this page", + "items": { + "$ref": "#/definitions/IncidentTask" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "IncidentTaskProperties": { + "type": "object", + "description": "Describes the properties of an incident task", + "properties": { + "title": { + "type": "string", + "description": "The title of the task" + }, + "description": { + "type": "string", + "description": "The description of the task" + }, + "status": { + "$ref": "#/definitions/IncidentTaskStatus", + "description": "The status of the task" + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the task was created", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The last time the task was updated", + "readOnly": true + }, + "createdBy": { + "$ref": "#/definitions/ClientInfo", + "description": "Information on the client (user or application) that made some action" + }, + "lastModifiedBy": { + "$ref": "#/definitions/ClientInfo", + "description": "Information on the client (user or application) that made some action" + } + }, + "required": [ + "title", + "status" + ] + }, + "IncidentTaskStatus": { + "type": "string", + "description": "The status of the task", + "enum": [ + "New", + "Completed" + ], + "x-ms-enum": { + "name": "IncidentTaskStatus", + "modelAsString": true, + "values": [ + { + "name": "New", + "value": "New", + "description": "A new task" + }, + { + "name": "Completed", + "value": "Completed", + "description": "A completed task" + } + ] + } + }, + "Indicator": { + "type": "object", + "description": "Represents an indicator in Azure Security Insights.", + "properties": { + "observables": { + "type": "array", + "description": "The observables of this indicator", + "items": { + "$ref": "#/definitions/IndicatorObservablesItem" + } + } + }, + "allOf": [ + { + "$ref": "#/definitions/TIObject" + } + ], + "x-ms-discriminator-value": "Indicator" + }, + "IndicatorObservablesItem": { + "type": "object", + "description": "An observable of this indicator", + "properties": { + "type": { + "type": "string", + "description": "The type of the observable of this indicator" + }, + "value": { + "type": "string", + "description": "The value of the observable of this indicator" + } + } + }, + "IngestionMode": { + "type": "string", + "description": "Describes how to ingest the records in the file.", + "enum": [ + "IngestOnlyIfAllAreValid", + "IngestAnyValidRecords", + "Unspecified" + ], + "x-ms-enum": { + "name": "IngestionMode", + "modelAsString": true, + "values": [ + { + "name": "IngestOnlyIfAllAreValid", + "value": "IngestOnlyIfAllAreValid", + "description": "No records should be ingested when invalid records are detected." + }, + { + "name": "IngestAnyValidRecords", + "value": "IngestAnyValidRecords", + "description": "Valid records should still be ingested when invalid records are detected." + }, + { + "name": "Unspecified", + "value": "Unspecified", + "description": "Unspecified" + } + ] + } + }, + "InsightQueryItem": { + "type": "object", + "description": "Represents Insight Query.", + "properties": { + "properties": { + "$ref": "#/definitions/InsightQueryItemProperties", + "description": "Properties bag for InsightQueryItem" + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityQueryItem" + } + ], + "x-ms-discriminator-value": "Insight" + }, + "InsightQueryItemProperties": { + "type": "object", + "description": "Represents Insight Query.", + "properties": { + "displayName": { + "type": "string", + "description": "The insight display name." + }, + "description": { + "type": "string", + "description": "The insight description." + }, + "baseQuery": { + "type": "string", + "description": "The base query of the insight." + }, + "tableQuery": { + "$ref": "#/definitions/InsightQueryItemPropertiesTableQuery", + "description": "The insight table query." + }, + "chartQuery": { + "description": "The insight chart query." + }, + "additionalQuery": { + "$ref": "#/definitions/InsightQueryItemPropertiesAdditionalQuery", + "description": "The activity query definitions." + }, + "defaultTimeRange": { + "$ref": "#/definitions/InsightQueryItemPropertiesDefaultTimeRange", + "description": "The insight chart query." + }, + "referenceTimeRange": { + "$ref": "#/definitions/InsightQueryItemPropertiesReferenceTimeRange", + "description": "The insight chart query." + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityQueryItemProperties" + } + ] + }, + "InsightQueryItemPropertiesAdditionalQuery": { + "type": "object", + "description": "The activity query definitions.", + "properties": { + "query": { + "type": "string", + "description": "The insight query." + }, + "text": { + "type": "string", + "description": "The insight text." + } + } + }, + "InsightQueryItemPropertiesDefaultTimeRange": { + "type": "object", + "description": "The insight chart query.", + "properties": { + "beforeRange": { + "type": "string", + "description": "The padding for the start time of the query." + }, + "afterRange": { + "type": "string", + "description": "The padding for the end time of the query." + } + } + }, + "InsightQueryItemPropertiesReferenceTimeRange": { + "type": "object", + "description": "The insight chart query.", + "properties": { + "beforeRange": { + "type": "string", + "description": "Additional query time for looking back." + } + } + }, + "InsightQueryItemPropertiesTableQuery": { + "type": "object", + "description": "The insight table query.", + "properties": { + "columnsDefinitions": { + "type": "array", + "description": "List of insight column definitions.", + "items": { + "$ref": "#/definitions/InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem" + }, + "x-ms-identifiers": [] + }, + "queriesDefinitions": { + "type": "array", + "description": "List of insight queries definitions.", + "items": { + "$ref": "#/definitions/InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem" + }, + "x-ms-identifiers": [] + } + } + }, + "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem": { + "type": "object", + "properties": { + "header": { + "type": "string", + "description": "Insight column header." + }, + "outputType": { + "$ref": "#/definitions/outputType", + "description": "Insights Column type." + }, + "supportDeepLink": { + "type": "boolean", + "description": "Is query supports deep-link." + } + } + }, + "InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem": { + "type": "object", + "properties": { + "filter": { + "type": "string", + "description": "Insight column header." + }, + "summarize": { + "type": "string", + "description": "Insight column header." + }, + "project": { + "type": "string", + "description": "Insight column header." + }, + "linkColumnsDefinitions": { + "type": "array", + "description": "Insight column header.", + "items": { + "$ref": "#/definitions/InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem" + }, + "x-ms-identifiers": [] + } + } + }, + "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem": { + "type": "object", + "properties": { + "projectedName": { + "type": "string", + "description": "Insight Link Definition Projected Name." + }, + "Query": { + "type": "string", + "description": "Insight Link Definition Query." + } + } + }, + "InsightsTableResult": { + "type": "object", + "description": "Query results for table insights query.", + "properties": { + "columns": { + "type": "array", + "description": "Columns Metadata of the table", + "items": { + "$ref": "#/definitions/InsightsTableResultColumnsItem" + }, + "x-ms-identifiers": [] + }, + "rows": { + "type": "array", + "description": "Rows data of the table", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "InsightsTableResultColumnsItem": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "the type of the column" + }, + "name": { + "type": "string", + "description": "the name of the column" + } + } + }, + "InstructionStep": { + "type": "object", + "description": "Instruction steps to enable the connector.", + "properties": { + "title": { + "type": "string", + "description": "Gets or sets the instruction step title." + }, + "description": { + "type": "string", + "description": "Gets or sets the instruction step description." + }, + "instructions": { + "type": "array", + "description": "Gets or sets the instruction step details.", + "items": { + "$ref": "#/definitions/InstructionStepDetails" + }, + "x-ms-identifiers": [] + }, + "innerSteps": { + "type": "array", + "description": "Gets or sets the inner instruction steps details.\nFor Example: instruction step 1 might contain inner instruction steps: [instruction step 1.1, instruction step 1.2].", + "items": { + "$ref": "#/definitions/InstructionStep" + }, + "x-ms-identifiers": [] + } + } + }, + "InstructionStepDetails": { + "type": "object", + "description": "Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.", + "properties": { + "parameters": { + "description": "Gets or sets the instruction type parameters settings." + }, + "type": { + "type": "string", + "description": "Gets or sets the instruction type name." + } + }, + "required": [ + "parameters", + "type" + ] + }, + "InstructionSteps": { + "type": "object", + "description": "Instruction steps to enable the connector", + "properties": { + "title": { + "type": "string", + "description": "Instruction step title" + }, + "description": { + "type": "string", + "description": "Instruction step description" + }, + "instructions": { + "type": "array", + "description": "Instruction step details", + "items": { + "$ref": "#/definitions/InstructionStepsInstructionsItem" + }, + "x-ms-identifiers": [] + } + } + }, + "InstructionStepsInstructionsItem": { + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ConnectorInstructionModelBase" + } + ] + }, + "IoTCheckRequirements": { + "type": "object", + "description": "Represents IoT requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTCheckRequirementsProperties", + "description": "IoT requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "IOT" + }, + "IoTCheckRequirementsProperties": { + "type": "object", + "description": "IoT requirements check properties.", + "properties": { + "subscriptionId": { + "type": "string", + "description": "The subscription id to connect to, and get the data from." + } + } + }, + "IoTDataConnector": { + "type": "object", + "description": "Represents IoT data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDataConnectorProperties", + "description": "IoT data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "IOT" + }, + "IoTDataConnectorProperties": { + "type": "object", + "description": "IoT data connector properties.", + "properties": { + "subscriptionId": { + "type": "string", + "description": "The subscription id to connect to, and get the data from." + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ] + }, + "IoTDeviceEntity": { + "type": "object", + "description": "Represents an IoT device entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDeviceEntityProperties", + "description": "IoTDevice entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "IoTDevice" + }, + "IoTDeviceEntityProperties": { + "type": "object", + "description": "IoTDevice entity property bag.", + "properties": { + "deviceId": { + "type": "string", + "description": "The ID of the IoT Device in the IoT Hub", + "readOnly": true + }, + "deviceName": { + "type": "string", + "description": "The friendly name of the device", + "readOnly": true + }, + "source": { + "type": "string", + "description": "The source of the device", + "readOnly": true + }, + "iotSecurityAgentId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The ID of the security agent running on the device", + "readOnly": true + }, + "deviceType": { + "type": "string", + "description": "The type of the device", + "readOnly": true + }, + "vendor": { + "type": "string", + "description": "The vendor of the device", + "readOnly": true + }, + "edgeId": { + "type": "string", + "description": "The ID of the edge device", + "readOnly": true + }, + "macAddress": { + "type": "string", + "description": "The MAC address of the device", + "readOnly": true + }, + "model": { + "type": "string", + "description": "The model of the device", + "readOnly": true + }, + "serialNumber": { + "type": "string", + "description": "The serial number of the device", + "readOnly": true + }, + "firmwareVersion": { + "type": "string", + "description": "The firmware version of the device", + "readOnly": true + }, + "operatingSystem": { + "type": "string", + "description": "The operating system of the device", + "readOnly": true + }, + "iotHubEntityId": { + "type": "string", + "description": "The AzureResource entity id of the IoT Hub", + "readOnly": true + }, + "hostEntityId": { + "type": "string", + "description": "The Host entity id of this device", + "readOnly": true + }, + "ipAddressEntityId": { + "type": "string", + "description": "The IP entity if of this device", + "readOnly": true + }, + "threatIntelligence": { + "type": "array", + "description": "A list of TI contexts attached to the IoTDevice entity.", + "items": { + "$ref": "#/definitions/threatIntelligence" + }, + "readOnly": true, + "x-ms-identifiers": [] + }, + "protocols": { + "type": "array", + "description": "A list of protocols of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true + }, + "owners": { + "type": "array", + "description": "A list of owners of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true + }, + "nicEntityIds": { + "type": "array", + "description": "A list of Nic entity ids of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true + }, + "site": { + "type": "string", + "description": "The site of the device", + "readOnly": true + }, + "zone": { + "type": "string", + "description": "The zone location of the device within a site", + "readOnly": true + }, + "sensor": { + "type": "string", + "description": "The sensor the device is monitored by", + "readOnly": true + }, + "deviceSubType": { + "type": "string", + "description": "The subType of the device ('PLC', 'HMI', 'EWS', etc.)", + "readOnly": true + }, + "importance": { + "$ref": "#/definitions/DeviceImportance", + "description": "Device importance, determines if the device classified as 'crown jewel'" + }, + "purdueLayer": { + "type": "string", + "description": "The Purdue Layer of the device", + "readOnly": true + }, + "isAuthorized": { + "type": "boolean", + "description": "Determines whether the device classified as authorized device", + "readOnly": true + }, + "isProgramming": { + "type": "boolean", + "description": "Determines whether the device classified as programming device", + "readOnly": true + }, + "isScanner": { + "type": "boolean", + "description": "Is the device classified as a scanner device", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "IpEntity": { + "type": "object", + "description": "Represents an ip entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IpEntityProperties", + "description": "Ip entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Ip" + }, + "IpEntityProperties": { + "type": "object", + "description": "Ip entity property bag.", + "properties": { + "address": { + "type": "string", + "description": "The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)", + "readOnly": true + }, + "location": { + "$ref": "#/definitions/GeoLocation", + "description": "The geo-location context attached to the ip entity", + "readOnly": true + }, + "threatIntelligence": { + "type": "array", + "description": "A list of TI contexts attached to the ip entity.", + "items": { + "$ref": "#/definitions/threatIntelligence" + }, + "readOnly": true, + "x-ms-identifiers": [] + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "Job": { + "type": "object", + "description": "The assignment job", + "properties": { + "properties": { + "$ref": "#/definitions/JobProperties", + "description": "The job object", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "JobList": { + "type": "object", + "description": "List of all the jobs", + "properties": { + "value": { + "type": "array", + "description": "The Job items on this page", + "items": { + "$ref": "#/definitions/Job" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "JobProperties": { + "type": "object", + "description": "The job properties", + "properties": { + "endTime": { + "type": "string", + "format": "date-time", + "description": "The time the job completed", + "readOnly": true + }, + "items": { + "type": "array", + "description": "List of items published by the job", + "items": { + "$ref": "#/definitions/jobItem" + }, + "x-ms-identifiers": [] + }, + "provisioningState": { + "$ref": "#/definitions/JobProvisioningState", + "description": "State of the job", + "readOnly": true + }, + "startTime": { + "type": "string", + "format": "date-time", + "description": "The time the job started", + "readOnly": true + }, + "errorMessage": { + "type": "string", + "description": "Message to describe error, if an error exists", + "readOnly": true + } + } + }, + "JobProvisioningState": { + "type": "string", + "description": "The provisioning state of the workspace manager job", + "enum": [ + "Succeeded", + "InProgress", + "Canceled", + "Failed" + ], + "x-ms-enum": { + "name": "JobProvisioningState", + "modelAsString": true, + "values": [ + { + "name": "Succeeded", + "value": "Succeeded", + "description": "Succeeded" + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "InProgress" + }, + { + "name": "Canceled", + "value": "Canceled", + "description": "Canceled" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + } + ] + } + }, + "JwtAuthModel": { + "type": "object", + "description": "Model for API authentication with JWT. Simple exchange between user name + password to access token.", + "properties": { + "tokenEndpoint": { + "type": "string", + "description": "Token endpoint to request JWT" + }, + "userName": { + "type": "object", + "description": "The user name. If user name and password sent in header request we only need to populate the `value` property with the user name (Same as basic auth). If user name and password sent in body request we need to specify the `Key` and `Value`.", + "additionalProperties": { + "type": "string" + } + }, + "password": { + "type": "object", + "format": "password", + "description": "The password", + "additionalProperties": { + "type": "string" + }, + "x-ms-secret": true + }, + "queryParameters": { + "type": "object", + "description": "The custom query parameter we want to add once we send request to token endpoint.", + "additionalProperties": { + "type": "string" + } + }, + "headers": { + "type": "object", + "description": "The custom headers we want to add once we send request to token endpoint.", + "additionalProperties": { + "type": "string" + } + }, + "isCredentialsInHeaders": { + "type": "boolean", + "description": "Flag indicating whether we want to send the user name and password to token endpoint in the headers.", + "x-nullable": true + }, + "isJsonRequest": { + "type": "boolean", + "description": "Flag indicating whether the body request is JSON (header Content-Type = application/json), meaning its a Form URL encoded request (header Content-Type = application/x-www-form-urlencoded).", + "default": false, + "x-nullable": true + }, + "requestTimeoutInSeconds": { + "type": "integer", + "format": "int32", + "description": "Request timeout in seconds.", + "default": 100, + "maximum": 180 + } + }, + "required": [ + "tokenEndpoint", + "userName", + "password" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "JwtToken" + }, + "KillChainIntent": { + "type": "string", + "description": "The intent of the alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "x-ms-enum": { + "name": "KillChainIntent", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "The default value." + }, + { + "name": "Probing", + "value": "Probing", + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in." + }, + { + "name": "Exploitation", + "value": "Exploitation", + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage." + }, + { + "name": "Persistence", + "value": "Persistence", + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access." + }, + { + "name": "PrivilegeEscalation", + "value": "PrivilegeEscalation", + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege." + }, + { + "name": "DefenseEvasion", + "value": "DefenseEvasion", + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation." + }, + { + "name": "CredentialAccess", + "value": "CredentialAccess", + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment." + }, + { + "name": "Discovery", + "value": "Discovery", + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must navigate themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase." + }, + { + "name": "LateralMovement", + "value": "LateralMovement", + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect." + }, + { + "name": "Execution", + "value": "Execution", + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network." + }, + { + "name": "Collection", + "value": "Collection", + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate." + }, + { + "name": "Exfiltration", + "value": "Exfiltration", + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate." + }, + { + "name": "CommandAndControl", + "value": "CommandAndControl", + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network." + }, + { + "name": "Impact", + "value": "Impact", + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others." + } + ] + } + }, + "Kind": { + "type": "string", + "description": "The kind of content the metadata is for.", + "enum": [ + "DataConnector", + "DataType", + "Workbook", + "WorkbookTemplate", + "Playbook", + "PlaybookTemplate", + "AnalyticsRuleTemplate", + "AnalyticsRule", + "HuntingQuery", + "InvestigationQuery", + "Parser", + "Watchlist", + "WatchlistTemplate", + "Solution", + "AzureFunction", + "LogicAppsCustomConnector", + "AutomationRule", + "ResourcesDataConnector", + "Notebook", + "Standalone", + "SummaryRule", + "CustomDetection" + ], + "x-ms-enum": { + "name": "Kind", + "modelAsString": true, + "values": [ + { + "name": "DataConnector", + "value": "DataConnector", + "description": "DataConnector" + }, + { + "name": "DataType", + "value": "DataType", + "description": "DataType" + }, + { + "name": "Workbook", + "value": "Workbook", + "description": "Workbook" + }, + { + "name": "WorkbookTemplate", + "value": "WorkbookTemplate", + "description": "WorkbookTemplate" + }, + { + "name": "Playbook", + "value": "Playbook", + "description": "Playbook" + }, + { + "name": "PlaybookTemplate", + "value": "PlaybookTemplate", + "description": "PlaybookTemplate" + }, + { + "name": "AnalyticsRuleTemplate", + "value": "AnalyticsRuleTemplate", + "description": "AnalyticsRuleTemplate" + }, + { + "name": "AnalyticsRule", + "value": "AnalyticsRule", + "description": "AnalyticsRule" + }, + { + "name": "HuntingQuery", + "value": "HuntingQuery", + "description": "HuntingQuery" + }, + { + "name": "InvestigationQuery", + "value": "InvestigationQuery", + "description": "InvestigationQuery" + }, + { + "name": "Parser", + "value": "Parser", + "description": "Parser" + }, + { + "name": "Watchlist", + "value": "Watchlist", + "description": "Watchlist" + }, + { + "name": "WatchlistTemplate", + "value": "WatchlistTemplate", + "description": "WatchlistTemplate" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "AzureFunction", + "value": "AzureFunction", + "description": "AzureFunction" + }, + { + "name": "LogicAppsCustomConnector", + "value": "LogicAppsCustomConnector", + "description": "LogicAppsCustomConnector" + }, + { + "name": "AutomationRule", + "value": "AutomationRule", + "description": "AutomationRule" + }, + { + "name": "ResourcesDataConnector", + "value": "ResourcesDataConnector", + "description": "ResourcesDataConnector" + }, + { + "name": "Notebook", + "value": "Notebook", + "description": "Notebook" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + }, + { + "name": "SummaryRule", + "value": "SummaryRule", + "description": "SummaryRule" + }, + { + "name": "CustomDetection", + "value": "CustomDetection", + "description": "Custom detections enable proactive monitoring and automated response actions for various events and system states across your tenant." + } + ] + } + }, + "LastDataReceivedDataType": { + "type": "object", + "description": "Data type for last data received", + "properties": { + "name": { + "type": "string", + "description": "Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder" + }, + "lastDataReceivedQuery": { + "type": "string", + "description": "Query for indicate last data received" + } + } + }, + "MCASCheckRequirements": { + "type": "object", + "description": "Represents MCAS (Microsoft Cloud App Security) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASCheckRequirementsProperties", + "description": "MCAS (Microsoft Cloud App Security) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASCheckRequirementsProperties": { + "type": "object", + "description": "MCAS (Microsoft Cloud App Security) requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MCASDataConnector": { + "type": "object", + "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASDataConnectorProperties", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "discoveryLogs": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Discovery log data type connection." + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + } + ] + }, + "MCASDataConnectorProperties": { + "type": "object", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MCASDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MDATPCheckRequirements": { + "type": "object", + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPCheckRequirementsProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPCheckRequirementsProperties": { + "type": "object", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MDATPDataConnector": { + "type": "object", + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPDataConnectorProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPDataConnectorProperties": { + "type": "object", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "required": [ + "tenantId" + ] + }, + "MLBehaviorAnalyticsAlertRule": { + "type": "object", + "description": "Represents MLBehaviorAnalytics alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MLBehaviorAnalyticsAlertRuleProperties", + "description": "MLBehaviorAnalytics alert rule properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "MLBehaviorAnalyticsAlertRuleProperties": { + "type": "object", + "description": "MLBehaviorAnalytics alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "type": "string", + "description": "The Name of the alert rule template used to create this rule." + }, + "description": { + "type": "string", + "description": "The description of the alert rule.", + "readOnly": true + }, + "displayName": { + "type": "string", + "description": "The display name for alerts created by this alert rule.", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert rule has been modified.", + "readOnly": true + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true + }, + "subTechniques": { + "type": "array", + "description": "The sub-techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ] + }, + "MLBehaviorAnalyticsAlertRuleTemplate": { + "type": "object", + "description": "Represents MLBehaviorAnalytics alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/MLBehaviorAnalyticsAlertRuleTemplateProperties", + "description": "MLBehaviorAnalytics alert rule template properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "MLBehaviorAnalyticsAlertRuleTemplateProperties": { + "type": "object", + "description": "MLBehaviorAnalytics alert rule template properties.", + "properties": { + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + } + }, + "required": [ + "severity" + ], + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + } + ] + }, + "MSTICheckRequirements": { + "type": "object", + "description": "Represents Microsoft Threat Intelligence requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTICheckRequirementsProperties", + "description": "Microsoft Threat Intelligence requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTICheckRequirementsProperties": { + "type": "object", + "description": "Microsoft Threat Intelligence requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MSTIDataConnector": { + "type": "object", + "description": "Represents Microsoft Threat Intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTIDataConnectorProperties", + "description": "Microsoft Threat Intelligence data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTIDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector.", + "properties": { + "microsoftEmergingThreatFeed": { + "$ref": "#/definitions/MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed", + "description": "Data type for Microsoft Threat Intelligence Platforms data connector." + } + }, + "required": [ + "microsoftEmergingThreatFeed" + ] + }, + "MSTIDataConnectorProperties": { + "type": "object", + "description": "Microsoft Threat Intelligence data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MSTIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MTPCheckRequirementsProperties": { + "type": "object", + "description": "MTP (Microsoft Threat Protection) requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MTPDataConnector": { + "type": "object", + "description": "Represents MTP (Microsoft Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPDataConnectorProperties", + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MTPDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Microsoft Threat Protection Platforms data connector.", + "properties": { + "incidents": { + "$ref": "#/definitions/MTPDataConnectorDataTypesIncidents", + "description": "Incidents data type for Microsoft Threat Protection Platforms data connector." + }, + "alerts": { + "$ref": "#/definitions/MTPDataConnectorDataTypesAlerts", + "description": "Alerts data type for Microsoft Threat Protection Platforms data connector." + } + }, + "required": [ + "incidents" + ] + }, + "MTPDataConnectorDataTypesAlerts": { + "type": "object", + "description": "Alerts data type for Microsoft Threat Protection Platforms data connector.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "MTPDataConnectorDataTypesIncidents": { + "type": "object", + "description": "Incidents data type for Microsoft Threat Protection Platforms data connector.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "MTPDataConnectorProperties": { + "type": "object", + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MTPDataConnectorDataTypes", + "description": "The available data types for the connector." + }, + "filteredProviders": { + "$ref": "#/definitions/MtpFilteredProviders", + "description": "The available filtered providers for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MailClusterEntity": { + "type": "object", + "description": "Represents a mail cluster entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailClusterEntityProperties", + "description": "Mail cluster entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "MailCluster" + }, + "MailClusterEntityProperties": { + "type": "object", + "description": "Mail cluster entity property bag.", + "properties": { + "networkMessageIds": { + "type": "array", + "description": "The mail message IDs that are part of the mail cluster", + "items": { + "type": "string" + }, + "readOnly": true + }, + "countByDeliveryStatus": { + "description": "Count of mail messages by DeliveryStatus string representation", + "readOnly": true + }, + "countByThreatType": { + "description": "Count of mail messages by ThreatType string representation", + "readOnly": true + }, + "countByProtectionStatus": { + "description": "Count of mail messages by ProtectionStatus string representation", + "readOnly": true + }, + "threats": { + "type": "array", + "description": "The threats of mail messages that are part of the mail cluster", + "items": { + "type": "string" + }, + "readOnly": true + }, + "query": { + "type": "string", + "description": "The query that was used to identify the messages of the mail cluster", + "readOnly": true + }, + "queryTime": { + "type": "string", + "format": "date-time", + "description": "The query time", + "readOnly": true + }, + "mailCount": { + "type": "integer", + "format": "int32", + "description": "The number of mail messages that are part of the mail cluster", + "readOnly": true + }, + "isVolumeAnomaly": { + "type": "boolean", + "description": "Is this a volume anomaly mail cluster", + "readOnly": true + }, + "source": { + "type": "string", + "description": "The source of the mail cluster (default is 'O365 ATP')", + "readOnly": true + }, + "clusterSourceIdentifier": { + "type": "string", + "description": "The id of the cluster source", + "readOnly": true + }, + "clusterSourceType": { + "type": "string", + "description": "The type of the cluster source", + "readOnly": true + }, + "clusterQueryStartTime": { + "type": "string", + "format": "date-time", + "description": "The cluster query start time", + "readOnly": true + }, + "clusterQueryEndTime": { + "type": "string", + "format": "date-time", + "description": "The cluster query end time", + "readOnly": true + }, + "clusterGroup": { + "type": "string", + "description": "The cluster group", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "MailMessageEntity": { + "type": "object", + "description": "Represents a mail message entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailMessageEntityProperties", + "description": "Mail message entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "MailMessage" + }, + "MailMessageEntityProperties": { + "type": "object", + "description": "Mail message entity property bag.", + "properties": { + "fileEntityIds": { + "type": "array", + "description": "The File entity ids of this mail message's attachments", + "items": { + "type": "string" + }, + "readOnly": true + }, + "recipient": { + "type": "string", + "description": "The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient", + "readOnly": true + }, + "urls": { + "type": "array", + "description": "The Urls contained in this mail message", + "items": { + "type": "string" + }, + "readOnly": true + }, + "threats": { + "type": "array", + "description": "The threats of this mail message", + "items": { + "type": "string" + }, + "readOnly": true + }, + "p1Sender": { + "type": "string", + "description": "The p1 sender's email address", + "readOnly": true + }, + "p1SenderDisplayName": { + "type": "string", + "description": "The p1 sender's display name", + "readOnly": true + }, + "p1SenderDomain": { + "type": "string", + "description": "The p1 sender's domain", + "readOnly": true + }, + "senderIP": { + "type": "string", + "description": "The sender's IP address", + "readOnly": true + }, + "p2Sender": { + "type": "string", + "description": "The p2 sender's email address", + "readOnly": true + }, + "p2SenderDisplayName": { + "type": "string", + "description": "The p2 sender's display name", + "readOnly": true + }, + "p2SenderDomain": { + "type": "string", + "description": "The p2 sender's domain", + "readOnly": true + }, + "receiveDate": { + "type": "string", + "format": "date-time", + "description": "The receive date of this message", + "readOnly": true + }, + "networkMessageId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The network message id of this mail message", + "readOnly": true + }, + "internetMessageId": { + "type": "string", + "description": "The internet message id of this mail message", + "readOnly": true + }, + "subject": { + "type": "string", + "description": "The subject of this mail message", + "readOnly": true + }, + "language": { + "type": "string", + "description": "The language of this mail message", + "readOnly": true + }, + "threatDetectionMethods": { + "type": "array", + "description": "The threat detection methods", + "items": { + "type": "string" + }, + "readOnly": true + }, + "bodyFingerprintBin1": { + "type": "integer", + "format": "int32", + "description": "The bodyFingerprintBin1" + }, + "bodyFingerprintBin2": { + "type": "integer", + "format": "int32", + "description": "The bodyFingerprintBin2" + }, + "bodyFingerprintBin3": { + "type": "integer", + "format": "int32", + "description": "The bodyFingerprintBin3" + }, + "bodyFingerprintBin4": { + "type": "integer", + "format": "int32", + "description": "The bodyFingerprintBin4" + }, + "bodyFingerprintBin5": { + "type": "integer", + "format": "int32", + "description": "The bodyFingerprintBin5" + }, + "antispamDirection": { + "$ref": "#/definitions/AntispamMailDirection", + "description": "The directionality of this mail message" + }, + "deliveryAction": { + "$ref": "#/definitions/DeliveryAction", + "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc" + }, + "deliveryLocation": { + "$ref": "#/definitions/DeliveryLocation", + "description": "The delivery location of this mail message like Inbox, JunkFolder etc" + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "MailboxEntity": { + "type": "object", + "description": "Represents a mailbox entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailboxEntityProperties", + "description": "Mailbox entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Mailbox" + }, + "MailboxEntityProperties": { + "type": "object", + "description": "Mailbox entity property bag.", + "properties": { + "mailboxPrimaryAddress": { + "type": "string", + "description": "The mailbox's primary address", + "readOnly": true + }, + "displayName": { + "type": "string", + "description": "The mailbox's display name", + "readOnly": true + }, + "upn": { + "type": "string", + "description": "The mailbox's UPN", + "readOnly": true + }, + "externalDirectoryObjectId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "MalwareEntity": { + "type": "object", + "description": "Represents a malware entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MalwareEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Malware" + }, + "MalwareEntityProperties": { + "type": "object", + "description": "Malware entity property bag.", + "properties": { + "category": { + "type": "string", + "description": "The malware category by the vendor, e.g. Trojan", + "readOnly": true + }, + "fileEntityIds": { + "type": "array", + "description": "List of linked file entity identifiers on which the malware was found", + "items": { + "type": "string" + }, + "readOnly": true + }, + "malwareName": { + "type": "string", + "description": "The malware name by the vendor, e.g. Win32/Toga!rfn", + "readOnly": true + }, + "processEntityIds": { + "type": "array", + "description": "List of linked process entity identifiers on which the malware was found.", + "items": { + "type": "string" + }, + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "ManualTriggerRequestBody": { + "type": "object", + "properties": { + "tenantId": { + "$ref": "#/definitions/Azure.Core.uuid" + }, + "logicAppsResourceId": { + "type": "string", + "format": "arm-id", + "description": "Related Analytic rule resource id", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "type": "Microsoft.Logic/workflows" + }, + { + "type": "Microsoft.Web/sites" + } + ] + } + } + }, + "required": [ + "logicAppsResourceId" + ] + }, + "MatchingMethod": { + "type": "string", + "description": "Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.", + "enum": [ + "AllEntities", + "AnyAlert", + "Selected" + ], + "x-ms-enum": { + "name": "MatchingMethod", + "modelAsString": true, + "values": [ + { + "name": "AllEntities", + "value": "AllEntities", + "description": "Grouping alerts into a single incident if all the entities match" + }, + { + "name": "AnyAlert", + "value": "AnyAlert", + "description": "Grouping any alerts triggered by this rule into a single incident" + }, + { + "name": "Selected", + "value": "Selected", + "description": "Grouping alerts into a single incident if the selected entities, custom details and alert details match" + } + ] + } + }, + "MetadataDependencyOperator": { + "type": "string", + "description": "Operator used for list of dependencies in criteria array.", + "enum": [ + "AND", + "OR" + ], + "x-ms-enum": { + "name": "MetadataDependencyOperator", + "modelAsString": true, + "values": [ + { + "name": "AND", + "value": "AND", + "description": "AND" + }, + { + "name": "OR", + "value": "OR", + "description": "OR" + } + ] + } + }, + "MetadataList": { + "type": "object", + "description": "List of all the metadata.", + "properties": { + "value": { + "type": "array", + "description": "The MetadataModel items on this page", + "items": { + "$ref": "#/definitions/MetadataModel" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "MetadataModel": { + "type": "object", + "description": "Metadata resource definition.", + "properties": { + "properties": { + "$ref": "#/definitions/metadataProperties", + "description": "Metadata properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "MicrosoftPurviewInformationProtectionCheckRequirements": { + "type": "object", + "description": "Represents MicrosoftPurviewInformationProtection requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionCheckRequirementsProperties", + "description": "MicrosoftPurviewInformationProtection requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "MicrosoftPurviewInformationProtection" + }, + "MicrosoftPurviewInformationProtectionCheckRequirementsProperties": { + "type": "object", + "description": "MicrosoftPurviewInformationProtection requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MicrosoftPurviewInformationProtectionConnectorDataTypes": { + "type": "object", + "description": "The available data types for Microsoft Purview Information Protection data connector.", + "properties": { + "logs": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionConnectorDataTypesLogs", + "description": "Logs data type." + } + }, + "required": [ + "logs" + ] + }, + "MicrosoftPurviewInformationProtectionConnectorDataTypesLogs": { + "type": "object", + "description": "Logs data type.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "MicrosoftPurviewInformationProtectionDataConnector": { + "type": "object", + "description": "Represents Microsoft Purview Information Protection data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionDataConnectorProperties", + "description": "Microsoft Purview Information Protection data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "MicrosoftPurviewInformationProtection" + }, + "MicrosoftPurviewInformationProtectionDataConnectorProperties": { + "type": "object", + "description": "Microsoft Purview Information Protection data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MicrosoftSecurityIncidentCreationAlertRule": { + "type": "object", + "description": "Represents MicrosoftSecurityIncidentCreation rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", + "description": "MicrosoftSecurityIncidentCreation rule properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { + "type": "object", + "description": "MicrosoftSecurityIncidentCreation rule common property bag.", + "properties": { + "displayNamesFilter": { + "type": "array", + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + } + }, + "displayNamesExcludeFilter": { + "type": "array", + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + } + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "type": "array", + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "#/definitions/AlertSeverity" + } + } + }, + "required": [ + "productFilter" + ] + }, + "MicrosoftSecurityIncidentCreationAlertRuleProperties": { + "type": "object", + "description": "MicrosoftSecurityIncidentCreation rule property bag.", + "properties": { + "alertRuleTemplateName": { + "type": "string", + "description": "The Name of the alert rule template used to create this rule." + }, + "description": { + "type": "string", + "description": "The description of the alert rule." + }, + "displayName": { + "type": "string", + "description": "The display name for alerts created by this alert rule." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert has been modified.", + "readOnly": true + } + }, + "required": [ + "displayName", + "enabled" + ], + "allOf": [ + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ] + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { + "type": "object", + "description": "Represents MicrosoftSecurityIncidentCreation rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": { + "type": "object", + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "properties": { + "displayNamesFilter": { + "type": "array", + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + } + }, + "displayNamesExcludeFilter": { + "type": "array", + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + } + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "type": "array", + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "#/definitions/AlertSeverity" + } + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ] + }, + "MicrosoftSecurityProductName": { + "type": "string", + "description": "The alerts' productName on which the cases will be generated", + "enum": [ + "Microsoft Cloud App Security", + "Azure Security Center", + "Azure Advanced Threat Protection", + "Azure Active Directory Identity Protection", + "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", + "Microsoft Defender Advanced Threat Protection" + ], + "x-ms-enum": { + "name": "MicrosoftSecurityProductName", + "modelAsString": true, + "values": [ + { + "name": "Microsoft Cloud App Security", + "value": "Microsoft Cloud App Security", + "description": "Microsoft Cloud App Security" + }, + { + "name": "Azure Security Center", + "value": "Azure Security Center", + "description": "Azure Security Center" + }, + { + "name": "Azure Advanced Threat Protection", + "value": "Azure Advanced Threat Protection", + "description": "Azure Advanced Threat Protection" + }, + { + "name": "Azure Active Directory Identity Protection", + "value": "Azure Active Directory Identity Protection", + "description": "Azure Active Directory Identity Protection" + }, + { + "name": "Azure Security Center for IoT", + "value": "Azure Security Center for IoT", + "description": "Azure Security Center for IoT" + }, + { + "name": "Office 365 Advanced Threat Protection", + "value": "Office 365 Advanced Threat Protection", + "description": "Office 365 Advanced Threat Protection" + }, + { + "name": "Microsoft Defender Advanced Threat Protection", + "value": "Microsoft Defender Advanced Threat Protection", + "description": "Microsoft Defender Advanced Threat Protection" + } + ] + } + }, + "Mode": { + "type": "string", + "description": "The current mode of the workspace manager configuration", + "enum": [ + "Enabled", + "Disabled" + ], + "x-ms-enum": { + "name": "Mode", + "modelAsString": true, + "values": [ + { + "name": "Enabled", + "value": "Enabled", + "description": "The workspace manager configuration is enabled" + }, + { + "name": "Disabled", + "value": "Disabled", + "description": "The workspace manager configuration is disabled" + } + ] + } + }, + "MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed": { + "type": "object", + "description": "Data type for Microsoft Threat Intelligence Platforms data connector.", + "properties": { + "lookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the feed to be imported." + } + }, + "required": [ + "lookbackPeriod" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "MtpCheckRequirements": { + "type": "object", + "description": "Represents MTP (Microsoft Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPCheckRequirementsProperties", + "description": "MTP (Microsoft Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MtpFilteredProviders": { + "type": "object", + "description": "Represents the connector's Filtered providers", + "properties": { + "alerts": { + "type": "array", + "description": "Alerts filtered providers. When filters are not applied, all alerts will stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which are in GA state.", + "items": { + "$ref": "#/definitions/MtpProvider" + } + } + }, + "required": [ + "alerts" + ] + }, + "MtpProvider": { + "type": "string", + "description": "The available data providers.", + "enum": [ + "microsoftDefenderForCloudApps", + "microsoftDefenderForIdentity" + ], + "x-ms-enum": { + "name": "MtpProvider", + "modelAsString": true, + "values": [ + { + "name": "microsoftDefenderForCloudApps", + "value": "microsoftDefenderForCloudApps", + "description": "microsoftDefenderForCloudApps" + }, + { + "name": "microsoftDefenderForIdentity", + "value": "microsoftDefenderForIdentity", + "description": "microsoftDefenderForIdentity" + } + ] + } + }, + "NicEntity": { + "type": "object", + "description": "Represents an network interface entity.", + "properties": { + "properties": { + "$ref": "#/definitions/NicEntityProperties", + "description": "Network interface entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Nic" + }, + "NicEntityProperties": { + "type": "object", + "description": "Nic entity property bag.", + "properties": { + "macAddress": { + "type": "string", + "description": "The MAC address of this network interface", + "readOnly": true + }, + "ipAddressEntityId": { + "type": "string", + "description": "The IP entity id of this network interface", + "readOnly": true + }, + "vlans": { + "type": "array", + "description": "A list of VLANs of the network interface entity.", + "items": { + "type": "string" + }, + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "NoneAuthModel": { + "type": "object", + "description": "Model for API authentication with no authentication method - public API.", + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "None" + }, + "NrtAlertRule": { + "type": "object", + "description": "Represents NRT alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/NrtAlertRuleProperties", + "description": "NRT alert rule properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "x-ms-discriminator-value": "NRT" + }, + "NrtAlertRuleProperties": { + "type": "object", + "description": "Nrt alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "type": "string", + "description": "The Name of the alert rule template used to create this rule." + }, + "templateVersion": { + "type": "string", + "description": "The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2>" + }, + "description": { + "type": "string", + "description": "The description of the alert rule." + }, + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + } + }, + "subTechniques": { + "type": "array", + "description": "The sub-techniques of the alert rule", + "items": { + "type": "string" + } + }, + "displayName": { + "type": "string", + "description": "The display name for alerts created by this alert rule." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert rule has been modified.", + "readOnly": true + }, + "suppressionDuration": { + "type": "string", + "format": "duration", + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered." + }, + "suppressionEnabled": { + "type": "boolean", + "description": "Determines whether the suppression for this alert rule is enabled or disabled." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + }, + "customDetails": { + "type": "object", + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "type": "array", + "description": "Array of the entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/EntityMapping" + } + }, + "alertDetailsOverride": { + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "sentinelEntitiesMappings": { + "type": "array", + "description": "Array of the sentinel entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/SentinelEntityMapping" + } + } + }, + "required": [ + "query", + "displayName", + "enabled", + "suppressionDuration", + "suppressionEnabled", + "severity" + ] + }, + "NrtAlertRuleTemplate": { + "type": "object", + "description": "Represents NRT alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/NrtAlertRuleTemplateProperties", + "description": "NRT alert rule template properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "x-ms-discriminator-value": "NRT" + }, + "NrtAlertRuleTemplateProperties": { + "type": "object", + "description": "NRT alert rule template properties", + "properties": { + "tactics": { + "type": "array", + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + } + }, + "alertRulesCreatedByTemplateCount": { + "type": "integer", + "format": "int32", + "description": "The number of alert rules that were created by this template" + }, + "lastUpdatedDateUTC": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert rule template has been updated.", + "readOnly": true + }, + "createdDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template has been added.", + "readOnly": true + }, + "description": { + "type": "string", + "description": "The description of the alert rule template." + }, + "displayName": { + "type": "string", + "description": "The display name for alert rule template." + }, + "requiredDataConnectors": { + "type": "array", + "description": "The required data sources for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ] + }, + "status": { + "$ref": "#/definitions/TemplateStatus", + "description": "The alert rule template status." + }, + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "version": { + "type": "string", + "description": "The version of this template - in format , where all are numbers. For example <1.0.2>." + }, + "customDetails": { + "type": "object", + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "type": "array", + "description": "Array of the entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/EntityMapping" + } + }, + "alertDetailsOverride": { + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "sentinelEntitiesMappings": { + "type": "array", + "description": "Array of the sentinel entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/SentinelEntityMapping" + } + } + } + }, + "OAuthModel": { + "type": "object", + "description": "Model for API authentication with OAuth2.", + "properties": { + "authorizationCode": { + "type": "string", + "format": "password", + "description": "The user's authorization code.", + "x-ms-secret": true + }, + "clientSecret": { + "type": "string", + "format": "password", + "description": "The Application (client) secret that the OAuth provider assigned to your app.", + "x-ms-secret": true + }, + "clientId": { + "type": "string", + "description": "The Application (client) ID that the OAuth provider assigned to your app." + }, + "isCredentialsInHeaders": { + "type": "boolean", + "description": "Indicating whether we want to send the clientId and clientSecret to token endpoint in the headers.", + "default": false, + "x-nullable": true + }, + "scope": { + "type": "string", + "description": "The Application (client) Scope that the OAuth provider assigned to your app." + }, + "redirectUri": { + "type": "string", + "format": "uri", + "description": "The Application redirect url that the user config in the OAuth provider." + }, + "grantType": { + "type": "string", + "description": "The grant type, usually will be 'authorization code'." + }, + "tokenEndpoint": { + "type": "string", + "description": "The token endpoint. Defines the OAuth2 refresh token." + }, + "tokenEndpointHeaders": { + "type": "object", + "description": "The token endpoint headers.", + "additionalProperties": { + "type": "string" + } + }, + "tokenEndpointQueryParameters": { + "type": "object", + "description": "The token endpoint query parameters.", + "additionalProperties": { + "type": "string" + } + }, + "authorizationEndpoint": { + "type": "string", + "description": "The authorization endpoint." + }, + "authorizationEndpointHeaders": { + "type": "object", + "description": "The authorization endpoint headers.", + "additionalProperties": { + "type": "string" + } + }, + "authorizationEndpointQueryParameters": { + "type": "object", + "description": "The authorization endpoint query parameters.", + "additionalProperties": { + "type": "string" + } + }, + "isJwtBearerFlow": { + "type": "boolean", + "description": "A value indicating whether it's a JWT flow." + }, + "accessTokenPrepend": { + "type": "string", + "description": "Access token prepend. Default is 'Bearer'." + } + }, + "required": [ + "clientSecret", + "clientId", + "grantType", + "tokenEndpoint" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "OAuth2" + }, + "OSFamily": { + "type": "string", + "description": "The operating system type.", + "enum": [ + "Linux", + "Windows", + "Android", + "IOS", + "Unknown" + ], + "x-ms-enum": { + "name": "OSFamily", + "modelAsString": false, + "values": [ + { + "name": "Linux", + "value": "Linux", + "description": "Host with Linux operating system." + }, + { + "name": "Windows", + "value": "Windows", + "description": "Host with Windows operating system." + }, + { + "name": "Android", + "value": "Android", + "description": "Host with Android operating system." + }, + { + "name": "IOS", + "value": "IOS", + "description": "Host with IOS operating system." + }, + { + "name": "Unknown", + "value": "Unknown", + "description": "Host with Unknown operating system." + } + ] + } + }, + "Office365ProjectCheckRequirements": { + "type": "object", + "description": "Represents Office365 Project requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/Office365ProjectCheckRequirementsProperties", + "description": "Office365 Project requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "Office365Project" + }, + "Office365ProjectCheckRequirementsProperties": { + "type": "object", + "description": "Office365 Project requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "Office365ProjectConnectorDataTypes": { + "type": "object", + "description": "The available data types for Office Microsoft Project data connector.", + "properties": { + "logs": { + "$ref": "#/definitions/Office365ProjectConnectorDataTypesLogs", + "description": "Logs data type." + } + }, + "required": [ + "logs" + ] + }, + "Office365ProjectConnectorDataTypesLogs": { + "type": "object", + "description": "Logs data type.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "Office365ProjectDataConnector": { + "type": "object", + "description": "Represents Office Microsoft Project data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/Office365ProjectDataConnectorProperties", + "description": "Office Microsoft Project data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "Office365Project" + }, + "Office365ProjectDataConnectorProperties": { + "type": "object", + "description": "Office Microsoft Project data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/Office365ProjectConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "OfficeATPCheckRequirements": { + "type": "object", + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPCheckRequirementsProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPCheckRequirementsProperties": { + "type": "object", + "description": "OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "OfficeATPDataConnector": { + "type": "object", + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPDataConnectorProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPDataConnectorProperties": { + "type": "object", + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "required": [ + "tenantId" + ] + }, + "OfficeConsent": { + "type": "object", + "description": "Consent for Office365 tenant that already made.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeConsentProperties", + "description": "Office consent properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "OfficeConsentList": { + "type": "object", + "description": "List of all the office365 consents.", + "properties": { + "value": { + "type": "array", + "description": "The OfficeConsent items on this page", + "items": { + "$ref": "#/definitions/OfficeConsent" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "OfficeConsentProperties": { + "type": "object", + "description": "Consent property bag.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenantId of the Office365 with the consent." + }, + "consentId": { + "type": "string", + "description": "Help to easily cascade among the data layers." + } + } + }, + "OfficeDataConnector": { + "type": "object", + "description": "Represents office data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeDataConnectorProperties", + "description": "Office data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "Office365" + }, + "OfficeDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for office data connector.", + "properties": { + "exchange": { + "$ref": "#/definitions/OfficeDataConnectorDataTypesExchange", + "description": "Exchange data type connection." + }, + "sharePoint": { + "$ref": "#/definitions/OfficeDataConnectorDataTypesSharePoint", + "description": "SharePoint data type connection." + }, + "teams": { + "$ref": "#/definitions/OfficeDataConnectorDataTypesTeams", + "description": "Teams data type connection." + } + }, + "required": [ + "exchange", + "sharePoint", + "teams" + ] + }, + "OfficeDataConnectorDataTypesExchange": { + "type": "object", + "description": "Exchange data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "OfficeDataConnectorDataTypesSharePoint": { + "type": "object", + "description": "SharePoint data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "OfficeDataConnectorDataTypesTeams": { + "type": "object", + "description": "Teams data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "OfficeDataConnectorProperties": { + "type": "object", + "description": "Office data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficeDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "OfficeIRMCheckRequirements": { + "type": "object", + "description": "Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeIRMCheckRequirementsProperties", + "description": "OfficeIRM (Microsoft Insider Risk Management) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "OfficeIRM" + }, + "OfficeIRMCheckRequirementsProperties": { + "type": "object", + "description": "OfficeIRM (Microsoft Insider Risk Management) requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "OfficeIRMDataConnector": { + "type": "object", + "description": "Represents OfficeIRM (Microsoft Insider Risk Management) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeIRMDataConnectorProperties", + "description": "OfficeIRM (Microsoft Insider Risk Management) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "OfficeIRM" + }, + "OfficeIRMDataConnectorProperties": { + "type": "object", + "description": "OfficeIRM (Microsoft Insider Risk Management) data connector properties.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "required": [ + "tenantId" + ] + }, + "OfficePowerBICheckRequirements": { + "type": "object", + "description": "Represents Office PowerBI requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficePowerBICheckRequirementsProperties", + "description": "Office Power BI requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "OfficePowerBI" + }, + "OfficePowerBICheckRequirementsProperties": { + "type": "object", + "description": "Office PowerBI requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "OfficePowerBIConnectorDataTypes": { + "type": "object", + "description": "The available data types for Office Microsoft PowerBI data connector.", + "properties": { + "logs": { + "$ref": "#/definitions/OfficePowerBIConnectorDataTypesLogs", + "description": "Logs data type." + } + }, + "required": [ + "logs" + ] + }, + "OfficePowerBIConnectorDataTypesLogs": { + "type": "object", + "description": "Logs data type.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "OfficePowerBIDataConnector": { + "type": "object", + "description": "Represents Office Microsoft PowerBI data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficePowerBIDataConnectorProperties", + "description": "Office Microsoft PowerBI data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "OfficePowerBI" + }, + "OfficePowerBIDataConnectorProperties": { + "type": "object", + "description": "Office Microsoft PowerBI data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficePowerBIConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "Operation": { + "type": "object", + "description": "Operation provided by provider", + "properties": { + "display": { + "$ref": "#/definitions/OperationDisplay", + "description": "Properties of the operation" + }, + "name": { + "type": "string", + "description": "Name of the operation" + }, + "origin": { + "type": "string", + "description": "The origin of the operation" + }, + "isDataAction": { + "type": "boolean", + "description": "Indicates whether the operation is a data action" + } + } + }, + "OperationDisplay": { + "type": "object", + "description": "Properties of the operation", + "properties": { + "description": { + "type": "string", + "description": "Description of the operation" + }, + "operation": { + "type": "string", + "description": "Operation name" + }, + "provider": { + "type": "string", + "description": "Provider name" + }, + "resource": { + "type": "string", + "description": "Resource name" + } + } + }, + "OperationsList": { + "type": "object", + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "type": "string", + "description": "URL to fetch the next set of operations.", + "readOnly": true + }, + "value": { + "type": "array", + "description": "Array of operations", + "items": { + "$ref": "#/definitions/Operation" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ] + }, + "Operator": { + "type": "string", + "description": "Represents an operator in a ConditionClause.", + "enum": [ + "Equals", + "NotEquals", + "LessThan", + "LessThanEqual", + "GreaterThan", + "GreaterThanEqual", + "StringContains", + "StringNotContains", + "StringStartsWith", + "StringNotStartsWith", + "StringEndsWith", + "StringNotEndsWith", + "StringIsEmpty", + "IsNull", + "IsTrue", + "IsFalse", + "ArrayContains", + "ArrayNotContains", + "OnOrAfterRelative", + "AfterRelative", + "OnOrBeforeRelative", + "BeforeRelative", + "OnOrAfterAbsolute", + "AfterAbsolute", + "OnOrBeforeAbsolute", + "BeforeAbsolute" + ], + "x-ms-enum": { + "name": "Operator", + "modelAsString": true, + "values": [ + { + "name": "Equals", + "value": "Equals", + "description": "Equals" + }, + { + "name": "NotEquals", + "value": "NotEquals", + "description": "NotEquals" + }, + { + "name": "LessThan", + "value": "LessThan", + "description": "LessThan" + }, + { + "name": "LessThanEqual", + "value": "LessThanEqual", + "description": "LessThanEqual" + }, + { + "name": "GreaterThan", + "value": "GreaterThan", + "description": "GreaterThan" + }, + { + "name": "GreaterThanEqual", + "value": "GreaterThanEqual", + "description": "GreaterThanEqual" + }, + { + "name": "StringContains", + "value": "StringContains", + "description": "StringContains" + }, + { + "name": "StringNotContains", + "value": "StringNotContains", + "description": "StringNotContains" + }, + { + "name": "StringStartsWith", + "value": "StringStartsWith", + "description": "StringStartsWith" + }, + { + "name": "StringNotStartsWith", + "value": "StringNotStartsWith", + "description": "StringNotStartsWith" + }, + { + "name": "StringEndsWith", + "value": "StringEndsWith", + "description": "StringEndsWith" + }, + { + "name": "StringNotEndsWith", + "value": "StringNotEndsWith", + "description": "StringNotEndsWith" + }, + { + "name": "StringIsEmpty", + "value": "StringIsEmpty", + "description": "StringIsEmpty" + }, + { + "name": "IsNull", + "value": "IsNull", + "description": "IsNull" + }, + { + "name": "IsTrue", + "value": "IsTrue", + "description": "IsTrue" + }, + { + "name": "IsFalse", + "value": "IsFalse", + "description": "IsFalse" + }, + { + "name": "ArrayContains", + "value": "ArrayContains", + "description": "ArrayContains" + }, + { + "name": "ArrayNotContains", + "value": "ArrayNotContains", + "description": "ArrayNotContains" + }, + { + "name": "OnOrAfterRelative", + "value": "OnOrAfterRelative", + "description": "OnOrAfterRelative" + }, + { + "name": "AfterRelative", + "value": "AfterRelative", + "description": "AfterRelative" + }, + { + "name": "OnOrBeforeRelative", + "value": "OnOrBeforeRelative", + "description": "OnOrBeforeRelative" + }, + { + "name": "BeforeRelative", + "value": "BeforeRelative", + "description": "BeforeRelative" + }, + { + "name": "OnOrAfterAbsolute", + "value": "OnOrAfterAbsolute", + "description": "OnOrAfterAbsolute" + }, + { + "name": "AfterAbsolute", + "value": "AfterAbsolute", + "description": "AfterAbsolute" + }, + { + "name": "OnOrBeforeAbsolute", + "value": "OnOrBeforeAbsolute", + "description": "OnOrBeforeAbsolute" + }, + { + "name": "BeforeAbsolute", + "value": "BeforeAbsolute", + "description": "BeforeAbsolute" + } + ] + } + }, + "OracleAuthModel": { + "type": "object", + "description": "Model for API authentication for Oracle.", + "properties": { + "tenantId": { + "type": "string", + "description": "Oracle tenant ID" + }, + "userId": { + "type": "string", + "description": "Oracle user ID" + }, + "publicFingerprint": { + "type": "string", + "description": "Public Fingerprint" + }, + "pemFile": { + "type": "string", + "description": "Content of the PRM file" + } + }, + "required": [ + "tenantId", + "userId", + "publicFingerprint", + "pemFile" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "Oracle" + }, + "OwnerType": { + "type": "string", + "description": "The type of the owner the hunt is assigned to.", + "enum": [ + "Unknown", + "User", + "Group" + ], + "x-ms-enum": { + "name": "OwnerType", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "The hunt owner type is unknown" + }, + { + "name": "User", + "value": "User", + "description": "The hunt owner type is an AAD user" + }, + { + "name": "Group", + "value": "Group", + "description": "The hunt owner type is an AAD group" + } + ] + } + }, + "PackageKind": { + "type": "string", + "description": "The package kind", + "enum": [ + "Solution", + "Standalone" + ], + "x-ms-enum": { + "name": "PackageKind", + "modelAsString": true, + "values": [ + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + } + ] + } + }, + "PermissionProviderScope": { + "type": "string", + "description": "Permission provider scope", + "enum": [ + "ResourceGroup", + "Subscription", + "Workspace" + ], + "x-ms-enum": { + "name": "PermissionProviderScope", + "modelAsString": true, + "values": [ + { + "name": "ResourceGroup", + "value": "ResourceGroup", + "description": "ResourceGroup" + }, + { + "name": "Subscription", + "value": "Subscription", + "description": "Subscription" + }, + { + "name": "Workspace", + "value": "Workspace", + "description": "Workspace" + } + ] + } + }, + "Permissions": { + "type": "object", + "description": "Permissions required for the connector", + "properties": { + "resourceProvider": { + "type": "array", + "description": "Resource provider permissions required for the connector", + "items": { + "$ref": "#/definitions/PermissionsResourceProviderItem" + }, + "x-ms-identifiers": [] + }, + "customs": { + "type": "array", + "description": "Customs permissions required for the connector", + "items": { + "$ref": "#/definitions/PermissionsCustomsItem" + }, + "x-ms-identifiers": [] + } + } + }, + "PermissionsCustomsItem": { + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/Customs" + } + ] + }, + "PermissionsResourceProviderItem": { + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ResourceProvider" + } + ] + }, + "PlaybookActionProperties": { + "type": "object", + "properties": { + "logicAppResourceId": { + "type": "string", + "format": "arm-id", + "description": "The resource id of the playbook resource.", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "type": "Microsoft.Logic/workflows" + }, + { + "type": "Microsoft.Web/sites" + } + ] + } + }, + "tenantId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The tenant id of the playbook resource." + } + }, + "required": [ + "logicAppResourceId" + ] + }, + "PollingFrequency": { + "type": "string", + "description": "The polling frequency for the TAXII server.", + "enum": [ + "OnceAMinute", + "OnceAnHour", + "OnceADay" + ], + "x-ms-enum": { + "name": "PollingFrequency", + "modelAsString": true, + "values": [ + { + "name": "OnceAMinute", + "value": "OnceAMinute", + "description": "Once a minute" + }, + { + "name": "OnceAnHour", + "value": "OnceAnHour", + "description": "Once an hour" + }, + { + "name": "OnceADay", + "value": "OnceADay", + "description": "Once a day" + } + ] + } + }, + "PremiumMdtiDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Microsoft Defender for Threat Intelligence Premium data connector.", + "properties": { + "connector": { + "$ref": "#/definitions/PremiumMdtiDataConnectorDataTypesConnector", + "description": "Data type for Microsoft Defender for Threat Intelligence Premium data connector." + } + }, + "required": [ + "connector" + ] + }, + "PremiumMdtiDataConnectorDataTypesConnector": { + "type": "object", + "description": "Data type for Microsoft Defender for Threat Intelligence Premium data connector.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "PremiumMdtiDataConnectorProperties": { + "type": "object", + "description": "Microsoft Defender for Threat Intelligence Premium data connector properties.", + "properties": { + "lookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the feed to be imported. The date-time to begin importing the feed from, for example: 2024-01-01T00:00:00.000Z." + }, + "requiredSKUsPresent": { + "type": "boolean", + "description": "The flag to indicate whether the tenant has the premium SKU required to access this connector." + }, + "dataTypes": { + "$ref": "#/definitions/PremiumMdtiDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "lookbackPeriod", + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "PremiumMicrosoftDefenderForThreatIntelligence": { + "type": "object", + "description": "Represents Microsoft Defender for Threat Intelligence Premium data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/PremiumMdtiDataConnectorProperties", + "description": "Microsoft Defender for Threat Intelligence Premium data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "PremiumMicrosoftDefenderForThreatIntelligence" + }, + "ProcessEntity": { + "type": "object", + "description": "Represents a process entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ProcessEntityProperties", + "description": "Process entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Process" + }, + "ProcessEntityProperties": { + "type": "object", + "description": "Process entity property bag.", + "properties": { + "accountEntityId": { + "type": "string", + "description": "The account entity id running the processes.", + "readOnly": true + }, + "commandLine": { + "type": "string", + "description": "The command line used to create the process", + "readOnly": true + }, + "creationTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time when the process started to run", + "readOnly": true + }, + "elevationToken": { + "$ref": "#/definitions/ElevationToken", + "description": "The elevation token associated with the process." + }, + "hostEntityId": { + "type": "string", + "description": "The host entity id on which the process was running", + "readOnly": true + }, + "hostLogonSessionEntityId": { + "type": "string", + "description": "The session entity id in which the process was running", + "readOnly": true + }, + "imageFileEntityId": { + "type": "string", + "description": "Image file entity id", + "readOnly": true + }, + "parentProcessEntityId": { + "type": "string", + "description": "The parent process entity id.", + "readOnly": true + }, + "processId": { + "type": "string", + "description": "The process ID", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "PropertyArrayChangedConditionProperties": { + "type": "object", + "description": "Describes an automation rule condition that evaluates an array property's value change", + "properties": { + "conditionProperties": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedValuesCondition" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "x-ms-discriminator-value": "PropertyArrayChanged" + }, + "PropertyArrayConditionProperties": { + "type": "object", + "description": "Describes an automation rule condition that evaluates an array property's value", + "properties": { + "conditionProperties": { + "$ref": "#/definitions/AutomationRulePropertyArrayValuesCondition" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "x-ms-discriminator-value": "PropertyArray" + }, + "PropertyChangedConditionProperties": { + "type": "object", + "description": "Describes an automation rule condition that evaluates a property's value change", + "properties": { + "conditionProperties": { + "$ref": "#/definitions/AutomationRulePropertyValuesChangedCondition" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "x-ms-discriminator-value": "PropertyChanged" + }, + "PropertyConditionProperties": { + "type": "object", + "description": "Describes an automation rule condition that evaluates a property's value", + "properties": { + "conditionProperties": { + "$ref": "#/definitions/AutomationRulePropertyValuesCondition" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "x-ms-discriminator-value": "Property" + }, + "ProviderName": { + "type": "string", + "description": "Provider name", + "enum": [ + "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", + "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", + "Microsoft.Authorization/policyAssignments" + ], + "x-ms-enum": { + "name": "ProviderName", + "modelAsString": true, + "values": [ + { + "name": "Microsoft.OperationalInsights/solutions", + "value": "Microsoft.OperationalInsights/solutions", + "description": "Microsoft.OperationalInsights/solutions" + }, + { + "name": "Microsoft.OperationalInsights/workspaces", + "value": "Microsoft.OperationalInsights/workspaces", + "description": "Microsoft.OperationalInsights/workspaces" + }, + { + "name": "Microsoft.OperationalInsights/workspaces/datasources", + "value": "Microsoft.OperationalInsights/workspaces/datasources", + "description": "Microsoft.OperationalInsights/workspaces/datasources" + }, + { + "name": "microsoft.aadiam/diagnosticSettings", + "value": "microsoft.aadiam/diagnosticSettings", + "description": "microsoft.aadiam/diagnosticSettings" + }, + { + "name": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "value": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "description": "Microsoft.OperationalInsights/workspaces/sharedKeys" + }, + { + "name": "Microsoft.Authorization/policyAssignments", + "value": "Microsoft.Authorization/policyAssignments", + "description": "Microsoft.Authorization/policyAssignments" + } + ] + } + }, + "ProviderPermissionsScope": { + "type": "string", + "description": "The scope on which the user should have permissions, in order to be able to create connections.", + "enum": [ + "Subscription", + "ResourceGroup", + "Workspace" + ], + "x-ms-enum": { + "name": "ProviderPermissionsScope", + "modelAsString": true, + "values": [ + { + "name": "Subscription", + "value": "Subscription", + "description": "Subscription" + }, + { + "name": "ResourceGroup", + "value": "ResourceGroup", + "description": "ResourceGroup" + }, + { + "name": "Workspace", + "value": "Workspace", + "description": "Workspace" + } + ] + } + }, + "ProvisioningState": { + "type": "string", + "description": "The triggered analytics rule run provisioning state", + "enum": [ + "Accepted", + "InProgress", + "Succeeded", + "Failed", + "Canceled" + ], + "x-ms-enum": { + "name": "ProvisioningState", + "modelAsString": true, + "values": [ + { + "name": "Accepted", + "value": "Accepted", + "description": "Accepted" + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "InProgress" + }, + { + "name": "Succeeded", + "value": "Succeeded", + "description": "Succeeded" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + }, + { + "name": "Canceled", + "value": "Canceled", + "description": "Canceled" + } + ] + } + }, + "PullRequest": { + "type": "object", + "description": "Information regarding pull request for protected branches.", + "properties": { + "url": { + "type": "string", + "description": "URL of pull request", + "readOnly": true + }, + "state": { + "$ref": "#/definitions/PullRequestState", + "description": "State of the pull request", + "readOnly": true + } + } + }, + "PullRequestState": { + "type": "string", + "description": "Status of the pull request.", + "enum": [ + "Open", + "Closed" + ], + "x-ms-enum": { + "name": "PullRequestState", + "modelAsString": true, + "values": [ + { + "name": "Open", + "value": "Open", + "description": "Open" + }, + { + "name": "Closed", + "value": "Closed", + "description": "Closed" + } + ] + } + }, + "PurviewAuditCheckRequirements": { + "type": "object", + "description": "Represents PurviewAudit requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/PurviewAuditCheckRequirementsProperties", + "description": "PurviewAudit requirements check properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "PurviewAudit" + }, + "PurviewAuditCheckRequirementsProperties": { + "type": "object", + "description": "PurviewAudit requirements check properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "PurviewAuditConnectorDataTypes": { + "type": "object", + "description": "The available data types for PurviewAudit data connector.", + "properties": { + "logs": { + "$ref": "#/definitions/PurviewAuditConnectorDataTypesLogs", + "description": "Logs data type." + } + }, + "required": [ + "logs" + ] + }, + "PurviewAuditConnectorDataTypesLogs": { + "type": "object", + "description": "Logs data type.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "PurviewAuditDataConnector": { + "type": "object", + "description": "Represents PurviewAudit data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/PurviewAuditDataConnectorProperties", + "description": "PurviewAudit data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "PurviewAudit" + }, + "PurviewAuditDataConnectorProperties": { + "type": "object", + "description": "PurviewAudit data connector properties.", + "properties": { + "connectorDefinitionName": { + "type": "string", + "description": "The connector definition name (the dataConnectorDefinition resource id)." + }, + "sourceType": { + "type": "string", + "description": "The source type indicates which kind of data is relevant for this connector." + }, + "dcrConfig": { + "$ref": "#/definitions/DCRConfiguration", + "description": "The DCR related properties." + }, + "dataTypes": { + "$ref": "#/definitions/PurviewAuditConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "Query": { + "type": "object", + "description": "Represents a query to run on the TI objects in the workspace.", + "properties": { + "condition": { + "$ref": "#/definitions/QueryCondition", + "description": "Represents a condition used to query for TI objects." + }, + "sortBy": { + "$ref": "#/definitions/QuerySortBy", + "description": "Specifies how to sort the query results." + }, + "maxPageSize": { + "type": "integer", + "format": "int32", + "description": "Represents the maximum size of the page that will be returned from the query API." + }, + "minPageSize": { + "type": "integer", + "format": "int32", + "description": "Represents the minimum size of the page that will be returned from the query API." + } + } + }, + "QueryBasedAlertRuleTemplateProperties": { + "type": "object", + "description": "Query based alert rule template base property bag.", + "properties": { + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "version": { + "type": "string", + "description": "The version of this template - in format , where all are numbers. For example <1.0.2>." + }, + "customDetails": { + "type": "object", + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "type": "array", + "description": "Array of the entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/EntityMapping" + } + }, + "alertDetailsOverride": { + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "sentinelEntitiesMappings": { + "type": "array", + "description": "Array of the sentinel entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/SentinelEntityMapping" + } + } + } + }, + "QueryCondition": { + "type": "object", + "description": "Represents a condition used to query for TI objects.", + "properties": { + "stixObjectType": { + "type": "string", + "description": "The STIX type for the objects returned by this query." + }, + "clauses": { + "type": "array", + "description": "The list of clauses to be evaluated in disjunction or conjunction base on the specified top level connective operator.", + "items": { + "$ref": "#/definitions/ConditionClause" + } + }, + "conditionConnective": { + "$ref": "#/definitions/Connective", + "description": "The top level connective operator for this condition." + } + }, + "required": [ + "clauses" + ] + }, + "QueryProperties": { + "type": "object", + "description": "Describes the query properties", + "properties": { + "condition": { + "$ref": "#/definitions/ConditionProperties", + "description": "Represents a condition used to query for TI objects." + } + } + }, + "QuerySortBy": { + "type": "object", + "description": "Specifies how to sort the query results.", + "properties": { + "direction": { + "$ref": "#/definitions/SortingDirection", + "description": "The direction to sort the results by." + }, + "field": { + "type": "string", + "description": "Represents the field to sort the results by." + } + } + }, + "Recommendation": { + "type": "object", + "description": "Recommendation object.", + "properties": { + "properties": { + "$ref": "#/definitions/RecommendationProperties", + "description": "Recommendation properties object.", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "RecommendationList": { + "type": "object", + "description": "A list of recommendations", + "properties": { + "value": { + "type": "array", + "description": "The Recommendation items on this page", + "items": { + "$ref": "#/definitions/Recommendation" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "RecommendationPatch": { + "type": "object", + "description": "Recommendation Fields to update.", + "properties": { + "properties": { + "$ref": "#/definitions/RecommendationPatchProperties", + "description": "Recommendation Fields Properties to update." + } + } + }, + "RecommendationPatchProperties": { + "type": "object", + "description": "Recommendation Fields Properties to update.", + "properties": { + "state": { + "$ref": "#/definitions/State", + "description": "State of the recommendation." + } + } + }, + "RecommendationProperties": { + "type": "object", + "description": "Recommendation properties object.", + "properties": { + "recommendationTypeId": { + "type": "string", + "description": "Id of the recommendation type." + }, + "state": { + "$ref": "#/definitions/State", + "description": "State of the recommendation." + }, + "title": { + "type": "string", + "description": "Title of the recommendation." + }, + "description": { + "type": "string", + "description": "Description of the recommendation." + }, + "creationTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time stamp (UTC) when the recommendation was created." + }, + "lastEvaluatedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time stamp (UTC) when the recommendation was last evaluated." + }, + "lastModifiedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time stamp (UTC) when the recommendation was last modified." + }, + "suggestions": { + "type": "array", + "description": "List of suggestions to take for this recommendation.", + "items": { + "$ref": "#/definitions/RecommendedSuggestion" + }, + "x-ms-identifiers": [] + }, + "resourceId": { + "type": "string", + "description": "Id of the resource this recommendation refers to.", + "x-nullable": true + }, + "additionalProperties": { + "type": "object", + "description": "Collection of additional properties for the recommendation.", + "x-nullable": true, + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "recommendationTypeId", + "state", + "title", + "description", + "creationTimeUtc", + "lastEvaluatedTimeUtc", + "lastModifiedTimeUtc", + "suggestions" + ] + }, + "RecommendedSuggestion": { + "type": "object", + "description": "What suggestions should be taken to complete the recommendation.", + "properties": { + "suggestionTypeId": { + "type": "string", + "description": "Id of the suggestion type." + }, + "title": { + "type": "string", + "description": "Title of the suggestion." + }, + "description": { + "type": "string", + "description": "Description of the suggestion." + }, + "action": { + "type": "string", + "description": "Action of the suggestion." + }, + "additionalProperties": { + "type": "object", + "description": "Collection of additional properties for the suggestion.", + "x-nullable": true, + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "suggestionTypeId", + "title", + "description", + "action" + ] + }, + "ReevaluateResponse": { + "type": "object", + "description": "Reevaluate response object.", + "properties": { + "lastEvaluatedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time stamp (UTC) when the recommendation was last evaluated." + } + } + }, + "RegistryHive": { + "type": "string", + "description": "the hive that holds the registry key.", + "enum": [ + "HKEY_LOCAL_MACHINE", + "HKEY_CLASSES_ROOT", + "HKEY_CURRENT_CONFIG", + "HKEY_USERS", + "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "HKEY_PERFORMANCE_DATA", + "HKEY_PERFORMANCE_NLSTEXT", + "HKEY_PERFORMANCE_TEXT", + "HKEY_A", + "HKEY_CURRENT_USER" + ], + "x-ms-enum": { + "name": "RegistryHive", + "modelAsString": true, + "values": [ + { + "name": "HKEY_LOCAL_MACHINE", + "value": "HKEY_LOCAL_MACHINE", + "description": "HKEY_LOCAL_MACHINE" + }, + { + "name": "HKEY_CLASSES_ROOT", + "value": "HKEY_CLASSES_ROOT", + "description": "HKEY_CLASSES_ROOT" + }, + { + "name": "HKEY_CURRENT_CONFIG", + "value": "HKEY_CURRENT_CONFIG", + "description": "HKEY_CURRENT_CONFIG" + }, + { + "name": "HKEY_USERS", + "value": "HKEY_USERS", + "description": "HKEY_USERS" + }, + { + "name": "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "description": "HKEY_CURRENT_USER_LOCAL_SETTINGS" + }, + { + "name": "HKEY_PERFORMANCE_DATA", + "value": "HKEY_PERFORMANCE_DATA", + "description": "HKEY_PERFORMANCE_DATA" + }, + { + "name": "HKEY_PERFORMANCE_NLSTEXT", + "value": "HKEY_PERFORMANCE_NLSTEXT", + "description": "HKEY_PERFORMANCE_NLSTEXT" + }, + { + "name": "HKEY_PERFORMANCE_TEXT", + "value": "HKEY_PERFORMANCE_TEXT", + "description": "HKEY_PERFORMANCE_TEXT" + }, + { + "name": "HKEY_A", + "value": "HKEY_A", + "description": "HKEY_A" + }, + { + "name": "HKEY_CURRENT_USER", + "value": "HKEY_CURRENT_USER", + "description": "HKEY_CURRENT_USER" + } + ] + } + }, + "RegistryKeyEntity": { + "type": "object", + "description": "Represents a registry key entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryKeyEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "RegistryKey" + }, + "RegistryKeyEntityProperties": { + "type": "object", + "description": "RegistryKey entity property bag.", + "properties": { + "hive": { + "$ref": "#/definitions/RegistryHive", + "description": "the hive that holds the registry key.", + "readOnly": true + }, + "key": { + "type": "string", + "description": "The registry key path.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "RegistryValueEntity": { + "type": "object", + "description": "Represents a registry value entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryValueEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "RegistryValue" + }, + "RegistryValueEntityProperties": { + "type": "object", + "description": "RegistryValue entity property bag.", + "properties": { + "keyEntityId": { + "type": "string", + "description": "The registry key entity id.", + "readOnly": true + }, + "valueData": { + "type": "string", + "description": "String formatted representation of the value data.", + "readOnly": true + }, + "valueName": { + "type": "string", + "description": "The registry value name.", + "readOnly": true + }, + "valueType": { + "$ref": "#/definitions/RegistryValueKind", + "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "RegistryValueKind": { + "type": "string", + "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", + "enum": [ + "None", + "Unknown", + "String", + "ExpandString", + "Binary", + "DWord", + "MultiString", + "QWord" + ], + "x-ms-enum": { + "name": "RegistryValueKind", + "modelAsString": true, + "values": [ + { + "name": "None", + "value": "None", + "description": "None" + }, + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown value type" + }, + { + "name": "String", + "value": "String", + "description": "String value type" + }, + { + "name": "ExpandString", + "value": "ExpandString", + "description": "ExpandString value type" + }, + { + "name": "Binary", + "value": "Binary", + "description": "Binary value type" + }, + { + "name": "DWord", + "value": "DWord", + "description": "DWord value type" + }, + { + "name": "MultiString", + "value": "MultiString", + "description": "MultiString value type" + }, + { + "name": "QWord", + "value": "QWord", + "description": "QWord value type" + } + ] + } + }, + "Relation": { + "type": "object", + "description": "Represents a relation between two resources", + "properties": { + "properties": { + "$ref": "#/definitions/RelationProperties", + "description": "Relation properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "RelationList": { + "type": "object", + "description": "List of relations.", + "properties": { + "value": { + "type": "array", + "description": "The Relation items on this page", + "items": { + "$ref": "#/definitions/Relation" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items", + "readOnly": true + } + }, + "required": [ + "value" + ] + }, + "RelationProperties": { + "type": "object", + "description": "Relation property bag.", + "properties": { + "relatedResourceId": { + "type": "string", + "description": "The resource ID of the related resource" + }, + "relatedResourceName": { + "type": "string", + "description": "The name of the related resource", + "readOnly": true + }, + "relatedResourceType": { + "type": "string", + "description": "The resource type of the related resource", + "readOnly": true + }, + "relatedResourceKind": { + "type": "string", + "description": "The resource kind of the related resource", + "readOnly": true + } + }, + "required": [ + "relatedResourceId" + ] + }, + "Relationship": { + "type": "object", + "description": "Represents a relationship in Azure Security Insights.", + "allOf": [ + { + "$ref": "#/definitions/TIObject" + } + ], + "x-ms-discriminator-value": "Relationship" + }, + "RelationshipHint": { + "type": "object", + "description": "An object used to help follow relationships from this object to other STIX objects.", + "properties": { + "fieldName": { + "type": "string" + }, + "source": { + "type": "string" + } + } + }, + "Repo": { + "type": "object", + "description": "Represents a repository.", + "properties": { + "url": { + "type": "string", + "description": "The url to access the repository." + }, + "fullName": { + "type": "string", + "description": "The name of the repository." + }, + "installationId": { + "type": "integer", + "format": "int64", + "description": "The installation id of the repository." + }, + "branches": { + "type": "array", + "description": "Array of branches.", + "items": { + "type": "string" + } + } + } + }, + "RepoList": { + "type": "object", + "description": "List all the source controls.", + "properties": { + "value": { + "type": "array", + "description": "The Repo items on this page", + "items": { + "$ref": "#/definitions/Repo" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "RepoType": { + "type": "string", + "description": "The type of repository.", + "enum": [ + "Github", + "AzureDevOps" + ], + "x-ms-enum": { + "name": "RepoType", + "modelAsString": true, + "values": [ + { + "name": "Github", + "value": "Github", + "description": "Github" + }, + { + "name": "AzureDevOps", + "value": "AzureDevOps", + "description": "AzureDevOps" + } + ] + } + }, + "Repository": { + "type": "object", + "description": "metadata of a repository.", + "properties": { + "url": { + "type": "string", + "description": "Url of repository." + }, + "branch": { + "type": "string", + "description": "Branch name of repository." + }, + "displayUrl": { + "type": "string", + "description": "Display url of repository." + }, + "deploymentLogsUrl": { + "type": "string", + "description": "Url to access repository action logs.", + "readOnly": true + } + }, + "required": [ + "url", + "branch" + ] + }, + "RepositoryAccess": { + "type": "object", + "description": "Credentials to access repository.", + "properties": { + "kind": { + "$ref": "#/definitions/RepositoryAccessKind", + "description": "The kind of repository access credentials" + }, + "code": { + "type": "string", + "format": "password", + "description": "OAuth Code. Required when `kind` is `OAuth`", + "x-ms-secret": true + }, + "state": { + "type": "string", + "format": "password", + "description": "OAuth State. Required when `kind` is `OAuth`", + "x-ms-secret": true + }, + "clientId": { + "type": "string", + "description": "OAuth ClientId. Required when `kind` is `OAuth`" + }, + "token": { + "type": "string", + "format": "password", + "description": "Personal Access Token. Required when `kind` is `PAT`", + "x-ms-secret": true + }, + "installationId": { + "type": "string", + "description": "Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only." + } + }, + "required": [ + "kind" + ] + }, + "RepositoryAccessKind": { + "type": "string", + "description": "The kind of repository access credentials", + "enum": [ + "OAuth", + "PAT", + "App" + ], + "x-ms-enum": { + "name": "RepositoryAccessKind", + "modelAsString": true, + "values": [ + { + "name": "OAuth", + "value": "OAuth", + "description": "OAuth" + }, + { + "name": "PAT", + "value": "PAT", + "description": "PAT" + }, + { + "name": "App", + "value": "App", + "description": "App" + } + ] + } + }, + "RepositoryAccessObject": { + "type": "object", + "description": "Credentials to access repository.", + "properties": { + "repositoryAccess": { + "$ref": "#/definitions/RepositoryAccess", + "description": "RepositoryAccess properties", + "x-ms-client-flatten": true + } + }, + "required": [ + "repositoryAccess" + ] + }, + "RepositoryAccessProperties": { + "type": "object", + "description": "Credentials to access repository.", + "properties": { + "properties": { + "$ref": "#/definitions/RepositoryAccessObject", + "description": "RepositoryAccess properties", + "x-ms-client-flatten": true + } + }, + "required": [ + "properties" + ] + }, + "RepositoryResourceInfo": { + "type": "object", + "description": "Resources created in user's repository for the source-control.", + "properties": { + "webhook": { + "$ref": "#/definitions/Webhook", + "description": "The webhook object created for the source-control." + }, + "gitHubResourceInfo": { + "$ref": "#/definitions/GitHubResourceInfo", + "description": "Resources created in GitHub for this source-control.", + "readOnly": true + }, + "azureDevOpsResourceInfo": { + "$ref": "#/definitions/AzureDevOpsResourceInfo", + "description": "Resources created in Azure DevOps for this source-control.", + "readOnly": true + } + } + }, + "RequiredPermissions": { + "type": "object", + "description": "Required permissions for the connector", + "properties": { + "action": { + "type": "boolean", + "description": "action permission" + }, + "write": { + "type": "boolean", + "description": "write permission" + }, + "read": { + "type": "boolean", + "description": "read permission" + }, + "delete": { + "type": "boolean", + "description": "delete permission" + } + } + }, + "ResourceProvider": { + "type": "object", + "description": "Resource provider permissions required for the connector", + "properties": { + "provider": { + "$ref": "#/definitions/ProviderName", + "description": "Provider name" + }, + "permissionsDisplayText": { + "type": "string", + "description": "Permission description text" + }, + "providerDisplayName": { + "type": "string", + "description": "Permission provider display name" + }, + "scope": { + "$ref": "#/definitions/PermissionProviderScope", + "description": "Permission provider scope" + }, + "requiredPermissions": { + "$ref": "#/definitions/RequiredPermissions", + "description": "Required permissions for the connector" + } + } + }, + "ResourceProviderRequiredPermissions": { + "type": "object", + "description": "Required permissions for the connector resource provider that define in ResourceProviders.\nFor more information about the permissions see here.", + "properties": { + "read": { + "type": "boolean", + "description": "Gets or sets a value indicating whether the permission is read action (GET)." + }, + "write": { + "type": "boolean", + "description": "Gets or sets a value indicating whether the permission is write action (PUT or PATCH)." + }, + "delete": { + "type": "boolean", + "description": "Gets or sets a value indicating whether the permission is delete action (DELETE)." + }, + "action": { + "type": "boolean", + "description": "Gets or sets a value indicating whether the permission is custom actions (POST)." + } + } + }, + "ResourceWithEtag": { + "type": "object", + "description": "An azure resource object with an Etag property", + "properties": { + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/Resource" + } + ] + }, + "RestApiPollerDataConnector": { + "type": "object", + "description": "Represents Rest Api Poller data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/RestApiPollerDataConnectorProperties", + "description": "Rest Api Poller data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "RestApiPoller" + }, + "RestApiPollerDataConnectorProperties": { + "type": "object", + "description": "Rest Api Poller data connector properties.", + "properties": { + "connectorDefinitionName": { + "type": "string", + "description": "The connector definition name (the dataConnectorDefinition resource id)." + }, + "auth": { + "$ref": "#/definitions/CcpAuthConfig", + "description": "The a authentication model." + }, + "request": { + "$ref": "#/definitions/RestApiPollerRequestConfig", + "description": "The request configuration." + }, + "dcrConfig": { + "$ref": "#/definitions/DCRConfiguration", + "description": "The DCR related properties." + }, + "isActive": { + "type": "boolean", + "description": "Indicates whether the connector is active or not." + }, + "dataType": { + "type": "string", + "description": "The Log Analytics table destination." + }, + "response": { + "$ref": "#/definitions/CcpResponseConfig", + "description": "The response configuration." + }, + "paging": { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig", + "description": "The paging configuration." + }, + "addOnAttributes": { + "type": "object", + "description": "The add on attributes. The key name will become attribute name (a column) and the value will become the attribute value in the payload.", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "connectorDefinitionName", + "auth", + "request" + ] + }, + "RestApiPollerRequestConfig": { + "type": "object", + "description": "The request configuration.", + "properties": { + "apiEndpoint": { + "type": "string", + "description": "The API endpoint." + }, + "rateLimitQPS": { + "type": "integer", + "format": "int32", + "description": "The Rate limit queries per second for the request..", + "x-nullable": true + }, + "queryWindowInMin": { + "type": "integer", + "format": "int32", + "description": "The query window in minutes for the request.", + "x-nullable": true + }, + "httpMethod": { + "$ref": "#/definitions/HttpMethodVerb", + "description": "The HTTP method, default value GET." + }, + "queryTimeFormat": { + "type": "string", + "description": "The query time format. A remote server can have a query to pull data from range 'start' to 'end'. This property indicate what is the expected time format the remote server know to parse." + }, + "retryCount": { + "type": "integer", + "format": "int32", + "description": "The retry count.", + "x-nullable": true + }, + "timeoutInSeconds": { + "type": "integer", + "format": "int32", + "description": "The timeout in seconds.", + "x-nullable": true + }, + "isPostPayloadJson": { + "type": "boolean", + "description": "Flag to indicate if HTTP POST payload is in JSON format (vs form-urlencoded).", + "x-nullable": true + }, + "headers": { + "type": "object", + "description": "The header for the request for the remote server.", + "additionalProperties": { + "type": "string" + } + }, + "queryParameters": { + "type": "object", + "description": "The HTTP query parameters to RESTful API.", + "additionalProperties": {} + }, + "queryParametersTemplate": { + "type": "string", + "description": "the query parameters template. Defines the query parameters template to use when passing query parameters in advanced scenarios." + }, + "startTimeAttributeName": { + "type": "string", + "description": "The query parameter name which the remote server expect to start query. This property goes hand to hand with `endTimeAttributeName`." + }, + "endTimeAttributeName": { + "type": "string", + "description": "The query parameter name which the remote server expect to end query. This property goes hand to hand with `startTimeAttributeName`" + }, + "queryTimeIntervalAttributeName": { + "type": "string", + "description": "The query parameter name which we need to send the server for query logs in time interval. Should be defined with `queryTimeIntervalPrepend` and `queryTimeIntervalDelimiter`" + }, + "queryTimeIntervalPrepend": { + "type": "string", + "description": "The string prepend to the value of the query parameter in `queryTimeIntervalAttributeName`." + }, + "queryTimeIntervalDelimiter": { + "type": "string", + "description": "The delimiter string between 2 QueryTimeFormat in the query parameter `queryTimeIntervalAttributeName`." + } + }, + "required": [ + "apiEndpoint" + ] + }, + "RestApiPollerRequestPagingConfig": { + "type": "object", + "description": "The request paging configuration.", + "properties": { + "pagingType": { + "$ref": "#/definitions/RestApiPollerRequestPagingKind", + "description": "Type of paging" + }, + "pageSize": { + "type": "integer", + "format": "int32", + "description": "Page size" + }, + "pageSizeParameterName": { + "type": "string", + "description": "Page size parameter name" + } + }, + "required": [ + "pagingType" + ] + }, + "RestApiPollerRequestPagingCountBaseConfig": { + "type": "object", + "description": "The request paging configuration for Count base paging type parameters.", + "properties": { + "zeroBasedIndexing": { + "type": "boolean", + "description": "Indicates whether the count is zero based" + }, + "pageCountJsonPath": { + "type": "string", + "description": "JSON path of page count in HTTP response payload" + }, + "pageNumberParaName": { + "type": "string", + "description": "Parameter name of page number in HTTP request" + }, + "pageNumberJsonPath": { + "type": "string", + "description": "JSON path of page number in HTTP response payload" + }, + "totalResultsJsonPath": { + "type": "string", + "description": "JSON path of total number of results in HTTP response payload" + } + }, + "allOf": [ + { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig" + } + ] + }, + "RestApiPollerRequestPagingKind": { + "type": "string", + "description": "Type of paging", + "enum": [ + "LinkHeader", + "NextPageToken", + "NextPageUrl", + "PersistentToken", + "PersistentLinkHeader", + "Offset", + "CountBasedPaging" + ], + "x-ms-enum": { + "name": "RestApiPollerRequestPagingKind", + "modelAsString": true, + "values": [ + { + "name": "LinkHeader", + "value": "LinkHeader", + "description": "LinkHeader" + }, + { + "name": "NextPageToken", + "value": "NextPageToken", + "description": "NextPageToken" + }, + { + "name": "NextPageUrl", + "value": "NextPageUrl", + "description": "NextPageUrl" + }, + { + "name": "PersistentToken", + "value": "PersistentToken", + "description": "PersistentToken" + }, + { + "name": "PersistentLinkHeader", + "value": "PersistentLinkHeader", + "description": "PersistentLinkHeader" + }, + { + "name": "Offset", + "value": "Offset", + "description": "Offset" + }, + { + "name": "CountBasedPaging", + "value": "CountBasedPaging", + "description": "CountBasedPaging" + } + ] + } + }, + "RestApiPollerRequestPagingLinkHeaderConfig": { + "type": "object", + "description": "The request paging configuration for LinkHeader and PersistentLinkHeader paging type parameters.", + "properties": { + "linkHeaderTokenJsonPath": { + "type": "string", + "description": "JSON path of link header token in HTTP response payload" + }, + "linkHeaderRelLinkName": { + "type": "string", + "description": "Rel link name from the link header" + } + }, + "allOf": [ + { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig" + } + ] + }, + "RestApiPollerRequestPagingNextPageUrlConfig": { + "type": "object", + "description": "The request paging configuration for NextPageUrl paging type parameters.", + "properties": { + "nextPageUrl": { + "type": "string", + "description": "Next page URL" + }, + "nextPageUrlQueryParameters": { + "type": "object", + "description": "Query parameters of next page URL", + "additionalProperties": { + "type": "string" + } + }, + "nextPageUrlQueryParametersTemplate": { + "type": "string", + "description": "Paging query parameters in string template format" + }, + "nextPageParaName": { + "type": "string", + "description": "Next page parameter name in HTTP request" + }, + "nextPageRequestHeader": { + "type": "string", + "description": "Next page header name in the request" + }, + "hasNextFlagJsonPath": { + "type": "string", + "description": "JSON path of flag in HTTP response payload to indicate more pages" + } + }, + "allOf": [ + { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig" + } + ] + }, + "RestApiPollerRequestPagingOffsetConfig": { + "type": "object", + "description": "The request paging configuration for Offset paging type parameters.", + "properties": { + "offsetParaName": { + "type": "string", + "description": "Offset parameter name in HTTP request" + } + }, + "allOf": [ + { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig" + } + ] + }, + "RestApiPollerRequestPagingTokenConfig": { + "type": "object", + "description": "The request paging configuration for NextPageToken and PersistentToken paging type parameters.", + "properties": { + "nextPageTokenJsonPath": { + "type": "string", + "description": "JSON path of next page token in HTTP response payload" + }, + "hasNextFlagJsonPath": { + "type": "string", + "description": "JSON path of flag in HTTP response payload to indicate more pages" + }, + "nextPageTokenResponseHeader": { + "type": "string", + "description": "HTTP response header name of next page token" + }, + "nextPageParaName": { + "type": "string", + "description": "Next page parameter name in HTTP request" + }, + "nextPageRequestHeader": { + "type": "string", + "description": "Next page header name in the request" + } + }, + "allOf": [ + { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig" + } + ] + }, + "SampleQueries": { + "type": "object", + "description": "The sample queries for the connector", + "properties": { + "description": { + "type": "string", + "description": "The sample query description" + }, + "query": { + "type": "string", + "description": "the sample query" + } + } + }, + "SapSolutionUsageStatistic": { + "type": "object", + "description": "Billing statistic about the Microsoft Sentinel solution for SAP Usage", + "properties": { + "properties": { + "$ref": "#/definitions/SapSolutionUsageStatisticProperties", + "description": "The SAP solution usage object", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/BillingStatistic" + } + ], + "x-ms-discriminator-value": "SapSolutionUsage" + }, + "SapSolutionUsageStatisticProperties": { + "type": "object", + "description": "Properties of the billing statistic about the Microsoft Sentinel solution for SAP usage", + "properties": { + "activeSystemIdCount": { + "type": "integer", + "format": "int64", + "description": "The latest count of active SAP system IDs under the Microsoft Sentinel solution for SAP Usage", + "readOnly": true + } + } + }, + "ScheduledAlertRule": { + "type": "object", + "description": "Represents scheduled alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleProperties", + "description": "Scheduled alert rule properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "x-ms-discriminator-value": "Scheduled" + }, + "ScheduledAlertRuleCommonProperties": { + "type": "object", + "description": "Scheduled alert rule template property bag.", + "properties": { + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "queryFrequency": { + "type": "string", + "format": "duration", + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." + }, + "queryPeriod": { + "type": "string", + "format": "duration", + "description": "The period (in ISO 8601 duration format) that this alert rule looks at." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/TriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "type": "integer", + "format": "int32", + "description": "The threshold triggers this alert rule." + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "type": "object", + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "type": "array", + "description": "Array of the entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/EntityMapping" + } + }, + "alertDetailsOverride": { + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "sentinelEntitiesMappings": { + "type": "array", + "description": "Array of the sentinel entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/SentinelEntityMapping" + } + } + } + }, + "ScheduledAlertRuleProperties": { + "type": "object", + "description": "Scheduled alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "type": "string", + "description": "The Name of the alert rule template used to create this rule." + }, + "templateVersion": { + "type": "string", + "description": "The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2>" + }, + "description": { + "type": "string", + "description": "The description of the alert rule." + }, + "displayName": { + "type": "string", + "description": "The display name for alerts created by this alert rule." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert rule has been modified.", + "readOnly": true + }, + "suppressionDuration": { + "type": "string", + "format": "duration", + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered." + }, + "suppressionEnabled": { + "type": "boolean", + "description": "Determines whether the suppression for this alert rule is enabled or disabled." + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + } + }, + "subTechniques": { + "type": "array", + "description": "The sub-techniques of the alert rule", + "items": { + "type": "string" + } + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + } + }, + "required": [ + "displayName", + "enabled", + "suppressionDuration", + "suppressionEnabled" + ], + "allOf": [ + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ] + }, + "ScheduledAlertRuleTemplate": { + "type": "object", + "description": "Represents scheduled alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleTemplateProperties", + "description": "Scheduled alert rule template properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "x-ms-discriminator-value": "Scheduled" + }, + "ScheduledAlertRuleTemplateProperties": { + "type": "object", + "description": "Scheduled alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "type": "integer", + "format": "int32", + "description": "The number of alert rules that were created by this template" + }, + "createdDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template has been added.", + "readOnly": true + }, + "lastUpdatedDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template was last updated.", + "readOnly": true + }, + "description": { + "type": "string", + "description": "The description of the alert rule template." + }, + "displayName": { + "type": "string", + "description": "The display name for alert rule template." + }, + "requiredDataConnectors": { + "type": "array", + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "x-ms-identifiers": [] + }, + "status": { + "$ref": "#/definitions/TemplateStatus", + "description": "The alert rule template status." + }, + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "queryFrequency": { + "type": "string", + "format": "duration", + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." + }, + "queryPeriod": { + "type": "string", + "format": "duration", + "description": "The period (in ISO 8601 duration format) that this alert rule looks at." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/TriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "type": "integer", + "format": "int32", + "description": "The threshold triggers this alert rule." + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + } + }, + "subTechniques": { + "type": "array", + "description": "The sub-techniques of the alert rule", + "items": { + "type": "string" + } + }, + "version": { + "type": "string", + "description": "The version of this template - in format , where all are numbers. For example <1.0.2>." + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "type": "object", + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "type": "array", + "description": "Array of the entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/EntityMapping" + } + }, + "alertDetailsOverride": { + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "sentinelEntitiesMappings": { + "type": "array", + "description": "Array of the sentinel entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/SentinelEntityMapping" + } + } + } + }, + "SecurityAlert": { + "type": "object", + "description": "Represents a security alert entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityAlertProperties", + "description": "SecurityAlert entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "SecurityAlert" + }, + "SecurityAlertProperties": { + "type": "object", + "description": "SecurityAlert entity property bag.", + "properties": { + "alertDisplayName": { + "type": "string", + "description": "The display name of the alert.", + "readOnly": true + }, + "alertType": { + "type": "string", + "description": "The type name of the alert.", + "readOnly": true + }, + "compromisedEntity": { + "type": "string", + "description": "Display name of the main entity being reported on.", + "readOnly": true + }, + "confidenceLevel": { + "$ref": "#/definitions/ConfidenceLevel", + "description": "The confidence level of this alert.", + "readOnly": true + }, + "confidenceReasons": { + "type": "array", + "description": "The confidence reasons", + "items": { + "$ref": "#/definitions/SecurityAlertPropertiesConfidenceReasonsItem" + }, + "readOnly": true, + "x-ms-identifiers": [] + }, + "confidenceScore": { + "type": "number", + "format": "double", + "description": "The confidence score of the alert.", + "readOnly": true + }, + "confidenceScoreStatus": { + "$ref": "#/definitions/ConfidenceScoreStatus", + "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", + "readOnly": true + }, + "description": { + "type": "string", + "description": "Alert description.", + "readOnly": true + }, + "endTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The impact end time of the alert (the time of the last event contributing to the alert).", + "readOnly": true + }, + "intent": { + "$ref": "#/definitions/KillChainIntent", + "description": "Holds the alert intent stage(s) mapping for this alert.", + "readOnly": true + }, + "providerAlertId": { + "type": "string", + "description": "The identifier of the alert inside the product which generated the alert.", + "readOnly": true + }, + "processingEndTime": { + "type": "string", + "format": "date-time", + "description": "The time the alert was made available for consumption.", + "readOnly": true + }, + "productComponentName": { + "type": "string", + "description": "The name of a component inside the product which generated the alert.", + "readOnly": true + }, + "productName": { + "type": "string", + "description": "The name of the product which published this alert.", + "readOnly": true + }, + "productVersion": { + "type": "string", + "description": "The version of the product generating the alert.", + "readOnly": true + }, + "remediationSteps": { + "type": "array", + "description": "Manual action items to take to remediate the alert.", + "items": { + "type": "string" + }, + "readOnly": true + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity of the alert" + }, + "startTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The impact start time of the alert (the time of the first event contributing to the alert).", + "readOnly": true + }, + "status": { + "$ref": "#/definitions/AlertStatus", + "description": "The lifecycle status of the alert.", + "readOnly": true + }, + "systemAlertId": { + "type": "string", + "description": "Holds the product identifier of the alert for the product.", + "readOnly": true + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true + }, + "timeGenerated": { + "type": "string", + "format": "date-time", + "description": "The time the alert was generated.", + "readOnly": true + }, + "vendorName": { + "type": "string", + "description": "The name of the vendor that raise the alert.", + "readOnly": true + }, + "alertLink": { + "type": "string", + "description": "The uri link of the alert.", + "readOnly": true + }, + "resourceIdentifiers": { + "type": "array", + "description": "The list of resource identifiers of the alert.", + "items": {}, + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "SecurityAlertPropertiesConfidenceReasonsItem": { + "type": "object", + "description": "confidence reason item", + "properties": { + "reason": { + "type": "string", + "description": "The reason's description", + "readOnly": true + }, + "reasonType": { + "type": "string", + "description": "The type (category) of the reason", + "readOnly": true + } + } + }, + "SecurityAlertTimelineItem": { + "type": "object", + "description": "Represents security alert timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The alert azure resource id." + }, + "productName": { + "type": "string", + "description": "The alert product name." + }, + "description": { + "type": "string", + "description": "The alert description." + }, + "displayName": { + "type": "string", + "description": "The alert name." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The alert severity." + }, + "endTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The alert end time." + }, + "startTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The alert start time." + }, + "timeGenerated": { + "type": "string", + "format": "date-time", + "description": "The alert generated time." + }, + "alertType": { + "type": "string", + "description": "The name of the alert type." + }, + "intent": { + "$ref": "#/definitions/KillChainIntent", + "description": "The intent of the alert.", + "readOnly": true + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert.", + "items": { + "type": "string" + } + } + }, + "required": [ + "azureResourceId", + "displayName", + "severity", + "endTimeUtc", + "startTimeUtc", + "timeGenerated", + "alertType" + ], + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "x-ms-discriminator-value": "SecurityAlert" + }, + "SecurityGroupEntity": { + "type": "object", + "description": "Represents a security group entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityGroupEntityProperties", + "description": "SecurityGroup entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "SecurityGroup" + }, + "SecurityGroupEntityProperties": { + "type": "object", + "description": "SecurityGroup entity property bag.", + "properties": { + "distinguishedName": { + "type": "string", + "description": "The group distinguished name", + "readOnly": true + }, + "objectGuid": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "A single-value attribute that is the unique identifier for the object, assigned by active directory.", + "readOnly": true + }, + "sid": { + "type": "string", + "description": "The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "SecurityMLAnalyticsSetting": { + "type": "object", + "description": "Security ML Analytics Setting", + "properties": { + "kind": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "SecurityMLAnalyticsSettingsDataSource": { + "type": "object", + "description": "security ml analytics settings data sources", + "properties": { + "connectorId": { + "type": "string", + "description": "The connector id that provides the following data types" + }, + "dataTypes": { + "type": "array", + "description": "The data types used by the security ml analytics settings", + "items": { + "type": "string" + } + } + } + }, + "SecurityMLAnalyticsSettingsKind": { + "type": "string", + "description": "The kind of security ML analytics settings", + "enum": [ + "Anomaly" + ], + "x-ms-enum": { + "name": "SecurityMLAnalyticsSettingsKind", + "modelAsString": true, + "values": [ + { + "name": "Anomaly", + "value": "Anomaly", + "description": "Anomaly" + } + ] + } + }, + "SecurityMLAnalyticsSettingsList": { + "type": "object", + "description": "List all the SecurityMLAnalyticsSettings", + "properties": { + "value": { + "type": "array", + "description": "The SecurityMLAnalyticsSetting items on this page", + "items": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "SentinelEntityMapping": { + "type": "object", + "description": "A single sentinel entity mapping", + "properties": { + "columnName": { + "type": "string", + "description": "the column name to be mapped to the SentinelEntities" + } + } + }, + "SentinelOnboardingState": { + "type": "object", + "description": "Sentinel onboarding state", + "properties": { + "properties": { + "$ref": "#/definitions/SentinelOnboardingStateProperties", + "description": "The Sentinel onboarding state object", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "SentinelOnboardingStateProperties": { + "type": "object", + "description": "The Sentinel onboarding state properties", + "properties": { + "customerManagedKey": { + "type": "boolean", + "description": "Flag that indicates the status of the CMK setting" + } + } + }, + "SentinelOnboardingStatesList": { + "type": "object", + "description": "List of the Sentinel onboarding states", + "properties": { + "value": { + "type": "array", + "description": "Array of Sentinel onboarding states", + "items": { + "$ref": "#/definitions/SentinelOnboardingState" + } + } + }, + "required": [ + "value" + ] + }, + "ServicePrincipal": { + "type": "object", + "description": "Service principal metadata.", + "properties": { + "id": { + "type": "string", + "description": "Id of service principal.", + "readOnly": true + }, + "tenantId": { + "type": "string", + "description": "Tenant id of service principal.", + "readOnly": true + }, + "appId": { + "type": "string", + "description": "App id of service principal.", + "readOnly": true + }, + "credentialsExpireOn": { + "type": "string", + "format": "date-time", + "description": "Expiration time of service principal credentials." + } + } + }, + "SessionAuthModel": { + "type": "object", + "description": "Model for API authentication with session cookie.", + "properties": { + "userName": { + "type": "object", + "description": "The user name attribute key value.", + "additionalProperties": { + "type": "string" + } + }, + "password": { + "type": "object", + "format": "password", + "description": "The password attribute name.", + "additionalProperties": { + "type": "string" + }, + "x-ms-secret": true + }, + "queryParameters": { + "type": "object", + "description": "Query parameters to session service endpoint.", + "additionalProperties": {} + }, + "isPostPayloadJson": { + "type": "boolean", + "description": "Indicating whether API key is set in HTTP POST payload.", + "x-nullable": true + }, + "headers": { + "type": "object", + "description": "HTTP request headers to session service endpoint.", + "additionalProperties": { + "type": "string" + } + }, + "sessionTimeoutInMinutes": { + "type": "integer", + "format": "int32", + "description": "Session timeout in minutes.", + "x-nullable": true + }, + "sessionIdName": { + "type": "string", + "description": "Session id attribute name from HTTP response header." + }, + "sessionLoginRequestUri": { + "type": "string", + "description": "HTTP request URL to session service endpoint." + } + }, + "required": [ + "userName", + "password" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "Session" + }, + "SettingKind": { + "type": "string", + "description": "The kind of the setting", + "enum": [ + "Anomalies", + "EyesOn", + "EntityAnalytics", + "Ueba" + ], + "x-ms-enum": { + "name": "SettingKind", + "modelAsString": true, + "values": [ + { + "name": "Anomalies", + "value": "Anomalies", + "description": "Anomalies" + }, + { + "name": "EyesOn", + "value": "EyesOn", + "description": "EyesOn" + }, + { + "name": "EntityAnalytics", + "value": "EntityAnalytics", + "description": "EntityAnalytics" + }, + { + "name": "Ueba", + "value": "Ueba", + "description": "Ueba" + } + ] + } + }, + "SettingList": { + "type": "object", + "description": "List of all the settings.", + "properties": { + "value": { + "type": "array", + "description": "The Settings items on this page", + "items": { + "$ref": "#/definitions/Settings" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "SettingType": { + "type": "string", + "description": "The kind of the setting", + "enum": [ + "CopyableLabel", + "InstructionStepsGroup", + "InfoMessage" + ], + "x-ms-enum": { + "name": "SettingType", + "modelAsString": true, + "values": [ + { + "name": "CopyableLabel", + "value": "CopyableLabel", + "description": "CopyableLabel" + }, + { + "name": "InstructionStepsGroup", + "value": "InstructionStepsGroup", + "description": "InstructionStepsGroup" + }, + { + "name": "InfoMessage", + "value": "InfoMessage", + "description": "InfoMessage" + } + ] + } + }, + "Settings": { + "type": "object", + "description": "The Setting.", + "properties": { + "kind": { + "$ref": "#/definitions/SettingKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "SettingsStatus": { + "type": "string", + "description": "The anomaly SecurityMLAnalyticsSettings status", + "enum": [ + "Production", + "Flighting" + ], + "x-ms-enum": { + "name": "SettingsStatus", + "modelAsString": true, + "values": [ + { + "name": "Production", + "value": "Production", + "description": "Anomaly settings status in Production mode" + }, + { + "name": "Flighting", + "value": "Flighting", + "description": "Anomaly settings status in Flighting mode" + } + ] + } + }, + "SortingDirection": { + "type": "string", + "description": "The direction to sort the results by.", + "enum": [ + "ASC", + "DESC" + ], + "x-ms-enum": { + "name": "SortingDirection", + "modelAsString": true, + "values": [ + { + "name": "ASC", + "value": "ASC", + "description": "Indicates that the query should be sorted from lowest-to-highest value." + }, + { + "name": "DESC", + "value": "DESC", + "description": "Indicates that the query should be sorted from lowest-to-highest value." + } + ] + } + }, + "SourceControl": { + "type": "object", + "description": "Represents a SourceControl in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/SourceControlProperties", + "description": "source control properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "required": [ + "properties" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "SourceControlList": { + "type": "object", + "description": "List all the source controls.", + "properties": { + "value": { + "type": "array", + "description": "The SourceControl items on this page", + "items": { + "$ref": "#/definitions/SourceControl" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "SourceControlProperties": { + "type": "object", + "description": "Describes source control properties", + "properties": { + "id": { + "type": "string", + "description": "The id (a Guid) of the source control", + "readOnly": true + }, + "version": { + "$ref": "#/definitions/Version", + "description": "The version number associated with the source control", + "readOnly": true + }, + "displayName": { + "type": "string", + "description": "The display name of the source control" + }, + "description": { + "type": "string", + "description": "A description of the source control" + }, + "repoType": { + "$ref": "#/definitions/RepoType", + "description": "The repository type of the source control" + }, + "contentTypes": { + "type": "array", + "description": "Array of source control content types.", + "items": { + "$ref": "#/definitions/ContentType" + } + }, + "repository": { + "$ref": "#/definitions/Repository", + "description": "Repository metadata." + }, + "servicePrincipal": { + "$ref": "#/definitions/ServicePrincipal", + "description": "Service principal metadata." + }, + "workloadIdentityFederation": { + "$ref": "#/definitions/WorkloadIdentityFederation", + "description": "Workload Identity metadata.", + "readOnly": true + }, + "repositoryAccess": { + "$ref": "#/definitions/RepositoryAccess", + "description": "Repository access credentials. This is write-only object and it never returns back to a user.", + "x-ms-mutability": [ + "update", + "create" + ] + }, + "repositoryResourceInfo": { + "$ref": "#/definitions/RepositoryResourceInfo", + "description": "Information regarding the resources created in user's repository." + }, + "lastDeploymentInfo": { + "$ref": "#/definitions/DeploymentInfo", + "description": "Information regarding the latest deployment for the source control.", + "readOnly": true + }, + "pullRequest": { + "$ref": "#/definitions/PullRequest", + "description": "Information regarding the pull request of the source control.", + "readOnly": true + } + }, + "required": [ + "displayName", + "repoType", + "contentTypes", + "repository" + ] + }, + "SourceKind": { + "type": "string", + "description": "Source type of the content", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "name": "SourceKind", + "modelAsString": true, + "values": [ + { + "name": "LocalWorkspace", + "value": "LocalWorkspace", + "description": "LocalWorkspace" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "SourceRepository", + "value": "SourceRepository", + "description": "SourceRepository" + } + ] + } + }, + "SourceType": { + "type": "string", + "description": "The sourceType of the watchlist", + "enum": [ + "Local", + "AzureStorage" + ], + "x-ms-enum": { + "name": "SourceType", + "modelAsString": true, + "values": [ + { + "name": "Local", + "value": "Local", + "description": "The source from local file." + }, + { + "name": "AzureStorage", + "value": "AzureStorage", + "description": "The source from Azure storage." + } + ] + } + }, + "State": { + "type": "string", + "description": "State of recommendation.", + "enum": [ + "Active", + "InProgress", + "Dismissed", + "CompletedByUser", + "CompletedBySystem" + ], + "x-ms-enum": { + "name": "State", + "modelAsString": true, + "values": [ + { + "name": "Active", + "value": "Active", + "description": "Recommendation is active." + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "Recommendation is in progress." + }, + { + "name": "Dismissed", + "value": "Dismissed", + "description": "Recommendation has been dismissed." + }, + { + "name": "CompletedByUser", + "value": "CompletedByUser", + "description": "Recommendation has been completed by user." + }, + { + "name": "CompletedBySystem", + "value": "CompletedBySystem", + "description": "Recommendation has been completed by the system." + } + ] + } + }, + "Status": { + "type": "string", + "description": "The status of the hunt.", + "enum": [ + "New", + "Active", + "Closed", + "Backlog", + "Approved", + "Succeeded", + "Failed", + "InProgress" + ], + "x-ms-enum": { + "name": "Status", + "modelAsString": true, + "values": [ + { + "name": "New", + "value": "New", + "description": "New" + }, + { + "name": "Active", + "value": "Active", + "description": "Active" + }, + { + "name": "Closed", + "value": "Closed", + "description": "Closed" + }, + { + "name": "Backlog", + "value": "Backlog", + "description": "Backlog" + }, + { + "name": "Approved", + "value": "Approved", + "description": "Approved" + }, + { + "name": "Succeeded", + "value": "Succeeded", + "description": "Succeeded" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "InProgress" + } + ] + } + }, + "SubmissionMailEntity": { + "type": "object", + "description": "Represents a submission mail entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SubmissionMailEntityProperties", + "description": "Submission mail entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "SubmissionMail" + }, + "SubmissionMailEntityProperties": { + "type": "object", + "description": "Submission mail entity property bag.", + "properties": { + "networkMessageId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The network message id of email to which submission belongs", + "readOnly": true + }, + "submissionId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The submission id", + "readOnly": true + }, + "submitter": { + "type": "string", + "description": "The submitter", + "readOnly": true + }, + "submissionDate": { + "type": "string", + "format": "date-time", + "description": "The submission date", + "readOnly": true + }, + "timestamp": { + "type": "string", + "format": "date-time", + "description": "The Time stamp when the message is received (Mail)", + "readOnly": true + }, + "recipient": { + "type": "string", + "description": "The recipient of the mail", + "readOnly": true + }, + "sender": { + "type": "string", + "description": "The sender of the mail", + "readOnly": true + }, + "senderIp": { + "type": "string", + "description": "The sender's IP", + "readOnly": true + }, + "subject": { + "type": "string", + "description": "The subject of submission mail", + "readOnly": true + }, + "reportType": { + "type": "string", + "description": "The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "SupportTier": { + "type": "string", + "description": "Type of support for content item", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "name": "SupportTier", + "modelAsString": true, + "values": [ + { + "name": "Microsoft", + "value": "Microsoft", + "description": "Microsoft" + }, + { + "name": "Partner", + "value": "Partner", + "description": "Partner" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + } + ] + } + }, + "TICheckRequirements": { + "type": "object", + "description": "Threat Intelligence Platforms data connector check requirements", + "properties": { + "properties": { + "$ref": "#/definitions/TICheckRequirementsProperties", + "description": "Threat Intelligence Platforms data connector check required properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TICheckRequirementsProperties": { + "type": "object", + "description": "Threat Intelligence Platforms data connector required properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "TIDataConnector": { + "type": "object", + "description": "Represents threat intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/TIDataConnectorProperties", + "description": "TI (Threat Intelligence) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TIDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for TI (Threat Intelligence) data connector.", + "properties": { + "indicators": { + "$ref": "#/definitions/TIDataConnectorDataTypesIndicators", + "description": "Data type for indicators connection." + } + }, + "required": [ + "indicators" + ] + }, + "TIDataConnectorDataTypesIndicators": { + "type": "object", + "description": "Data type for indicators connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "TIDataConnectorProperties": { + "type": "object", + "description": "TI (Threat Intelligence) data connector properties.", + "properties": { + "tipLookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the feed to be imported.", + "x-nullable": true + }, + "dataTypes": { + "$ref": "#/definitions/TIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "TIObject": { + "type": "object", + "description": "Represents a threat intelligence object in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/TIObjectCommonProperties", + "description": "The properties of the TI object", + "x-ms-client-flatten": true + }, + "kind": { + "$ref": "#/definitions/TIObjectKind", + "description": "The kind of the TI object" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/Resource" + } + ] + }, + "TIObjectCommonProperties": { + "type": "object", + "description": "Describes properties common to all threat intelligence objects", + "properties": { + "data": { + "type": "object", + "description": "The core STIX object that this TI object represents.", + "additionalProperties": {}, + "readOnly": true + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "The UserInfo of the user/entity which originally created this TI object.", + "readOnly": true + }, + "source": { + "type": "string", + "description": "The source name for this TI object.", + "readOnly": true + }, + "firstIngestedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The timestamp for the first time this object was ingested.", + "readOnly": true + }, + "lastIngestedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The timestamp for the last time this object was ingested.", + "readOnly": true + }, + "ingestionRulesVersion": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The ID of the rules version that was active when this TI object was last ingested.", + "readOnly": true + }, + "lastUpdateMethod": { + "type": "string", + "description": "The name of the method/application that initiated the last write to this TI object.", + "readOnly": true + }, + "lastModifiedBy": { + "$ref": "#/definitions/UserInfo", + "description": "The UserInfo of the user/entity which last modified this TI object.", + "readOnly": true + }, + "lastUpdatedDateTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The timestamp for the last time this TI object was updated.", + "readOnly": true + }, + "relationshipHints": { + "type": "array", + "description": "A dictionary used to help follow relationships from this object to other STIX objects. The keys are field names from the STIX object (in the 'data' field), and the values are lists of sources that can be prepended to the object ID in order to efficiently locate the target TI object.", + "items": { + "$ref": "#/definitions/RelationshipHint" + }, + "readOnly": true + } + } + }, + "TIObjectKind": { + "type": "string", + "description": "The kind of the TI object", + "enum": [ + "AttackPattern", + "Identity", + "Indicator", + "Relationship", + "ThreatActor" + ], + "x-ms-enum": { + "name": "TIObjectKind", + "modelAsString": true, + "values": [ + { + "name": "AttackPattern", + "value": "AttackPattern", + "description": "A TI object that represents an attack pattern." + }, + { + "name": "Identity", + "value": "Identity", + "description": "A TI object that represents an identity." + }, + { + "name": "Indicator", + "value": "Indicator", + "description": "A TI object that represents an indicator." + }, + { + "name": "Relationship", + "value": "Relationship", + "description": "A TI object that represents a relationship between two TI objects." + }, + { + "name": "ThreatActor", + "value": "ThreatActor", + "description": "A TI object that represents a threat actor." + } + ] + } + }, + "TeamInformation": { + "type": "object", + "description": "Describes team information", + "properties": { + "teamId": { + "type": "string", + "description": "Team ID", + "readOnly": true + }, + "primaryChannelUrl": { + "type": "string", + "description": "The primary channel URL of the team", + "readOnly": true + }, + "teamCreationTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the team was created", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The name of the team", + "readOnly": true + }, + "description": { + "type": "string", + "description": "The description of the team", + "readOnly": true + } + } + }, + "TeamProperties": { + "type": "object", + "description": "Describes team properties", + "properties": { + "teamName": { + "type": "string", + "description": "The name of the team" + }, + "teamDescription": { + "type": "string", + "description": "The description of the team" + }, + "groupIds": { + "type": "array", + "description": "List of group IDs to add their members to the team", + "items": { + "$ref": "#/definitions/Azure.Core.uuid" + } + }, + "memberIds": { + "type": "array", + "description": "List of member IDs to add to the team", + "items": { + "$ref": "#/definitions/Azure.Core.uuid" + } + } + }, + "required": [ + "teamName" + ] + }, + "TemplateBaseProperties": { + "type": "object", + "description": "Template property bag.", + "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/Kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "type": "array", + "description": "Providers for the content item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date content item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date for the content item" + }, + "customVersion": { + "type": "string", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "type": "string", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "previewImages": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts", + "items": { + "type": "string" + } + }, + "previewImagesDark": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "items": { + "type": "string" + } + }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "#/definitions/PackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "type": "string", + "description": "the name of the package contains this template" + }, + "isDeprecated": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this template is deprecated", + "readOnly": true + } + } + }, + "TemplateStatus": { + "type": "string", + "description": "The alert rule template status.", + "enum": [ + "Installed", + "Available", + "NotAvailable" + ], + "x-ms-enum": { + "name": "TemplateStatus", + "modelAsString": true, + "values": [ + { + "name": "Installed", + "value": "Installed", + "description": "Alert rule template installed. and can not use more then once" + }, + { + "name": "Available", + "value": "Available", + "description": "Alert rule template is available." + }, + { + "name": "NotAvailable", + "value": "NotAvailable", + "description": "Alert rule template is not available" + } + ] + } + }, + "ThreatActor": { + "type": "object", + "description": "Represents a threat actor in Azure Security Insights.", + "allOf": [ + { + "$ref": "#/definitions/TIObject" + } + ], + "x-ms-discriminator-value": "ThreatActor" + }, + "ThreatIntelligenceAlertRule": { + "type": "object", + "description": "Represents Threat Intelligence alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceAlertRuleProperties", + "description": "Threat Intelligence alert rule properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "ThreatIntelligenceAlertRuleProperties": { + "type": "object", + "description": "Threat Intelligence alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "type": "string", + "description": "The Name of the alert rule template used to create this rule." + }, + "description": { + "type": "string", + "description": "The description of the alert rule.", + "readOnly": true + }, + "displayName": { + "type": "string", + "description": "The display name for alerts created by this alert rule.", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert has been modified.", + "readOnly": true + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true + }, + "subTechniques": { + "type": "array", + "description": "The sub-techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ] + }, + "ThreatIntelligenceAlertRuleTemplate": { + "type": "object", + "description": "Represents Threat Intelligence alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceAlertRuleTemplateProperties", + "description": "Threat Intelligence alert rule template properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "ThreatIntelligenceAlertRuleTemplateProperties": { + "type": "object", + "description": "Threat Intelligence alert rule template properties", + "properties": { + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + } + }, + "required": [ + "severity" + ], + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + } + ] + }, + "ThreatIntelligenceAppendTags": { + "type": "object", + "description": "Array of tags to be appended to the threat intelligence indicator.", + "properties": { + "threatIntelligenceTags": { + "type": "array", + "description": "List of tags to be appended.", + "items": { + "type": "string" + } + } + } + }, + "ThreatIntelligenceCount": { + "type": "object", + "description": "Count of all the threat intelligence objects on the workspace that match the provided query.", + "properties": { + "count": { + "type": "integer", + "format": "int32", + "description": "Count of all the threat intelligence objects on the workspace that match the provided query.", + "readOnly": true + } + }, + "required": [ + "count" + ] + }, + "ThreatIntelligenceExternalReference": { + "type": "object", + "description": "Describes external reference", + "properties": { + "description": { + "type": "string", + "description": "External reference description" + }, + "externalId": { + "type": "string", + "description": "External reference ID" + }, + "sourceName": { + "type": "string", + "description": "External reference source name" + }, + "url": { + "type": "string", + "description": "External reference URL" + }, + "hashes": { + "type": "object", + "description": "External reference hashes", + "additionalProperties": { + "type": "string" + } + } + } + }, + "ThreatIntelligenceFilteringCriteria": { + "type": "object", + "description": "Filtering criteria for querying threat intelligence indicators.", + "properties": { + "pageSize": { + "type": "integer", + "format": "int32", + "description": "Page size" + }, + "minConfidence": { + "type": "integer", + "format": "int32", + "description": "Minimum confidence." + }, + "maxConfidence": { + "type": "integer", + "format": "int32", + "description": "Maximum confidence." + }, + "minValidUntil": { + "type": "string", + "description": "Start time for ValidUntil filter." + }, + "maxValidUntil": { + "type": "string", + "description": "End time for ValidUntil filter." + }, + "includeDisabled": { + "type": "boolean", + "description": "Parameter to include/exclude disabled indicators." + }, + "sortBy": { + "type": "array", + "description": "Columns to sort by and sorting order", + "items": { + "$ref": "#/definitions/ThreatIntelligenceSortingCriteria" + }, + "x-ms-identifiers": [] + }, + "sources": { + "type": "array", + "description": "Sources of threat intelligence indicators", + "items": { + "type": "string" + } + }, + "patternTypes": { + "type": "array", + "description": "Pattern types", + "items": { + "type": "string" + } + }, + "threatTypes": { + "type": "array", + "description": "Threat types of threat intelligence indicators", + "items": { + "type": "string" + } + }, + "ids": { + "type": "array", + "description": "Ids of threat intelligence indicators", + "items": { + "type": "string" + } + }, + "keywords": { + "type": "array", + "description": "Keywords for searching threat intelligence indicators", + "items": { + "type": "string" + } + }, + "skipToken": { + "type": "string", + "description": "Skip token." + } + } + }, + "ThreatIntelligenceGranularMarkingModel": { + "type": "object", + "description": "Describes threat granular marking model entity", + "properties": { + "language": { + "type": "string", + "description": "Language granular marking model" + }, + "markingRef": { + "type": "integer", + "format": "int32", + "description": "marking reference granular marking model" + }, + "selectors": { + "type": "array", + "description": "granular marking model selectors", + "items": { + "type": "string" + } + } + } + }, + "ThreatIntelligenceIndicatorModel": { + "type": "object", + "description": "Threat intelligence indicator entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties", + "description": "Threat Intelligence Entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + ], + "x-ms-discriminator-value": "indicator" + }, + "ThreatIntelligenceIndicatorProperties": { + "type": "object", + "description": "Describes threat intelligence entity properties", + "properties": { + "threatIntelligenceTags": { + "type": "array", + "description": "List of tags", + "items": { + "type": "string" + } + }, + "lastUpdatedTimeUtc": { + "type": "string", + "description": "Last updated time in UTC" + }, + "source": { + "type": "string", + "description": "Source of a threat intelligence entity" + }, + "displayName": { + "type": "string", + "description": "Display name of a threat intelligence entity" + }, + "description": { + "type": "string", + "description": "Description of a threat intelligence entity" + }, + "indicatorTypes": { + "type": "array", + "description": "Indicator types of threat intelligence entities", + "items": { + "type": "string" + } + }, + "pattern": { + "type": "string", + "description": "Pattern of a threat intelligence entity" + }, + "patternType": { + "type": "string", + "description": "Pattern type of a threat intelligence entity" + }, + "patternVersion": { + "type": "string", + "description": "Pattern version of a threat intelligence entity" + }, + "killChainPhases": { + "type": "array", + "description": "Kill chain phases", + "items": { + "$ref": "#/definitions/ThreatIntelligenceKillChainPhase" + }, + "x-ms-identifiers": [] + }, + "parsedPattern": { + "type": "array", + "description": "Parsed patterns", + "items": { + "$ref": "#/definitions/ThreatIntelligenceParsedPattern" + }, + "x-ms-identifiers": [] + }, + "externalId": { + "type": "string", + "description": "External ID of threat intelligence entity" + }, + "createdByRef": { + "type": "string", + "description": "Created by reference of threat intelligence entity" + }, + "defanged": { + "type": "boolean", + "description": "Is threat intelligence entity defanged" + }, + "externalLastUpdatedTimeUtc": { + "type": "string", + "description": "External last updated time in UTC" + }, + "externalReferences": { + "type": "array", + "description": "External References", + "items": { + "$ref": "#/definitions/ThreatIntelligenceExternalReference" + }, + "x-ms-identifiers": [] + }, + "granularMarkings": { + "type": "array", + "description": "Granular Markings", + "items": { + "$ref": "#/definitions/ThreatIntelligenceGranularMarkingModel" + }, + "x-ms-identifiers": [] + }, + "labels": { + "type": "array", + "description": "Labels of threat intelligence entity", + "items": { + "type": "string" + } + }, + "revoked": { + "type": "boolean", + "description": "Is threat intelligence entity revoked" + }, + "confidence": { + "type": "integer", + "format": "int32", + "description": "Confidence of threat intelligence entity" + }, + "objectMarkingRefs": { + "type": "array", + "description": "Threat intelligence entity object marking references", + "items": { + "type": "string" + } + }, + "language": { + "type": "string", + "description": "Language of threat intelligence entity" + }, + "threatTypes": { + "type": "array", + "description": "Threat types", + "items": { + "type": "string" + } + }, + "validFrom": { + "type": "string", + "description": "Valid from" + }, + "validUntil": { + "type": "string", + "description": "Valid until" + }, + "created": { + "type": "string", + "description": "Created by" + }, + "modified": { + "type": "string", + "description": "Modified by" + }, + "extensions": { + "type": "object", + "description": "Extensions map", + "additionalProperties": {} + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "ThreatIntelligenceInformation": { + "type": "object", + "description": "Threat intelligence information object.", + "properties": { + "kind": { + "$ref": "#/definitions/ThreatIntelligenceResourceInnerKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "ThreatIntelligenceInformationList": { + "type": "object", + "description": "List of all the threat intelligence information objects.", + "properties": { + "value": { + "type": "array", + "description": "The ThreatIntelligenceInformation items on this page", + "items": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "ThreatIntelligenceKillChainPhase": { + "type": "object", + "description": "Describes threat kill chain phase entity", + "properties": { + "killChainName": { + "type": "string", + "description": "Kill chainName name" + }, + "phaseName": { + "type": "string", + "description": "Phase name" + } + } + }, + "ThreatIntelligenceList": { + "type": "object", + "description": "List all the threat intelligence objects on the workspace that match the provided query.", + "properties": { + "value": { + "type": "array", + "description": "The TIObject items on this page", + "items": { + "$ref": "#/definitions/TIObject" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "ThreatIntelligenceMain": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the ThreatIntelligenceMain", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "readOnly": true + } + }, + "required": [ + "name" + ] + }, + "ThreatIntelligenceMetric": { + "type": "object", + "description": "Describes threat intelligence metric", + "properties": { + "lastUpdatedTimeUtc": { + "type": "string", + "description": "Last updated indicator metric" + }, + "threatTypeMetrics": { + "type": "array", + "description": "Threat type metrics", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "x-ms-identifiers": [] + }, + "patternTypeMetrics": { + "type": "array", + "description": "Pattern type metrics", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "x-ms-identifiers": [] + }, + "sourceMetrics": { + "type": "array", + "description": "Source metrics", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "x-ms-identifiers": [] + } + } + }, + "ThreatIntelligenceMetricEntity": { + "type": "object", + "description": "Describes threat intelligence metric entity", + "properties": { + "metricName": { + "type": "string", + "description": "Metric name" + }, + "metricValue": { + "type": "integer", + "format": "int32", + "description": "Metric value" + } + } + }, + "ThreatIntelligenceMetrics": { + "type": "object", + "description": "Threat intelligence metrics.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceMetric", + "description": "Threat intelligence metrics." + } + } + }, + "ThreatIntelligenceMetricsList": { + "type": "object", + "description": "List of all the threat intelligence metric fields (type/threat type/source).", + "properties": { + "value": { + "type": "array", + "description": "Array of threat intelligence metric fields (type/threat type/source).", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetrics" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ] + }, + "ThreatIntelligenceParsedPattern": { + "type": "object", + "description": "Describes parsed pattern entity", + "properties": { + "patternTypeKey": { + "type": "string", + "description": "Pattern type key" + }, + "patternTypeValues": { + "type": "array", + "description": "Pattern type keys", + "items": { + "$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue" + }, + "x-ms-identifiers": [] + } + } + }, + "ThreatIntelligenceParsedPatternTypeValue": { + "type": "object", + "description": "Describes threat kill chain phase entity", + "properties": { + "valueType": { + "type": "string", + "description": "Type of the value" + }, + "value": { + "type": "string", + "description": "Value of parsed pattern" + } + } + }, + "ThreatIntelligenceResourceInnerKind": { + "type": "string", + "description": "The kind of the threat intelligence entity", + "enum": [ + "indicator" + ], + "x-ms-enum": { + "name": "ThreatIntelligenceResourceInnerKind", + "modelAsString": true, + "values": [ + { + "name": "indicator", + "value": "indicator", + "description": "Entity represents threat intelligence indicator in the system." + } + ] + } + }, + "ThreatIntelligenceSortingCriteria": { + "type": "object", + "description": "List of available columns for sorting", + "properties": { + "itemKey": { + "type": "string", + "description": "Column name" + }, + "sortOrder": { + "$ref": "#/definitions/ThreatIntelligenceSortingOrder", + "description": "Sorting order (ascending/descending/unsorted)." + } + } + }, + "ThreatIntelligenceSortingOrder": { + "type": "string", + "description": "Sorting order (ascending/descending/unsorted).", + "enum": [ + "unsorted", + "ascending", + "descending" + ], + "x-ms-enum": { + "name": "ThreatIntelligenceSortingOrder", + "modelAsString": true, + "values": [ + { + "name": "unsorted", + "value": "unsorted", + "description": "unsorted" + }, + { + "name": "ascending", + "value": "ascending", + "description": "ascending" + }, + { + "name": "descending", + "value": "descending", + "description": "descending" + } + ] + } + }, + "TiTaxiiCheckRequirements": { + "type": "object", + "description": "Threat Intelligence TAXII data connector check requirements", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiCheckRequirementsProperties", + "description": "Threat Intelligence TAXII check required properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiCheckRequirementsProperties": { + "type": "object", + "description": "Threat Intelligence TAXII data connector required properties.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "TiTaxiiDataConnector": { + "type": "object", + "description": "Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiDataConnectorProperties", + "description": "Threat intelligence TAXII data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Threat Intelligence TAXII data connector.", + "properties": { + "taxiiClient": { + "$ref": "#/definitions/TiTaxiiDataConnectorDataTypesTaxiiClient", + "description": "Data type for TAXII connector." + } + }, + "required": [ + "taxiiClient" + ] + }, + "TiTaxiiDataConnectorDataTypesTaxiiClient": { + "type": "object", + "description": "Data type for TAXII connector.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "TiTaxiiDataConnectorProperties": { + "type": "object", + "description": "Threat Intelligence TAXII data connector properties.", + "properties": { + "workspaceId": { + "type": "string", + "description": "The workspace id." + }, + "friendlyName": { + "type": "string", + "description": "The friendly name for the TAXII server." + }, + "taxiiServer": { + "type": "string", + "description": "The API root for the TAXII server." + }, + "collectionId": { + "type": "string", + "description": "The collection id of the TAXII server." + }, + "userName": { + "type": "string", + "description": "The userName for the TAXII server." + }, + "password": { + "type": "string", + "description": "The password for the TAXII server." + }, + "taxiiLookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the TAXII server.", + "x-nullable": true + }, + "pollingFrequency": { + "$ref": "#/definitions/PollingFrequency", + "description": "The polling frequency for the TAXII server.", + "x-nullable": true + }, + "dataTypes": { + "$ref": "#/definitions/TiTaxiiDataConnectorDataTypes", + "description": "The available data types for Threat Intelligence TAXII data connector." + } + }, + "required": [ + "pollingFrequency", + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "TiType": { + "type": "string", + "enum": [ + "main" + ], + "x-ms-enum": { + "name": "TiType", + "modelAsString": true, + "values": [ + { + "name": "main", + "value": "main", + "description": "main" + } + ] + } + }, + "TimelineAggregation": { + "type": "object", + "description": "timeline aggregation information per kind", + "properties": { + "count": { + "type": "integer", + "format": "int32", + "description": "the total items found for a kind" + }, + "kind": { + "$ref": "#/definitions/EntityTimelineKind", + "description": "the query kind" + } + }, + "required": [ + "count", + "kind" + ] + }, + "TimelineError": { + "type": "object", + "description": "Timeline Query Errors.", + "properties": { + "kind": { + "$ref": "#/definitions/EntityTimelineKind", + "description": "the query kind" + }, + "queryId": { + "type": "string", + "description": "the query id" + }, + "errorMessage": { + "type": "string", + "description": "the error message" + } + }, + "required": [ + "kind", + "errorMessage" + ] + }, + "TimelineResultsMetadata": { + "type": "object", + "description": "Expansion result metadata.", + "properties": { + "totalCount": { + "type": "integer", + "format": "int32", + "description": "the total items found for the timeline request" + }, + "aggregations": { + "type": "array", + "description": "timeline aggregation per kind", + "items": { + "$ref": "#/definitions/TimelineAggregation" + }, + "x-ms-identifiers": [] + }, + "errors": { + "type": "array", + "description": "information about the failure queries", + "items": { + "$ref": "#/definitions/TimelineError" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "totalCount", + "aggregations" + ] + }, + "TriggerOperator": { + "type": "string", + "description": "The operation against the threshold that triggers alert rule.", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "x-ms-enum": { + "name": "TriggerOperator", + "modelAsString": false, + "values": [ + { + "name": "GreaterThan", + "value": "GreaterThan", + "description": "GreaterThan" + }, + { + "name": "LessThan", + "value": "LessThan", + "description": "LessThan" + }, + { + "name": "Equal", + "value": "Equal", + "description": "Equal" + }, + { + "name": "NotEqual", + "value": "NotEqual", + "description": "NotEqual" + } + ] + } + }, + "TriggeredAnalyticsRuleRun": { + "type": "object", + "description": "The triggered analytics rule run", + "properties": { + "properties": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRunProperties", + "description": "The triggered analytics rule run Properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "required": [ + "properties" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "TriggeredAnalyticsRuleRunProperties": { + "type": "object", + "description": "The triggered analytics rule run Properties", + "properties": { + "executionTimeUtc": { + "type": "string", + "format": "date-time" + }, + "ruleId": { + "type": "string" + }, + "triggeredAnalyticsRuleRunId": { + "type": "string" + }, + "provisioningState": { + "$ref": "#/definitions/ProvisioningState", + "description": "The triggered analytics rule run provisioning state", + "readOnly": true + }, + "ruleRunAdditionalData": { + "type": "object", + "description": "Dictionary of ", + "additionalProperties": {} + } + }, + "required": [ + "executionTimeUtc", + "ruleId", + "triggeredAnalyticsRuleRunId", + "provisioningState" + ] + }, + "TriggeredAnalyticsRuleRuns": { + "type": "object", + "description": "The triggered analytics rule run array", + "properties": { + "value": { + "type": "array", + "description": "The TriggeredAnalyticsRuleRun items on this page", + "items": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRun" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "TriggersOn": { + "type": "string", + "enum": [ + "Incidents", + "Alerts" + ], + "x-ms-enum": { + "name": "TriggersOn", + "modelAsString": true, + "values": [ + { + "name": "Incidents", + "value": "Incidents", + "description": "Trigger on Incidents" + }, + { + "name": "Alerts", + "value": "Alerts", + "description": "Trigger on Alerts" + } + ] + } + }, + "TriggersWhen": { + "type": "string", + "enum": [ + "Created", + "Updated" + ], + "x-ms-enum": { + "name": "TriggersWhen", + "modelAsString": true, + "values": [ + { + "name": "Created", + "value": "Created", + "description": "Trigger on created objects" + }, + { + "name": "Updated", + "value": "Updated", + "description": "Trigger on updated objects" + } + ] + } + }, + "Ueba": { + "type": "object", + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/UebaProperties", + "description": "Ueba properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "x-ms-discriminator-value": "Ueba" + }, + "UebaDataSources": { + "type": "string", + "description": "The data source that enriched by ueba.", + "enum": [ + "AuditLogs", + "AzureActivity", + "SecurityEvent", + "SigninLogs" + ], + "x-ms-enum": { + "name": "UebaDataSources", + "modelAsString": true, + "values": [ + { + "name": "AuditLogs", + "value": "AuditLogs", + "description": "AuditLogs" + }, + { + "name": "AzureActivity", + "value": "AzureActivity", + "description": "AzureActivity" + }, + { + "name": "SecurityEvent", + "value": "SecurityEvent", + "description": "SecurityEvent" + }, + { + "name": "SigninLogs", + "value": "SigninLogs", + "description": "SigninLogs" + } + ] + } + }, + "UebaProperties": { + "type": "object", + "description": "Ueba property bag.", + "properties": { + "dataSources": { + "type": "array", + "description": "The relevant data sources that enriched by ueba", + "items": { + "$ref": "#/definitions/UebaDataSources" + } + } + } + }, + "UrlEntity": { + "type": "object", + "description": "Represents a url entity.", + "properties": { + "properties": { + "$ref": "#/definitions/UrlEntityProperties", + "description": "Url entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Url" + }, + "UrlEntityProperties": { + "type": "object", + "description": "Url entity property bag.", + "properties": { + "url": { + "type": "string", + "description": "A full URL the entity points to", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "UserInfo": { + "type": "object", + "description": "User information that made some action", + "properties": { + "email": { + "type": "string", + "description": "The email of the user.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The name of the user.", + "readOnly": true + }, + "objectId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The object id of the user.", + "x-nullable": true + } + } + }, + "ValidationError": { + "type": "object", + "description": "Describes an error encountered in the file during validation.", + "properties": { + "recordIndex": { + "type": "integer", + "format": "int32", + "description": "The number of the record that has the error." + }, + "errorMessages": { + "type": "array", + "description": "A list of descriptions of the error.", + "items": { + "type": "string" + }, + "readOnly": true + } + } + }, + "Version": { + "type": "string", + "description": "The version of the source control.", + "enum": [ + "V1", + "V2" + ], + "x-ms-enum": { + "name": "Version", + "modelAsString": true, + "values": [ + { + "name": "V1", + "value": "V1", + "description": "V1" + }, + { + "name": "V2", + "value": "V2", + "description": "V2" + } + ] + } + }, + "Warning": { + "type": "object", + "description": "Warning response structure.", + "properties": { + "warning": { + "$ref": "#/definitions/WarningBody", + "description": "Warning data.", + "readOnly": true + } + } + }, + "WarningBody": { + "type": "object", + "description": "Warning details.", + "properties": { + "code": { + "$ref": "#/definitions/WarningCode", + "description": "An identifier for the warning. Codes are invariant and are intended to be consumed programmatically.", + "readOnly": true + }, + "message": { + "type": "string", + "description": "A message describing the warning, intended to be suitable for display in a user interface.", + "readOnly": true + }, + "details": { + "type": "array", + "items": { + "$ref": "#/definitions/WarningBody" + }, + "readOnly": true, + "x-ms-identifiers": [] + } + } + }, + "WarningCode": { + "type": "string", + "description": "The type of repository.", + "enum": [ + "SourceControlWarning_DeleteServicePrincipal", + "SourceControlWarning_DeletePipelineFromAzureDevOps", + "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "SourceControlWarning_DeleteRoleAssignment", + "SourceControl_DeletedWithWarnings" + ], + "x-ms-enum": { + "name": "WarningCode", + "modelAsString": true, + "values": [ + { + "name": "SourceControlWarning_DeleteServicePrincipal", + "value": "SourceControlWarning_DeleteServicePrincipal", + "description": "SourceControlWarning_DeleteServicePrincipal" + }, + { + "name": "SourceControlWarning_DeletePipelineFromAzureDevOps", + "value": "SourceControlWarning_DeletePipelineFromAzureDevOps", + "description": "SourceControlWarning_DeletePipelineFromAzureDevOps" + }, + { + "name": "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "value": "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "description": "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub" + }, + { + "name": "SourceControlWarning_DeleteRoleAssignment", + "value": "SourceControlWarning_DeleteRoleAssignment", + "description": "SourceControlWarning_DeleteRoleAssignment" + }, + { + "name": "SourceControl_DeletedWithWarnings", + "value": "SourceControl_DeletedWithWarnings", + "description": "SourceControl_DeletedWithWarnings" + } + ] + } + }, + "Watchlist": { + "type": "object", + "description": "Represents a Watchlist in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistProperties", + "description": "Watchlist properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "WatchlistItem": { + "type": "object", + "description": "Represents a Watchlist Item in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistItemProperties", + "description": "Watchlist Item properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "WatchlistItemList": { + "type": "object", + "description": "List all the watchlist items.", + "properties": { + "value": { + "type": "array", + "description": "The WatchlistItem items on this page", + "items": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "WatchlistItemProperties": { + "type": "object", + "description": "Describes watchlist item properties", + "properties": { + "watchlistItemType": { + "type": "string", + "description": "The type of the watchlist item" + }, + "watchlistItemId": { + "type": "string", + "description": "The id (a Guid) of the watchlist item" + }, + "tenantId": { + "type": "string", + "description": "The tenantId to which the watchlist item belongs to" + }, + "isDeleted": { + "type": "boolean", + "description": "A flag that indicates if the watchlist item is deleted or not" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time the watchlist item was created" + }, + "updated": { + "type": "string", + "format": "date-time", + "description": "The last time the watchlist item was updated" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist item" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist item" + }, + "itemsKeyValue": { + "description": "key-value pairs for a watchlist item" + }, + "entityMapping": { + "description": "key-value pairs for a watchlist item entity mapping" + } + }, + "required": [ + "itemsKeyValue" + ] + }, + "WatchlistList": { + "type": "object", + "description": "List all the watchlists.", + "properties": { + "value": { + "type": "array", + "description": "The Watchlist items on this page", + "items": { + "$ref": "#/definitions/Watchlist" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "WatchlistProperties": { + "type": "object", + "description": "Describes watchlist properties", + "properties": { + "watchlistId": { + "type": "string", + "description": "The id (a Guid) of the watchlist" + }, + "displayName": { + "type": "string", + "description": "The display name of the watchlist" + }, + "provider": { + "type": "string", + "description": "The provider of the watchlist" + }, + "source": { + "type": "string", + "description": "The filename of the watchlist, called 'source'" + }, + "sourceType": { + "$ref": "#/definitions/SourceType", + "description": "The sourceType of the watchlist" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time the watchlist was created" + }, + "updated": { + "type": "string", + "format": "date-time", + "description": "The last time the watchlist was updated" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist" + }, + "description": { + "type": "string", + "description": "A description of the watchlist" + }, + "watchlistType": { + "type": "string", + "description": "The type of the watchlist" + }, + "watchlistAlias": { + "type": "string", + "description": "The alias of the watchlist" + }, + "isDeleted": { + "type": "boolean", + "description": "A flag that indicates if the watchlist is deleted or not" + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this watchlist", + "items": { + "type": "string" + } + }, + "defaultDuration": { + "type": "string", + "format": "duration", + "description": "The default duration of a watchlist (in ISO 8601 duration format)" + }, + "tenantId": { + "type": "string", + "description": "The tenantId where the watchlist belongs to" + }, + "numberOfLinesToSkip": { + "type": "integer", + "format": "int32", + "description": "The number of lines in a csv/tsv content to skip before the header" + }, + "rawContent": { + "type": "string", + "description": "The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint" + }, + "itemsSearchKey": { + "type": "string", + "description": "The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address." + }, + "contentType": { + "type": "string", + "description": "The content type of the raw content. Example : text/csv or text/tsv" + }, + "uploadStatus": { + "type": "string", + "description": "The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted" + }, + "provisioningState": { + "$ref": "#/definitions/WatchlistProvisioningState", + "description": "Describes provisioning state", + "readOnly": true + } + }, + "required": [ + "displayName", + "provider", + "itemsSearchKey" + ] + }, + "WatchlistProvisioningState": { + "type": "string", + "description": "The provisioning state of the watchlist", + "enum": [ + "New", + "InProgress", + "Uploading", + "Deleting", + "Succeeded", + "Failed", + "Canceled" + ], + "x-ms-enum": { + "name": "WatchlistProvisioningState", + "modelAsString": true, + "values": [ + { + "name": "New", + "value": "New", + "description": "New" + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "InProgress" + }, + { + "name": "Uploading", + "value": "Uploading", + "description": "Uploading" + }, + { + "name": "Deleting", + "value": "Deleting", + "description": "Deleting" + }, + { + "name": "Succeeded", + "value": "Succeeded", + "description": "Succeeded" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + }, + { + "name": "Canceled", + "value": "Canceled", + "description": "Canceled" + } + ] + } + }, + "Webhook": { + "type": "object", + "description": "Detail about the webhook object.", + "properties": { + "webhookId": { + "type": "string", + "description": "Unique identifier for the webhook.", + "readOnly": true + }, + "webhookUrl": { + "type": "string", + "description": "URL that gets invoked by the webhook.", + "readOnly": true + }, + "webhookSecretUpdateTime": { + "type": "string", + "format": "date-time", + "description": "Time when the webhook secret was updated.", + "readOnly": true + }, + "rotateWebhookSecret": { + "type": "boolean", + "description": "A flag to instruct the backend service to rotate webhook secret." + } + } + }, + "WorkloadIdentityFederation": { + "type": "object", + "description": "Workload Identity Federation metadata.", + "properties": { + "id": { + "type": "string", + "description": "Id of Workload Identity Federation.", + "readOnly": true + }, + "tenantId": { + "type": "string", + "description": "Tenant id of Workload Identity Federation.", + "readOnly": true + }, + "appId": { + "type": "string", + "description": "App id of Workload Identity Federation.", + "readOnly": true + }, + "subject": { + "type": "string", + "description": "Subject of Workload Identity Federation.", + "readOnly": true + }, + "issuer": { + "type": "string", + "description": "Issuer of Workload Identity Federation.", + "readOnly": true + } + } + }, + "WorkspaceManagerAssignment": { + "type": "object", + "description": "The workspace manager assignment", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerAssignmentProperties", + "description": "The workspace manager assignment object", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Resource Etag.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "WorkspaceManagerAssignmentList": { + "type": "object", + "description": "List of all the workspace manager assignments.", + "properties": { + "value": { + "type": "array", + "description": "The WorkspaceManagerAssignment items on this page", + "items": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "WorkspaceManagerAssignmentProperties": { + "type": "object", + "description": "The workspace manager assignment properties", + "properties": { + "targetResourceName": { + "type": "string", + "description": "The resource name of the workspace manager group targeted by the workspace manager assignment" + }, + "lastJobEndTime": { + "type": "string", + "format": "date-time", + "description": "The time the last job associated to this assignment ended at", + "readOnly": true + }, + "lastJobProvisioningState": { + "$ref": "#/definitions/JobProvisioningState", + "description": "State of the last job associated to this assignment", + "readOnly": true + }, + "items": { + "type": "array", + "description": "List of resources included in this workspace manager assignment", + "items": { + "$ref": "#/definitions/assignmentItem" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "targetResourceName", + "items" + ] + }, + "WorkspaceManagerConfiguration": { + "type": "object", + "description": "The workspace manager configuration", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerConfigurationProperties", + "description": "The workspace manager configuration object", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Resource Etag.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "WorkspaceManagerConfigurationList": { + "type": "object", + "description": "List all the workspace manager configurations for the workspace.", + "properties": { + "value": { + "type": "array", + "description": "The WorkspaceManagerConfiguration items on this page", + "items": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "WorkspaceManagerConfigurationProperties": { + "type": "object", + "description": "The workspace manager configuration properties", + "properties": { + "mode": { + "$ref": "#/definitions/Mode", + "description": "The current mode of the workspace manager configuration" + } + }, + "required": [ + "mode" + ] + }, + "WorkspaceManagerGroup": { + "type": "object", + "description": "The workspace manager group", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerGroupProperties", + "description": "The workspace manager group object", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Resource Etag.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "WorkspaceManagerGroupList": { + "type": "object", + "description": "List of all the workspace manager groups.", + "properties": { + "value": { + "type": "array", + "description": "The WorkspaceManagerGroup items on this page", + "items": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "WorkspaceManagerGroupProperties": { + "type": "object", + "description": "The workspace manager group properties", + "properties": { + "description": { + "type": "string", + "description": "The description of the workspace manager group" + }, + "displayName": { + "type": "string", + "description": "The display name of the workspace manager group" + }, + "memberResourceNames": { + "type": "array", + "description": "The names of the workspace manager members participating in this group.", + "items": { + "type": "string" + } + } + }, + "required": [ + "displayName", + "memberResourceNames" + ] + }, + "WorkspaceManagerMember": { + "type": "object", + "description": "The workspace manager member", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerMemberProperties", + "description": "The workspace manager member object", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Resource Etag.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "WorkspaceManagerMemberProperties": { + "type": "object", + "description": "The workspace manager member properties", + "properties": { + "targetWorkspaceResourceId": { + "type": "string", + "description": "Fully qualified resource ID of the target Sentinel workspace joining the given Sentinel workspace manager" + }, + "targetWorkspaceTenantId": { + "type": "string", + "description": "Tenant id of the target Sentinel workspace joining the given Sentinel workspace manager" + } + }, + "required": [ + "targetWorkspaceResourceId", + "targetWorkspaceTenantId" + ] + }, + "WorkspaceManagerMembersList": { + "type": "object", + "description": "List of workspace manager members", + "properties": { + "value": { + "type": "array", + "description": "The WorkspaceManagerMember items on this page", + "items": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "assignmentItem": { + "type": "object", + "description": "An entity describing a content item.", + "properties": { + "resourceId": { + "type": "string", + "description": "The resource id of the content item" + } + } + }, + "error": { + "type": "object", + "description": "The error description for why a publication failed", + "properties": { + "memberResourceName": { + "type": "string", + "description": "The member resource name for which the publication error occured" + }, + "errorMessage": { + "type": "string", + "description": "The error message" + } + }, + "required": [ + "memberResourceName", + "errorMessage" + ] + }, + "jobItem": { + "type": "object", + "description": "An entity describing the publish status of a content item.", + "properties": { + "resourceId": { + "type": "string", + "description": "The resource id of the content item" + }, + "status": { + "$ref": "#/definitions/Status", + "description": "Status of the item publication", + "readOnly": true + }, + "executionTime": { + "type": "string", + "format": "date-time", + "description": "The time the item publishing was completed", + "readOnly": true + }, + "errors": { + "type": "array", + "description": "The list of error descriptions if the item publication fails.", + "items": { + "$ref": "#/definitions/error" + }, + "x-ms-identifiers": [] + } + } + }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "type": "string", + "description": "Name of the author. Company or person." + }, + "email": { + "type": "string", + "description": "Email of author contact" + }, + "link": { + "type": "string", + "description": "Link for author/vendor page" + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "type": "array", + "description": "domain for the solution content item", + "items": { + "type": "string" + } + }, + "verticals": { + "type": "array", + "description": "Industry verticals for the solution content item", + "items": { + "type": "string" + } + } + } + }, + "metadataDependencies": { + "type": "object", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "properties": { + "contentId": { + "type": "string", + "description": "Id of the content item we depend on" + }, + "kind": { + "$ref": "#/definitions/Kind", + "description": "Type of the content item we depend on" + }, + "version": { + "type": "string", + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required." + }, + "name": { + "type": "string", + "description": "Name of the content item" + }, + "operator": { + "$ref": "#/definitions/MetadataDependencyOperator", + "description": "Operator used for list of dependencies in criteria array." + }, + "criteria": { + "type": "array", + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "items": { + "$ref": "#/definitions/metadataDependencies" + }, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, + "metadataPatch": { + "type": "object", + "description": "Metadata patch request body.", + "properties": { + "properties": { + "$ref": "#/definitions/metadataPropertiesPatch", + "description": "Metadata patch request body", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ] + }, + "metadataProperties": { + "type": "object", + "description": "Metadata property bag.", + "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a template, both will have the same contentId." + }, + "parentId": { + "type": "string", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "type": "string", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the solution content item" + }, + "providers": { + "type": "array", + "description": "Providers for the solution content item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date of solution content item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date of solution content item" + }, + "customVersion": { + "type": "string", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "type": "string", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the solution template" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "previewImages": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts", + "items": { + "type": "string" + } + }, + "previewImagesDark": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "items": { + "type": "string" + } + } + }, + "required": [ + "parentId", + "kind" + ] + }, + "metadataPropertiesPatch": { + "type": "object", + "description": "Metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required", + "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a template, both will have the same contentId." + }, + "parentId": { + "type": "string", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "type": "string", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the solution content item" + }, + "providers": { + "type": "array", + "description": "Providers for the solution content item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date of solution content item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date of solution content item" + }, + "customVersion": { + "type": "string", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "type": "string", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the solution template" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "previewImages": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts", + "items": { + "type": "string" + } + }, + "previewImagesDark": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "items": { + "type": "string" + } + } + } + }, + "metadataSource": { + "type": "object", + "description": "The original source of the content item, where it comes from.", + "properties": { + "kind": { + "$ref": "#/definitions/SourceKind", + "description": "Source type of the content" + }, + "name": { + "type": "string", + "description": "Name of the content source. The repo name, solution name, LA workspace name etc." + }, + "sourceId": { + "type": "string", + "description": "ID of the content source. The solution ID, workspace ID, etc" + } + }, + "required": [ + "kind" + ] + }, + "metadataSupport": { + "type": "object", + "description": "Support information for the content item.", + "properties": { + "tier": { + "$ref": "#/definitions/SupportTier", + "description": "Type of support for content item" + }, + "name": { + "type": "string", + "description": "Name of the support contact. Company or person." + }, + "email": { + "type": "string", + "description": "Email of support contact" + }, + "link": { + "type": "string", + "description": "Link for support help, like to support page to open a ticket etc." + } + }, + "required": [ + "tier" + ] + }, + "outputType": { + "type": "string", + "description": "Insights Column type.", + "enum": [ + "Number", + "String", + "Date", + "Entity" + ], + "x-ms-enum": { + "name": "outputType", + "modelAsString": true, + "values": [ + { + "name": "Number", + "value": "Number", + "description": "Number" + }, + { + "name": "String", + "value": "String", + "description": "String" + }, + { + "name": "Date", + "value": "Date", + "description": "Date" + }, + { + "name": "Entity", + "value": "Entity", + "description": "Entity" + } + ] + } + }, + "packageBaseProperties": { + "type": "object", + "description": "Describes package properties", + "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/PackageKind", + "description": "The package kind" + }, + "contentSchemaVersion": { + "type": "string", + "description": "The version of the content schema." + }, + "isNew": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this is a newly published package." + }, + "isPreview": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this package is in preview." + }, + "isFeatured": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this package is among the featured list." + }, + "isDeprecated": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this template is deprecated" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, + "description": { + "type": "string", + "description": "The description of the package" + }, + "publisherDisplayName": { + "type": "string", + "description": "The publisher display name of the package" + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "The source of the package" + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The author of the package" + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "The support tier of the package" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "The support tier of the package" + }, + "providers": { + "type": "array", + "description": "Providers for the package item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date package item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date for the package item" + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "The categories of the package" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the content metadata" + } + } + }, + "packageList": { + "type": "object", + "description": "List available packages.", + "properties": { + "value": { + "type": "array", + "description": "The PackageModel items on this page", + "items": { + "$ref": "#/definitions/packageModel" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "packageModel": { + "type": "object", + "description": "Represents a Package in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/packageProperties", + "description": "package properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "packageProperties": { + "type": "object", + "description": "Describes package properties", + "allOf": [ + { + "$ref": "#/definitions/packageBaseProperties" + } + ] + }, + "productPackageAdditionalProperties": { + "type": "object", + "description": "product package additional properties", + "properties": { + "installedVersion": { + "type": "string", + "description": "The version of the installed package, null or absent means not installed." + }, + "metadataResourceId": { + "type": "string", + "format": "arm-id", + "description": "The metadata resource id." + }, + "packagedContent": { + "description": "The json of the ARM template to deploy. Expandable." + } + } + }, + "productPackageList": { + "type": "object", + "description": "List available packages.", + "properties": { + "value": { + "type": "array", + "description": "The ProductPackageModel items on this page", + "items": { + "$ref": "#/definitions/productPackageModel" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "productPackageModel": { + "type": "object", + "description": "Represents a Package in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/productPackageProperties", + "description": "package properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "productPackageProperties": { + "type": "object", + "description": "Describes package properties", + "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/PackageKind", + "description": "The package kind" + }, + "contentSchemaVersion": { + "type": "string", + "description": "The version of the content schema." + }, + "isNew": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this is a newly published package." + }, + "isPreview": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this package is in preview." + }, + "isFeatured": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this package is among the featured list." + }, + "isDeprecated": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this template is deprecated" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, + "description": { + "type": "string", + "description": "The description of the package" + }, + "publisherDisplayName": { + "type": "string", + "description": "The publisher display name of the package" + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "The source of the package" + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The author of the package" + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "The support tier of the package" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "The support tier of the package" + }, + "providers": { + "type": "array", + "description": "Providers for the package item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date package item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date for the package item" + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "The categories of the package" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "installedVersion": { + "type": "string", + "description": "The version of the installed package, null or absent means not installed." + }, + "metadataResourceId": { + "type": "string", + "format": "arm-id", + "description": "The metadata resource id." + }, + "packagedContent": { + "description": "The json of the ARM template to deploy. Expandable." + } + } + }, + "productTemplateAdditionalProperties": { + "type": "object", + "description": "additional properties of product template.", + "properties": { + "packagedContent": { + "description": "The json of the ARM template to deploy" + } + } + }, + "productTemplateList": { + "type": "object", + "description": "List of all the template.", + "properties": { + "value": { + "type": "array", + "description": "The ProductTemplateModel items on this page", + "items": { + "$ref": "#/definitions/productTemplateModel" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "productTemplateModel": { + "type": "object", + "description": "Template resource definition.", + "properties": { + "properties": { + "$ref": "#/definitions/productTemplateProperties", + "description": "template properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "productTemplateProperties": { + "type": "object", + "description": "Template property bag.", + "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/Kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "type": "array", + "description": "Providers for the content item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date content item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date for the content item" + }, + "customVersion": { + "type": "string", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "type": "string", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "previewImages": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts", + "items": { + "type": "string" + } + }, + "previewImagesDark": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "items": { + "type": "string" + } + }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "#/definitions/PackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "type": "string", + "description": "the name of the package contains this template" + }, + "isDeprecated": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this template is deprecated", + "readOnly": true + }, + "packagedContent": { + "description": "The json of the ARM template to deploy" + } + } + }, + "templateAdditionalProperties": { + "type": "object", + "description": "additional properties of product template.", + "properties": { + "mainTemplate": { + "description": "The JSON of the ARM template to deploy active content. Expandable." + }, + "dependantTemplates": { + "type": "array", + "description": "Dependant templates. Expandable.", + "items": { + "$ref": "#/definitions/templateProperties" + }, + "readOnly": true, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, + "templateList": { + "type": "object", + "description": "List of all the template.", + "properties": { + "value": { + "type": "array", + "description": "The TemplateModel items on this page", + "items": { + "$ref": "#/definitions/templateModel" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "templateModel": { + "type": "object", + "description": "Template resource definition.", + "properties": { + "properties": { + "$ref": "#/definitions/templateProperties", + "description": "template properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "templateProperties": { + "type": "object", + "description": "Template property bag.", + "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/Kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "type": "array", + "description": "Providers for the content item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date content item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date for the content item" + }, + "customVersion": { + "type": "string", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "type": "string", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "previewImages": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts", + "items": { + "type": "string" + } + }, + "previewImagesDark": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "items": { + "type": "string" + } + }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "#/definitions/PackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "type": "string", + "description": "the name of the package contains this template" + }, + "isDeprecated": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this template is deprecated", + "readOnly": true + }, + "mainTemplate": { + "description": "The JSON of the ARM template to deploy active content. Expandable." + }, + "dependantTemplates": { + "type": "array", + "description": "Dependant templates. Expandable.", + "items": { + "$ref": "#/definitions/templateProperties" + }, + "readOnly": true, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, + "threatIntelligence": { + "type": "object", + "description": "ThreatIntelligence property bag.", + "properties": { + "confidence": { + "type": "number", + "format": "double", + "description": "Confidence (must be between 0 and 1)", + "readOnly": true + }, + "providerName": { + "type": "string", + "description": "Name of the provider from whom this Threat Intelligence information was received", + "readOnly": true + }, + "reportLink": { + "type": "string", + "description": "Report link", + "readOnly": true + }, + "threatDescription": { + "type": "string", + "description": "Threat description (free text)", + "readOnly": true + }, + "threatName": { + "type": "string", + "description": "Threat name (e.g. \"Jedobot malware\")", + "readOnly": true + }, + "threatType": { + "type": "string", + "description": "Threat type (e.g. \"Botnet\")", + "readOnly": true + } + } + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/CreateActionOfAlertRule.json index ff55979962b6..aaab8f022dce 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/CreateActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/CreateActionOfAlertRule.json @@ -40,5 +40,7 @@ } } } - } + }, + "operationId": "Actions_CreateOrUpdate", + "title": "Creates or updates an action of alert rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/DeleteActionOfAlertRule.json index b46475b360bf..9f9b3b6dd58f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/DeleteActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/DeleteActionOfAlertRule.json @@ -11,5 +11,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "Actions_Delete", + "title": "Delete an action of alert rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/GetActionOfAlertRuleById.json index 781433de3422..afc0674932e7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/GetActionOfAlertRuleById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/GetActionOfAlertRuleById.json @@ -21,5 +21,7 @@ } } } - } + }, + "operationId": "Actions_Get", + "title": "Get an action of alert rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/GetAllActionsByAlertRule.json index fb02094bf52e..d2639f8a9aa7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/GetAllActionsByAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/actions/GetAllActionsByAlertRule.json @@ -24,5 +24,7 @@ ] } } - } + }, + "operationId": "Actions_ListByAlertRule", + "title": "Get all actions of alert rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json index c2cbb6633f6e..9183cc6f1d5a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -76,5 +76,7 @@ } } } - } + }, + "operationId": "AlertRuleTemplates_Get", + "title": "Get alert rule template by Id." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json index 77e7011bf672..27a7811f2202 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -82,5 +82,7 @@ ] } } - } + }, + "operationId": "AlertRuleTemplates_List", + "title": "Get all alert rule templates." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateFusionAlertRule.json index 42210b46e1d2..a348f93116bd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateFusionAlertRule.json @@ -62,5 +62,7 @@ } } } - } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Fusion alert rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json index 7006b9e61ce7..7d563cbc0b32 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -55,5 +55,7 @@ } } } - } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a MicrosoftSecurityIncidentCreation rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateScheduledAlertRule.json index 49dd7c9601d7..e655e85be599 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/CreateScheduledAlertRule.json @@ -277,5 +277,7 @@ } } } - } + }, + "operationId": "AlertRules_CreateOrUpdate", + "title": "Creates or updates a Scheduled alert rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/DeleteAlertRule.json index 7a06f130e86b..0eed9728b604 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/DeleteAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/DeleteAlertRule.json @@ -10,5 +10,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "AlertRules_Delete", + "title": "Delete an alert rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetAllAlertRules.json index 27ebe99630fa..2c2af1a8a1e1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetAllAlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetAllAlertRules.json @@ -129,5 +129,7 @@ ] } } - } + }, + "operationId": "AlertRules_List", + "title": "Get all alert rules." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetFusionAlertRule.json index e5acbfe85c11..20c996089dca 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetFusionAlertRule.json @@ -31,5 +31,7 @@ } } } - } + }, + "operationId": "AlertRules_Get", + "title": "Get a Fusion alert rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json index 1e8e5c34ecf9..0172f7f5929b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -27,5 +27,7 @@ } } } - } + }, + "operationId": "AlertRules_Get", + "title": "Get a MicrosoftSecurityIncidentCreation rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetScheduledAlertRule.json index 84757ff5acd4..338919c51082 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/alertRules/GetScheduledAlertRule.json @@ -88,5 +88,7 @@ } } } - } + }, + "operationId": "AlertRules_Get", + "title": "Get a Scheduled alert rule." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_CreateOrUpdate.json index 77bc6a1cb4c5..e65cfaea7a01 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -167,5 +167,7 @@ } } } - } + }, + "operationId": "AutomationRules_CreateOrUpdate", + "title": "AutomationRules_CreateOrUpdate" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_Delete.json index 678a61425c28..ad6e9d720434 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_Delete.json @@ -13,5 +13,7 @@ "204": { "body": {} } - } + }, + "operationId": "AutomationRules_Delete", + "title": "AutomationRules_Delete" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_Get.json index c2376dc5355b..9612a1def28c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_Get.json @@ -61,5 +61,7 @@ } } } - } + }, + "operationId": "AutomationRules_Get", + "title": "AutomationRules_Get" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_List.json index 40346c5c8933..cdb0a2cf5556 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/automationRules/AutomationRules_List.json @@ -64,5 +64,7 @@ ] } } - } + }, + "operationId": "AutomationRules_List", + "title": "AutomationRules_List" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/CreateBookmark.json index 8cf372e602fe..f1c538c2bf52 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/CreateBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/CreateBookmark.json @@ -89,5 +89,7 @@ } } } - } + }, + "operationId": "Bookmarks_CreateOrUpdate", + "title": "Creates or updates a bookmark." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/DeleteBookmark.json index fe1cb33e7e96..6607f5be9046 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/DeleteBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/DeleteBookmark.json @@ -10,5 +10,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "Bookmarks_Delete", + "title": "Delete a bookmark." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/GetBookmarkById.json index 231ef0895f31..eaddbd1b5c9c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/GetBookmarkById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/GetBookmarkById.json @@ -44,5 +44,7 @@ } } } - } + }, + "operationId": "Bookmarks_Get", + "title": "Get a bookmark." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/GetBookmarks.json index 6d29fd56828d..e96d7584c577 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/GetBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/bookmarks/GetBookmarks.json @@ -47,5 +47,7 @@ ] } } - } + }, + "operationId": "Bookmarks_List", + "title": "Get all bookmarks." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetPackageById.json index 2ac088471145..f16b6ccf39dd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetPackageById.json @@ -30,5 +30,7 @@ } } } - } + }, + "operationId": "ContentPackages_Get", + "title": "Get installed packages by id." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetPackages.json index 5f949ee3dfa7..03c3821992a4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetPackages.json @@ -35,5 +35,7 @@ ] } } - } + }, + "operationId": "ContentPackages_List", + "title": "Get all available packages." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetProductPackageById.json index e9cc015b79ab..88ab8b691d62 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetProductPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetProductPackageById.json @@ -72,5 +72,7 @@ } } } - } + }, + "operationId": "ProductPackage_Get", + "title": "Get a package." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetProductPackages.json index b35a4f490d14..81f0e7eeec58 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/GetProductPackages.json @@ -75,5 +75,7 @@ ] } } - } + }, + "operationId": "ProductPackages_List", + "title": "Get all available packages." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/InstallPackage.json index f8e53b4def62..55c8470b97b6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/InstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/InstallPackage.json @@ -147,5 +147,7 @@ } } } - } + }, + "operationId": "ContentPackage_Install", + "title": "Install a package to the workspace." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/UninstallPackage.json index 28332ba9ca3e..0858cd646384 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/UninstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentPackages/UninstallPackage.json @@ -9,5 +9,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "ContentPackage_Uninstall", + "title": "Uninstall a package from the workspace." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/DeleteTemplate.json index 673bc28ca495..482e614a6a6b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/DeleteTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/DeleteTemplate.json @@ -9,5 +9,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "ContentTemplate_Delete", + "title": "Delete metadata." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetProductTemplateById.json index 0b4707446b13..d1d109ee270e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetProductTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetProductTemplateById.json @@ -39,5 +39,7 @@ } } } - } + }, + "operationId": "ProductTemplate_Get", + "title": "Get a template." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetProductTemplates.json index 36a611ede271..872ccca49b75 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetProductTemplates.json @@ -41,5 +41,7 @@ ] } } - } + }, + "operationId": "ProductTemplates_List", + "title": "Get all installed templates." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetTemplateById.json index ca921373b2f8..2cff0c319045 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetTemplateById.json @@ -37,5 +37,7 @@ } } } - } + }, + "operationId": "ContentTemplate_Get", + "title": "Get a template." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetTemplates.json index 19766ace573e..beba72a9fc90 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/GetTemplates.json @@ -39,5 +39,7 @@ ] } } - } + }, + "operationId": "ContentTemplates_List", + "title": "Get all installed templates." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/InstallTemplate.json index 0a0352a18cc8..ac038c19166e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/InstallTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/contentTemplates/InstallTemplate.json @@ -224,5 +224,7 @@ } } } - } + }, + "operationId": "ContentTemplate_Install", + "title": "Get a template." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json index bd06b5623999..61c9dc0fc4d3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -254,5 +254,7 @@ } } } - } + }, + "operationId": "DataConnectorDefinitions_CreateOrUpdate", + "title": "Create data connector definition" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json index aa4c6eab3987..2c85da32471a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -9,5 +9,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "DataConnectorDefinitions_Delete", + "title": "Delete data connector definition" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json index 986bfadb77cd..d35183adbf6c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json @@ -91,5 +91,7 @@ } } } - } + }, + "operationId": "DataConnectorDefinitions_Get", + "title": "Get customize data connector definition" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json index cdce3726b311..ce38a539e119 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -90,5 +90,7 @@ ] } } - } + }, + "operationId": "DataConnectorDefinitions_List", + "title": "Get all data connector definitions." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json index e84d063f7271..1f59f6bd94b0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -55,5 +55,7 @@ } } } - } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a MicrosoftThreatIntelligence data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateOfficeDataConnetor.json index d05e47732233..849e1a1f98c3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -72,5 +72,7 @@ } } } - } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Office365 data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json index f7921c7754dd..68cbc31fe33c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -57,5 +57,7 @@ } } } - } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates a PremiumMicrosoftDefenderForThreatIntelligence data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json index 17c8a33babf9..58985e33d7dc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -56,5 +56,7 @@ } } } - } + }, + "operationId": "DataConnectors_CreateOrUpdate", + "title": "Creates or updates an Threat Intelligence Platform data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json index 7379310060a6..d3d337e7cf58 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -9,5 +9,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an MicrosoftThreatIntelligence data connector" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeleteOfficeDataConnetor.json index f13faf645c4e..ea250f5db303 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeleteOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -10,5 +10,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "DataConnectors_Delete", + "title": "Delete an Office365 data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json index 704d16b859f2..0dc174d7ab93 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -9,5 +9,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "DataConnectors_Delete", + "title": "Deletes a PremiumMicrosoftDefenderForThreatIntelligence data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json index 93dbd204c70c..85346d69326b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -25,5 +25,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AwsCloudTrail data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureActiveDirectoryById.json index 9092faf82af7..1e1680e6fb80 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureActiveDirectoryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -25,5 +25,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AAD data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json index e12a0c4b2d0a..09cee7a447d6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -25,5 +25,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get an AATP data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureSecurityCenterById.json index 65175fb7e7bb..a32a743ee605 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureSecurityCenterById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -25,5 +25,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get a ASC data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetDataConnectors.json index 349effca94ab..b96d82b1d6d5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetDataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetDataConnectors.json @@ -142,5 +142,7 @@ ] } } - } + }, + "operationId": "DataConnectors_List", + "title": "Get all data connectors." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json index 0d5bd20588d2..0a0d916d28b5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -28,5 +28,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MCAS data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json index ed50d31b1fdb..b69f62017d7e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -25,5 +25,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MDATP data connector" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json index 52fc5aedf082..a872a9b56369 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -25,5 +25,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get a MicrosoftThreatIntelligence data connector" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetOfficeDataConnetorById.json index fca22b08012e..a871f8ad8576 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetOfficeDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -31,5 +31,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get an Office365 data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json index 4ab2f6af46aa..85f9d8998b3a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json @@ -26,5 +26,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get a PremiumMicrosoftDefenderForThreatIntelligence data connector" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetRestApiPollerById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetRestApiPollerById.json index 5d923d8e195a..aaa1d65f9f28 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetRestApiPollerById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetRestApiPollerById.json @@ -55,5 +55,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get a RestApiPoller data connector" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetThreatIntelligenceById.json index f07ba8d77fc3..2c2d273b5ecd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/dataConnectors/GetThreatIntelligenceById.json @@ -26,5 +26,7 @@ } } } - } + }, + "operationId": "DataConnectors_Get", + "title": "Get a TI data connector." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/CreateIncident.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/CreateIncident.json index e3180145ca40..e143cd528d31 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/CreateIncident.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/CreateIncident.json @@ -104,5 +104,7 @@ } } } - } + }, + "operationId": "Incidents_CreateOrUpdate", + "title": "Creates or updates an incident." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/DeleteIncident.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/DeleteIncident.json index 96cf07ca296a..32ac83ceb48c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/DeleteIncident.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/DeleteIncident.json @@ -9,5 +9,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "Incidents_Delete", + "title": "Delete an incident." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentAlerts.json index e68b20185dc1..90d1a51b3c01 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentAlerts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentAlerts.json @@ -46,5 +46,7 @@ ] } } - } + }, + "operationId": "Incidents_ListAlerts", + "title": "Get all incident alerts." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentBookmarks.json index e163069ae5ac..1237931f5ad4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentBookmarks.json @@ -73,5 +73,7 @@ ] } } - } + }, + "operationId": "Incidents_ListBookmarks", + "title": "Get all incident bookmarks." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentEntities.json index b3e901d24337..e684352f744f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetAllIncidentEntities.json @@ -30,5 +30,7 @@ ] } } - } + }, + "operationId": "Incidents_ListEntities", + "title": "Gets all incident related entities" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetIncidentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetIncidentById.json index f7c9b4c3cc1e..1861aca57608 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetIncidentById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetIncidentById.json @@ -52,5 +52,7 @@ } } } - } + }, + "operationId": "Incidents_Get", + "title": "Get an incident." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetIncidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetIncidents.json index 65094be54558..66f8065270bd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetIncidents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/GetIncidents.json @@ -57,5 +57,7 @@ ] } } - } + }, + "operationId": "Incidents_List", + "title": "Get all incidents." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/CreateIncidentComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/CreateIncidentComment.json index 5653a2af7d8e..448d8980f60f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/CreateIncidentComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/CreateIncidentComment.json @@ -51,5 +51,7 @@ } } } - } + }, + "operationId": "IncidentComments_CreateOrUpdate", + "title": "Creates or updates an incident comment." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/DeleteIncidentComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/DeleteIncidentComment.json index dc9e45235290..3de47c58b4ac 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/DeleteIncidentComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/DeleteIncidentComment.json @@ -10,5 +10,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "IncidentComments_Delete", + "title": "Delete the incident comment." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/GetAllIncidentComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/GetAllIncidentComments.json index 2bf79361bcda..1c655eecf718 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/GetAllIncidentComments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/GetAllIncidentComments.json @@ -30,5 +30,7 @@ ] } } - } + }, + "operationId": "IncidentComments_List", + "title": "Get all incident comments." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/GetIncidentCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/GetIncidentCommentById.json index 470239c5fc5e..6b93d9924440 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/GetIncidentCommentById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/comments/GetIncidentCommentById.json @@ -27,5 +27,7 @@ } } } - } + }, + "operationId": "IncidentComments_Get", + "title": "Get an incident comment." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/CreateIncidentRelation.json index a02102bc8462..e201973ec8ca 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/CreateIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/CreateIncidentRelation.json @@ -39,5 +39,7 @@ } } } - } + }, + "operationId": "IncidentRelations_CreateOrUpdate", + "title": "Creates or updates an incident relation." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/DeleteIncidentRelation.json index 1e4efbc3a7ff..e5f7e1d8c81a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/DeleteIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/DeleteIncidentRelation.json @@ -10,5 +10,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "IncidentRelations_Delete", + "title": "Delete the incident relation." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/GetAllIncidentRelations.json index 0a7e57302957..8abbb1d7ca94 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/GetAllIncidentRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/GetAllIncidentRelations.json @@ -36,5 +36,7 @@ ] } } - } + }, + "operationId": "IncidentRelations_List", + "title": "Get all incident relations." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/GetIncidentRelationByName.json index d8533344d1bf..da9acd439ee0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/GetIncidentRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/relations/GetIncidentRelationByName.json @@ -21,5 +21,7 @@ } } } - } + }, + "operationId": "IncidentRelations_Get", + "title": "Get an incident relation." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_CreateOrUpdate.json index 26d32100ebc8..43a38164869e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_CreateOrUpdate.json @@ -69,5 +69,7 @@ } } } - } + }, + "operationId": "IncidentTasks_CreateOrUpdate", + "title": "IncidentTasks_CreateOrUpdate" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_Delete.json index bebe963f426e..8450cea7adae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_Delete.json @@ -10,5 +10,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "IncidentTasks_Delete", + "title": "IncidentTasks_Delete" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_Get.json index 6c1b4bdc02f7..c0998ba35664 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_Get.json @@ -35,5 +35,7 @@ } } } - } + }, + "operationId": "IncidentTasks_Get", + "title": "IncidentTasks_Get" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_List.json index 190147028bab..03e85900ee10 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/incidents/tasks/IncidentTasks_List.json @@ -38,5 +38,7 @@ ] } } - } + }, + "operationId": "IncidentTasks_List", + "title": "IncidentTasks_List" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Entities_RunPlaybook.json index 9a9866032f55..f523ed0a8c64 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Entities_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Entities_RunPlaybook.json @@ -13,5 +13,7 @@ }, "responses": { "204": {} - } + }, + "operationId": "Entities_RunPlaybook", + "title": "Entities_RunPlaybook" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json index 9ff6d1c28d89..b4385e860728 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json @@ -12,5 +12,7 @@ }, "responses": { "204": {} - } + }, + "operationId": "Incidents_RunPlaybook", + "title": "Incidents_RunPlaybook" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/DeleteMetadata.json index d276128297af..d1fcce457be2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/DeleteMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/DeleteMetadata.json @@ -9,5 +9,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "Metadata_Delete", + "title": "Delete metadata." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetAllMetadata.json index 528b4038feb6..d4c35b51958f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetAllMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetAllMetadata.json @@ -60,5 +60,7 @@ ] } } - } + }, + "operationId": "Metadata_List", + "title": "Get all metadata." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetAllMetadataOData.json index 67f2369ef243..05c202272be5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetAllMetadataOData.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetAllMetadataOData.json @@ -48,5 +48,7 @@ ] } } - } + }, + "operationId": "Metadata_List", + "title": "Get all metadata with OData filter/orderby/skip/top" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetMetadata.json index aa3b7eb347e2..a94c22a48faa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/GetMetadata.json @@ -100,5 +100,7 @@ } } } - } + }, + "operationId": "Metadata_Get", + "title": "Get single metadata by name" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PatchMetadata.json index f1442c048c06..15b64548dd5c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PatchMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PatchMetadata.json @@ -31,5 +31,7 @@ } } } - } + }, + "operationId": "Metadata_Update", + "title": "Update metadata." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PutMetadata.json index cf9778cc0cbb..fb91d0a08d12 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PutMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PutMetadata.json @@ -96,7 +96,7 @@ } }, "responses": { - "201": { + "200": { "body": { "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", "name": "metadataName", @@ -189,7 +189,7 @@ } } }, - "200": { + "201": { "body": { "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", "name": "metadataName", @@ -282,5 +282,7 @@ } } } - } + }, + "operationId": "Metadata_Create", + "title": "Create/update full metadata." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PutMetadataMinimal.json index 97fdb2087708..ff0ac95ad620 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PutMetadataMinimal.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/metadata/PutMetadataMinimal.json @@ -14,7 +14,7 @@ } }, "responses": { - "201": { + "200": { "body": { "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", "name": "metadataName", @@ -25,7 +25,7 @@ } } }, - "200": { + "201": { "body": { "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", "name": "metadataName", @@ -36,5 +36,7 @@ } } } - } + }, + "operationId": "Metadata_Create", + "title": "Create/update minimal metadata." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/CreateSentinelOnboardingState.json index 34f956fc98d5..f5869560df6b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/CreateSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/CreateSentinelOnboardingState.json @@ -33,5 +33,7 @@ } } } - } + }, + "operationId": "SentinelOnboardingStates_Create", + "title": "Create Sentinel onboarding state" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/DeleteSentinelOnboardingState.json index b7da17ff46d2..777fa941f79f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/DeleteSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/DeleteSentinelOnboardingState.json @@ -10,5 +10,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "SentinelOnboardingStates_Delete", + "title": "Delete Sentinel onboarding state" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/GetAllSentinelOnboardingStates.json index 0b9131957a5e..05e24fea5dfc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/GetAllSentinelOnboardingStates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/GetAllSentinelOnboardingStates.json @@ -21,5 +21,7 @@ ] } } - } + }, + "operationId": "SentinelOnboardingStates_List", + "title": "Get all Sentinel onboarding states" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/GetSentinelOnboardingState.json index 3c4d99f3c360..6c4563838d60 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/GetSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/onboardingStates/GetSentinelOnboardingState.json @@ -18,5 +18,7 @@ } } } - } + }, + "operationId": "SentinelOnboardingStates_Get", + "title": "Get Sentinel onboarding state" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/operations/ListOperations.json index 30d4fdf1a307..1733838bc635 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/operations/ListOperations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/operations/ListOperations.json @@ -559,5 +559,7 @@ ] } } - } + }, + "operationId": "Operations_List", + "title": "Get all operations." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/repositories/GetRepositories.json index 06b7f73916ae..47709bb8d569 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/repositories/GetRepositories.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/repositories/GetRepositories.json @@ -33,5 +33,7 @@ ] } } - } + }, + "operationId": "SourceControl_listRepositories", + "title": "Get repository list." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json index e57d95b7025c..9796a3275c25 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -241,5 +241,7 @@ } } } - } + }, + "operationId": "SecurityMLAnalyticsSettings_CreateOrUpdate", + "title": "Creates or updates a Anomaly Security ML Analytics Settings." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json index dff99f9b1926..0eef880a5b2c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -9,5 +9,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "SecurityMLAnalyticsSettings_Delete", + "title": "Delete a Security ML Analytics Settings." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json index db5b821b7b41..6ae81d2a442e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -90,5 +90,7 @@ ] } } - } + }, + "operationId": "SecurityMLAnalyticsSettings_List", + "title": "Get all Security ML Analytics Settings." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json index e14559781e97..26dbba0d5cee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -87,5 +87,7 @@ } } } - } + }, + "operationId": "SecurityMLAnalyticsSettings_Get", + "title": "Get a Anomaly Security ML Analytics Settings." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/CreateSourceControl.json index 86aa31ac2156..59b2224044bd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/CreateSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/CreateSourceControl.json @@ -172,5 +172,7 @@ } } } - } + }, + "operationId": "SourceControls_Create", + "title": "Creates or updates a source control." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/DeleteSourceControl.json index 7b70cfe232ca..0d4d928fa31f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/DeleteSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/DeleteSourceControl.json @@ -25,5 +25,7 @@ } } } - } + }, + "operationId": "SourceControls_Delete", + "title": "Delete a source control." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/GetSourceControlById.json index 46a41378966f..eb5fef743d59 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/GetSourceControlById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/GetSourceControlById.json @@ -78,5 +78,7 @@ } } } - } + }, + "operationId": "SourceControls_Get", + "title": "Get a source control." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/GetSourceControls.json index a41c7fc9d981..fdc50821112f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/GetSourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/sourcecontrols/GetSourceControls.json @@ -81,5 +81,7 @@ ] } } - } + }, + "operationId": "SourceControls_List", + "title": "Get all source controls." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/AppendTagsThreatIntelligence.json index cc50da62df68..8098c65eed69 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/AppendTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -15,5 +15,7 @@ }, "responses": { "200": {} - } + }, + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "title": "Append tags to a threat intelligence indicator" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json index c8fbc82608d7..aa694061d3f3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -40,5 +40,7 @@ ] } } - } + }, + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "title": "Get threat intelligence indicators metrics." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/CreateThreatIntelligence.json index c683c722271f..870708c1d659 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/CreateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/CreateThreatIntelligence.json @@ -97,5 +97,7 @@ } } } - } + }, + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "title": "Create a new Threat Intelligence" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/DeleteThreatIntelligence.json index 23e65d58a592..cbf7ab22e809 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/DeleteThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/DeleteThreatIntelligence.json @@ -10,5 +10,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "ThreatIntelligenceIndicator_Delete", + "title": "Delete a threat intelligence indicator" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/GetThreatIntelligence.json index 54f15868d0b4..2aa8a201c3b5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/GetThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/GetThreatIntelligence.json @@ -73,5 +73,7 @@ ] } } - } + }, + "operationId": "ThreatIntelligenceIndicators_List", + "title": "Get all threat intelligence indicators" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/GetThreatIntelligenceById.json index 33661c54b6ed..9cb36b6a361b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/GetThreatIntelligenceById.json @@ -40,5 +40,7 @@ } } } - } + }, + "operationId": "ThreatIntelligenceIndicator_Get", + "title": "View a threat intelligence indicator by name" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/QueryThreatIntelligence.json index dd6cb57068e7..78e88b0731ef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/QueryThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/QueryThreatIntelligence.json @@ -104,5 +104,7 @@ ] } } - } + }, + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "title": "Query threat intelligence indicators as per filtering criteria" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json index 93fb75b4d993..dc7fe8f245f1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -49,5 +49,7 @@ } } } - } + }, + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "title": "Replace tags to a Threat Intelligence" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/UpdateThreatIntelligence.json index 62d085ec7c23..240d2d14003a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/UpdateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/threatintelligence/UpdateThreatIntelligence.json @@ -98,5 +98,7 @@ } } } - } + }, + "operationId": "ThreatIntelligenceIndicator_Create", + "title": "Update a threat Intelligence indicator" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlist.json index 7f95efb78537..dafa79837c74 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlist.json @@ -85,5 +85,7 @@ } } } - } + }, + "operationId": "Watchlists_CreateOrUpdate", + "title": "Create or update a watchlist." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json index e64d06f497b6..f6e7718ad702 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -88,5 +88,7 @@ } } } - } + }, + "operationId": "Watchlists_CreateOrUpdate", + "title": "Create or update a watchlist and bulk creates watchlist items." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlistItem.json index 3de58e015d5f..65014b946cc3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/CreateWatchlistItem.json @@ -88,5 +88,7 @@ } } } - } + }, + "operationId": "WatchlistItems_CreateOrUpdate", + "title": "Create or update a watchlist item." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/DeleteWatchlist.json index dbe96428569f..f3e6ce697002 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/DeleteWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/DeleteWatchlist.json @@ -14,5 +14,7 @@ } }, "204": {} - } + }, + "operationId": "Watchlists_Delete", + "title": "Delete a watchlist." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/DeleteWatchlistItem.json index 7982b2c23344..a490fb47f40c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/DeleteWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/DeleteWatchlistItem.json @@ -11,5 +11,7 @@ "responses": { "200": {}, "204": {} - } + }, + "operationId": "WatchlistItems_Delete", + "title": "Delete a watchlist item." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistByAlias.json index 071d339ad1f7..6f99692342d9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistByAlias.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistByAlias.json @@ -46,5 +46,7 @@ } } } - } + }, + "operationId": "Watchlists_Get", + "title": "Get a watchlist." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistItemById.json index 9384fb3068ed..a316617bd025 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistItemById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistItemById.json @@ -43,5 +43,7 @@ } } } - } + }, + "operationId": "WatchlistItems_Get", + "title": "Get a watchlist item." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistItems.json index 053443247ea8..6c41edaa8c85 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlistItems.json @@ -46,5 +46,7 @@ ] } } - } + }, + "operationId": "WatchlistItems_List", + "title": "Get all watchlist Items." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlists.json index 4f37f00e12ec..f3c0c1709439 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/watchlists/GetWatchlists.json @@ -49,5 +49,7 @@ ] } } - } + }, + "operationId": "Watchlists_List", + "title": "Get all watchlists." } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json new file mode 100644 index 000000000000..faf0e80d717d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -0,0 +1,18016 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "version": "2025-09-01", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "x-typespec-generated": [ + { + "emitter": "@azure-tools/typespec-autorest" + } + ] + }, + "schemes": [ + "https" + ], + "host": "management.azure.com", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow.", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "tags": [ + { + "name": "Operations" + }, + { + "name": "Alert Rules" + }, + { + "name": "Actions" + }, + { + "name": "Alert Rule Templates" + }, + { + "name": "automationRules" + }, + { + "name": "Incidents" + }, + { + "name": "manualTrigger" + }, + { + "name": "IncidentAlerts" + }, + { + "name": "IncidentBookmarks" + }, + { + "name": "IncidentEntities" + }, + { + "name": "Bookmarks" + }, + { + "name": "ContentPackages" + }, + { + "name": "ContentProductPackages" + }, + { + "name": "ContentProductTemplates" + }, + { + "name": "ContentTemplates" + }, + { + "name": "ConnectorDefinitions" + }, + { + "name": "Data Connectors" + }, + { + "name": "IncidentComments" + }, + { + "name": "IncidentRelations" + }, + { + "name": "IncidentTasks" + }, + { + "name": "Metadata" + }, + { + "name": "SentinelOnboardingStates" + }, + { + "name": "Security ML Analytics Settings" + }, + { + "name": "SourceControls" + }, + { + "name": "ThreatIntelligence" + }, + { + "name": "Watchlists" + }, + { + "name": "WatchlistItems" + }, + { + "name": "Repositories" + } + ], + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "tags": [ + "Operations" + ], + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "The request has succeeded.", + "schema": { + "$ref": "#/definitions/OperationsList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all operations.": { + "$ref": "./examples/operations/ListOperations.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { + "get": { + "operationId": "AlertRuleTemplates_List", + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets all alert rule templates.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AlertRuleTemplatesList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all alert rule templates.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { + "get": { + "operationId": "AlertRuleTemplates_Get", + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets the alert rule template.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "alertRuleTemplateId", + "in": "path", + "description": "Alert rule template ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get alert rule template by Id.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "operationId": "AlertRules_List", + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all alert rules.": { + "$ref": "./examples/alertRules/GetAllAlertRules.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "operationId": "AlertRules_Get", + "tags": [ + "Alert Rules" + ], + "description": "Gets the alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a Fusion alert rule.": { + "$ref": "./examples/alertRules/GetFusionAlertRule.json" + }, + "Get a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" + }, + "Get a Scheduled alert rule.": { + "$ref": "./examples/alertRules/GetScheduledAlertRule.json" + } + } + }, + "put": { + "operationId": "AlertRules_CreateOrUpdate", + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + }, + { + "name": "alertRule", + "in": "body", + "description": "The alert rule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + } + } + ], + "responses": { + "200": { + "description": "Resource 'AlertRule' update operation succeeded", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Resource 'AlertRule' create operation succeeded", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a Fusion alert rule.": { + "$ref": "./examples/alertRules/CreateFusionAlertRule.json" + }, + "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" + }, + "Creates or updates a Scheduled alert rule.": { + "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" + } + } + }, + "delete": { + "operationId": "AlertRules_Delete", + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete an alert rule.": { + "$ref": "./examples/alertRules/DeleteAlertRule.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { + "get": { + "operationId": "Actions_ListByAlertRule", + "tags": [ + "Actions" + ], + "description": "Gets all actions of alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ActionsList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all actions of alert rule.": { + "$ref": "./examples/actions/GetAllActionsByAlertRule.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { + "get": { + "operationId": "Actions_Get", + "tags": [ + "Actions" + ], + "description": "Gets the action of alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + }, + { + "name": "actionId", + "in": "path", + "description": "Action ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get an action of alert rule.": { + "$ref": "./examples/actions/GetActionOfAlertRuleById.json" + } + } + }, + "put": { + "operationId": "Actions_CreateOrUpdate", + "tags": [ + "Actions" + ], + "description": "Creates or updates the action of alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + }, + { + "name": "actionId", + "in": "path", + "description": "Action ID", + "required": true, + "type": "string" + }, + { + "name": "action", + "in": "body", + "description": "The action", + "required": true, + "schema": { + "$ref": "#/definitions/ActionRequest" + } + } + ], + "responses": { + "200": { + "description": "Resource 'ActionResponse' update operation succeeded", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "201": { + "description": "Resource 'ActionResponse' create operation succeeded", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates an action of alert rule.": { + "$ref": "./examples/actions/CreateActionOfAlertRule.json" + } + } + }, + "delete": { + "operationId": "Actions_Delete", + "tags": [ + "Actions" + ], + "description": "Delete the action of alert rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ruleId", + "in": "path", + "description": "Alert rule ID", + "required": true, + "type": "string" + }, + { + "name": "actionId", + "in": "path", + "description": "Action ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete an action of alert rule.": { + "$ref": "./examples/actions/DeleteActionOfAlertRule.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules": { + "get": { + "operationId": "AutomationRules_List", + "tags": [ + "automationRules" + ], + "description": "Gets all automation rules.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AutomationRulesList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_List": { + "$ref": "./examples/automationRules/AutomationRules_List.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { + "get": { + "operationId": "AutomationRules_Get", + "tags": [ + "automationRules" + ], + "description": "Gets the automation rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "automationRuleId", + "in": "path", + "description": "Automation rule ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Get": { + "$ref": "./examples/automationRules/AutomationRules_Get.json" + } + } + }, + "put": { + "operationId": "AutomationRules_CreateOrUpdate", + "tags": [ + "automationRules" + ], + "description": "Creates or updates the automation rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "automationRuleId", + "in": "path", + "description": "The automation rule ID.", + "required": true, + "type": "string" + }, + { + "name": "automationRuleToUpsert", + "in": "body", + "description": "The automation rule", + "required": false, + "schema": { + "$ref": "#/definitions/AutomationRule" + } + } + ], + "responses": { + "200": { + "description": "Resource 'AutomationRule' update operation succeeded", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "201": { + "description": "Resource 'AutomationRule' create operation succeeded", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_CreateOrUpdate": { + "$ref": "./examples/automationRules/AutomationRules_CreateOrUpdate.json" + } + } + }, + "delete": { + "operationId": "AutomationRules_Delete", + "tags": [ + "automationRules" + ], + "description": "Delete the automation rule.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "automationRuleId", + "in": "path", + "description": "Automation rule ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": {} + }, + "204": { + "description": "There is no content to send for this request, but the headers may be useful. ", + "schema": {} + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Delete": { + "$ref": "./examples/automationRules/AutomationRules_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { + "get": { + "operationId": "Bookmarks_List", + "tags": [ + "Bookmarks" + ], + "description": "Gets all bookmarks.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/BookmarkList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all bookmarks.": { + "$ref": "./examples/bookmarks/GetBookmarks.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}": { + "get": { + "operationId": "Bookmarks_Get", + "tags": [ + "Bookmarks" + ], + "description": "Gets a bookmark.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a bookmark.": { + "$ref": "./examples/bookmarks/GetBookmarkById.json" + } + } + }, + "put": { + "operationId": "Bookmarks_CreateOrUpdate", + "tags": [ + "Bookmarks" + ], + "description": "Creates or updates the bookmark.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + }, + { + "name": "bookmark", + "in": "body", + "description": "The bookmark", + "required": true, + "schema": { + "$ref": "#/definitions/Bookmark" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Bookmark' update operation succeeded", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "201": { + "description": "Resource 'Bookmark' create operation succeeded", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a bookmark.": { + "$ref": "./examples/bookmarks/CreateBookmark.json" + } + } + }, + "delete": { + "operationId": "Bookmarks_Delete", + "tags": [ + "Bookmarks" + ], + "description": "Delete the bookmark.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "bookmarkId", + "in": "path", + "description": "Bookmark ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a bookmark.": { + "$ref": "./examples/bookmarks/DeleteBookmark.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages": { + "get": { + "operationId": "ContentPackages_List", + "tags": [ + "ContentPackages" + ], + "description": "Gets all installed packages.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$search", + "in": "query", + "description": "Searches for a substring in the response. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$count", + "in": "query", + "description": "Instructs the server to return only object count without actual body. Optional.", + "required": false, + "type": "boolean" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skip", + "in": "query", + "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/packageList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all available packages.": { + "$ref": "./examples/contentPackages/GetPackages.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}": { + "get": { + "operationId": "ContentPackages_Get", + "tags": [ + "ContentPackages" + ], + "description": "Gets an installed packages by its id.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "packageId", + "in": "path", + "description": "package Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get installed packages by id.": { + "$ref": "./examples/contentPackages/GetPackageById.json" + } + } + }, + "put": { + "operationId": "ContentPackage_Install", + "tags": [ + "ContentPackages" + ], + "description": "Install a package to the workspace.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "packageId", + "in": "path", + "description": "package Id", + "required": true, + "type": "string" + }, + { + "name": "packageInstallationProperties", + "in": "body", + "description": "Package installation properties", + "required": true, + "schema": { + "$ref": "#/definitions/packageModel" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PackageModel' update operation succeeded", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "201": { + "description": "Resource 'PackageModel' create operation succeeded", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Install a package to the workspace.": { + "$ref": "./examples/contentPackages/InstallPackage.json" + } + } + }, + "delete": { + "operationId": "ContentPackage_Uninstall", + "tags": [ + "ContentPackages" + ], + "description": "Uninstall a package from the workspace.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "packageId", + "in": "path", + "description": "package Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Uninstall a package from the workspace.": { + "$ref": "./examples/contentPackages/UninstallPackage.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages": { + "get": { + "operationId": "ProductPackages_List", + "tags": [ + "ContentProductPackages" + ], + "description": "Gets all packages from the catalog.\nExpandable properties:\n- properties/installed\n- properties/packagedContent", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$search", + "in": "query", + "description": "Searches for a substring in the response. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/productPackageList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all available packages.": { + "$ref": "./examples/contentPackages/GetProductPackages.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}": { + "get": { + "operationId": "ProductPackage_Get", + "tags": [ + "ContentProductPackages" + ], + "description": "Gets a package by its identifier from the catalog.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "packageId", + "in": "path", + "description": "package Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/productPackageModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a package.": { + "$ref": "./examples/contentPackages/GetProductPackageById.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates": { + "get": { + "operationId": "ProductTemplates_List", + "tags": [ + "ContentProductTemplates" + ], + "description": "Gets all templates in the catalog.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$search", + "in": "query", + "description": "Searches for a substring in the response. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$count", + "in": "query", + "description": "Instructs the server to return only object count without actual body. Optional.", + "required": false, + "type": "boolean" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skip", + "in": "query", + "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/productTemplateList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all installed templates.": { + "$ref": "./examples/contentTemplates/GetProductTemplates.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates": { + "get": { + "operationId": "ContentTemplates_List", + "tags": [ + "ContentTemplates" + ], + "description": "Gets all installed templates.\nExpandable properties:\n- properties/mainTemplate\n- properties/dependantTemplates", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Expands the object with optional fiends that are not included by default. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$search", + "in": "query", + "description": "Searches for a substring in the response. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$count", + "in": "query", + "description": "Instructs the server to return only object count without actual body. Optional.", + "required": false, + "type": "boolean" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skip", + "in": "query", + "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/templateList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all installed templates.": { + "$ref": "./examples/contentTemplates/GetTemplates.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}": { + "get": { + "operationId": "ContentTemplate_Get", + "tags": [ + "ContentTemplates" + ], + "description": "Gets a template byt its identifier.\nExpandable properties:\n- properties/mainTemplate\n- properties/dependantTemplates", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "templateId", + "in": "path", + "description": "template Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/GetTemplateById.json" + } + } + }, + "put": { + "operationId": "ContentTemplate_Install", + "tags": [ + "ContentTemplates" + ], + "description": "Install a template.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "templateId", + "in": "path", + "description": "template Id", + "required": true, + "type": "string" + }, + { + "name": "templateInstallationProperties", + "in": "body", + "description": "Template installation properties", + "required": true, + "schema": { + "$ref": "#/definitions/templateModel" + } + } + ], + "responses": { + "200": { + "description": "Resource 'TemplateModel' update operation succeeded", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "201": { + "description": "Resource 'TemplateModel' create operation succeeded", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/InstallTemplate.json" + } + } + }, + "delete": { + "operationId": "ContentTemplate_Delete", + "tags": [ + "ContentTemplates" + ], + "description": "Delete an installed template.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "templateId", + "in": "path", + "description": "template Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/contentTemplates/DeleteTemplate.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}": { + "get": { + "operationId": "ProductTemplate_Get", + "tags": [ + "ContentProductTemplates" + ], + "description": "Gets a template by its identifier.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "templateId", + "in": "path", + "description": "template Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/productTemplateModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/GetProductTemplateById.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions": { + "get": { + "operationId": "DataConnectorDefinitions_List", + "tags": [ + "ConnectorDefinitions" + ], + "description": "Gets all data connector definitions.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/DataConnectorDefinitionArmCollectionWrapper" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all data connector definitions.": { + "$ref": "./examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}": { + "get": { + "operationId": "DataConnectorDefinitions_Get", + "tags": [ + "ConnectorDefinitions" + ], + "description": "Gets a data connector definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorDefinitionName", + "in": "path", + "description": "The data connector definition name.", + "required": true, + "type": "string", + "pattern": "^[a-z0-9A-Z-_]*$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get customize data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json" + } + } + }, + "put": { + "operationId": "DataConnectorDefinitions_CreateOrUpdate", + "tags": [ + "ConnectorDefinitions" + ], + "description": "Creates or updates the data connector definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorDefinitionName", + "in": "path", + "description": "The data connector definition name.", + "required": true, + "type": "string", + "pattern": "^[a-z0-9A-Z-_]*$" + }, + { + "name": "connectorDefinitionInput", + "in": "body", + "description": "The data connector definition", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + } + ], + "responses": { + "200": { + "description": "Resource 'DataConnectorDefinition' update operation succeeded", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "201": { + "description": "Resource 'DataConnectorDefinition' create operation succeeded", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json" + } + } + }, + "delete": { + "operationId": "DataConnectorDefinitions_Delete", + "tags": [ + "ConnectorDefinitions" + ], + "description": "Delete the data connector definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorDefinitionName", + "in": "path", + "description": "The data connector definition name.", + "required": true, + "type": "string", + "pattern": "^[a-z0-9A-Z-_]*$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { + "get": { + "operationId": "DataConnectors_List", + "tags": [ + "Data Connectors" + ], + "description": "Gets all data connectors.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/DataConnectorList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all data connectors.": { + "$ref": "./examples/dataConnectors/GetDataConnectors.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { + "get": { + "operationId": "DataConnectors_Get", + "tags": [ + "Data Connectors" + ], + "description": "Gets a data connector.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorId", + "in": "path", + "description": "Connector ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a ASC data connector.": { + "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" + }, + "Get a MCAS data connector.": { + "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" + }, + "Get a MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json" + }, + "Get a PremiumMicrosoftDefenderForThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json" + }, + "Get a RestApiPoller data connector": { + "$ref": "./examples/dataConnectors/GetRestApiPollerById.json" + }, + "Get a TI data connector.": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" + }, + "Get an AAD data connector.": { + "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" + }, + "Get an AATP data connector.": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get an AwsCloudTrail data connector.": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an Office365 data connector.": { + "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" + } + } + }, + "put": { + "operationId": "DataConnectors_CreateOrUpdate", + "tags": [ + "Data Connectors" + ], + "description": "Creates or updates the data connector.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorId", + "in": "path", + "description": "Connector ID", + "required": true, + "type": "string" + }, + { + "name": "dataConnector", + "in": "body", + "description": "The data connector", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnector" + } + } + ], + "responses": { + "200": { + "description": "Resource 'DataConnector' update operation succeeded", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "201": { + "description": "Resource 'DataConnector' create operation succeeded", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a MicrosoftThreatIntelligence data connector.": { + "$ref": "./examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json" + }, + "Creates or updates a PremiumMicrosoftDefenderForThreatIntelligence data connector.": { + "$ref": "./examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json" + }, + "Creates or updates an Office365 data connector.": { + "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" + }, + "Creates or updates an Threat Intelligence Platform data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" + } + } + }, + "delete": { + "operationId": "DataConnectors_Delete", + "tags": [ + "Data Connectors" + ], + "description": "Delete the data connector.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "dataConnectorId", + "in": "path", + "description": "Connector ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete an MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json" + }, + "Delete an Office365 data connector.": { + "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" + }, + "Deletes a PremiumMicrosoftDefenderForThreatIntelligence data connector.": { + "$ref": "./examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook": { + "post": { + "operationId": "Entities_RunPlaybook", + "tags": [ + "manualTrigger" + ], + "description": "Triggers playbook on a specific entity.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "entityIdentifier", + "in": "path", + "description": "entity ID", + "required": true, + "type": "string" + }, + { + "name": "requestBody", + "in": "body", + "description": "Describes the request body for triggering a playbook on an entity.", + "required": false, + "schema": { + "$ref": "#/definitions/EntityManualTriggerRequestBody" + } + } + ], + "responses": { + "204": { + "description": "There is no content to send for this request, but the headers may be useful." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Entities_RunPlaybook": { + "$ref": "./examples/manualTrigger/Entities_RunPlaybook.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { + "get": { + "operationId": "Incidents_List", + "tags": [ + "Incidents" + ], + "description": "Gets all incidents.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32", + "maximum": 1000 + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all incidents.": { + "$ref": "./examples/incidents/GetIncidents.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}": { + "get": { + "operationId": "Incidents_Get", + "tags": [ + "Incidents" + ], + "description": "Gets a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get an incident.": { + "$ref": "./examples/incidents/GetIncidentById.json" + } + } + }, + "put": { + "operationId": "Incidents_CreateOrUpdate", + "tags": [ + "Incidents" + ], + "description": "Creates or updates an incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incident", + "in": "body", + "description": "The incident", + "required": true, + "schema": { + "$ref": "#/definitions/Incident" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Incident' update operation succeeded", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "201": { + "description": "Resource 'Incident' create operation succeeded", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates an incident.": { + "$ref": "./examples/incidents/CreateIncident.json" + } + } + }, + "delete": { + "operationId": "Incidents_Delete", + "tags": [ + "Incidents" + ], + "description": "Deletes a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete an incident.": { + "$ref": "./examples/incidents/DeleteIncident.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts": { + "post": { + "operationId": "Incidents_ListAlerts", + "tags": [ + "IncidentAlerts" + ], + "description": "Gets all alerts for an incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentAlertList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all incident alerts.": { + "$ref": "./examples/incidents/GetAllIncidentAlerts.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks": { + "post": { + "operationId": "Incidents_ListBookmarks", + "tags": [ + "IncidentBookmarks" + ], + "description": "Gets all bookmarks for an incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentBookmarkList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all incident bookmarks.": { + "$ref": "./examples/incidents/GetAllIncidentBookmarks.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments": { + "get": { + "operationId": "IncidentComments_List", + "tags": [ + "IncidentComments" + ], + "description": "Gets all comments for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentCommentList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all incident comments.": { + "$ref": "./examples/incidents/comments/GetAllIncidentComments.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}": { + "get": { + "operationId": "IncidentComments_Get", + "tags": [ + "IncidentComments" + ], + "description": "Gets an incident comment.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentCommentId", + "in": "path", + "description": "Incident comment ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get an incident comment.": { + "$ref": "./examples/incidents/comments/GetIncidentCommentById.json" + } + } + }, + "put": { + "operationId": "IncidentComments_CreateOrUpdate", + "tags": [ + "IncidentComments" + ], + "description": "Creates or updates a comment for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentCommentId", + "in": "path", + "description": "Incident comment ID", + "required": true, + "type": "string" + }, + { + "name": "incidentComment", + "in": "body", + "description": "The incident comment", + "required": true, + "schema": { + "$ref": "#/definitions/IncidentComment" + } + } + ], + "responses": { + "200": { + "description": "Resource 'IncidentComment' update operation succeeded", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "201": { + "description": "Resource 'IncidentComment' create operation succeeded", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates an incident comment.": { + "$ref": "./examples/incidents/comments/CreateIncidentComment.json" + } + } + }, + "delete": { + "operationId": "IncidentComments_Delete", + "tags": [ + "IncidentComments" + ], + "description": "Deletes a comment for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentCommentId", + "in": "path", + "description": "Incident comment ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete the incident comment.": { + "$ref": "./examples/incidents/comments/DeleteIncidentComment.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities": { + "post": { + "operationId": "Incidents_ListEntities", + "tags": [ + "IncidentEntities" + ], + "description": "Gets all entities for an incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentEntitiesResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Gets all incident related entities": { + "$ref": "./examples/incidents/GetAllIncidentEntities.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations": { + "get": { + "operationId": "IncidentRelations_List", + "tags": [ + "IncidentRelations" + ], + "description": "Gets all relations for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/RelationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all incident relations.": { + "$ref": "./examples/incidents/relations/GetAllIncidentRelations.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}": { + "get": { + "operationId": "IncidentRelations_Get", + "tags": [ + "IncidentRelations" + ], + "description": "Gets a relation for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "relationName", + "in": "path", + "description": "Relation Name", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-zA-Z0-9-]{3,63}$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get an incident relation.": { + "$ref": "./examples/incidents/relations/GetIncidentRelationByName.json" + } + } + }, + "put": { + "operationId": "IncidentRelations_CreateOrUpdate", + "tags": [ + "IncidentRelations" + ], + "description": "Creates or updates the incident relation.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "relationName", + "in": "path", + "description": "Relation Name", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-zA-Z0-9-]{3,63}$" + }, + { + "name": "relation", + "in": "body", + "description": "The relation model", + "required": true, + "schema": { + "$ref": "#/definitions/Relation" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Relation' update operation succeeded", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "201": { + "description": "Resource 'Relation' create operation succeeded", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates an incident relation.": { + "$ref": "./examples/incidents/relations/CreateIncidentRelation.json" + } + } + }, + "delete": { + "operationId": "IncidentRelations_Delete", + "tags": [ + "IncidentRelations" + ], + "description": "Deletes a relation for a given incident.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "relationName", + "in": "path", + "description": "Relation Name", + "required": true, + "type": "string", + "minLength": 3, + "maxLength": 63, + "pattern": "^[a-zA-Z0-9-]{3,63}$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete the incident relation.": { + "$ref": "./examples/incidents/relations/DeleteIncidentRelation.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook": { + "post": { + "operationId": "Incidents_RunPlaybook", + "tags": [ + "manualTrigger" + ], + "description": "Triggers playbook on a specific incident", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentIdentifier", + "in": "path", + "description": "The incident identifier.", + "required": true, + "type": "string" + }, + { + "name": "requestBody", + "in": "body", + "description": "Describes the request body for triggering a playbook on an incident.", + "required": false, + "schema": { + "$ref": "#/definitions/ManualTriggerRequestBody" + } + } + ], + "responses": { + "204": { + "description": "Azure operation completed successfully.", + "schema": {} + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_RunPlaybook": { + "$ref": "./examples/manualTrigger/Incidents_RunPlaybook.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks": { + "get": { + "operationId": "IncidentTasks_List", + "tags": [ + "IncidentTasks" + ], + "description": "Gets all incident tasks.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentTaskList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_List": { + "$ref": "./examples/incidents/tasks/IncidentTasks_List.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}": { + "get": { + "operationId": "IncidentTasks_Get", + "tags": [ + "IncidentTasks" + ], + "description": "Gets an incident task.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentTaskId", + "in": "path", + "description": "Incident task ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_Get": { + "$ref": "./examples/incidents/tasks/IncidentTasks_Get.json" + } + } + }, + "put": { + "operationId": "IncidentTasks_CreateOrUpdate", + "tags": [ + "IncidentTasks" + ], + "description": "Creates or updates the incident task.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentTaskId", + "in": "path", + "description": "Incident task ID", + "required": true, + "type": "string" + }, + { + "name": "incidentTask", + "in": "body", + "description": "The incident task", + "required": true, + "schema": { + "$ref": "#/definitions/IncidentTask" + } + } + ], + "responses": { + "200": { + "description": "Resource 'IncidentTask' update operation succeeded", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "201": { + "description": "Resource 'IncidentTask' create operation succeeded", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_CreateOrUpdate": { + "$ref": "./examples/incidents/tasks/IncidentTasks_CreateOrUpdate.json" + } + } + }, + "delete": { + "operationId": "IncidentTasks_Delete", + "tags": [ + "IncidentTasks" + ], + "description": "Delete the incident task.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "incidentId", + "in": "path", + "description": "Incident ID", + "required": true, + "type": "string" + }, + { + "name": "incidentTaskId", + "in": "path", + "description": "Incident task ID", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_Delete": { + "$ref": "./examples/incidents/tasks/IncidentTasks_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories": { + "post": { + "operationId": "SourceControl_listRepositories", + "tags": [ + "Repositories" + ], + "description": "Gets a list of repositories metadata.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "repositoryAccess", + "in": "body", + "description": "The content of the action request", + "required": true, + "schema": { + "$ref": "#/definitions/RepositoryAccessProperties" + } + } + ], + "responses": { + "200": { + "description": "The request has succeeded.", + "schema": { + "$ref": "#/definitions/RepoList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get repository list.": { + "$ref": "./examples/repositories/GetRepositories.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata": { + "get": { + "operationId": "Metadata_List", + "tags": [ + "Metadata" + ], + "description": "List of all metadata", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skip", + "in": "query", + "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", + "required": false, + "type": "integer", + "format": "int32" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/MetadataList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all metadata with OData filter/orderby/skip/top": { + "$ref": "./examples/metadata/GetAllMetadataOData.json" + }, + "Get all metadata.": { + "$ref": "./examples/metadata/GetAllMetadata.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}": { + "get": { + "operationId": "Metadata_Get", + "tags": [ + "Metadata" + ], + "description": "Get a Metadata.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "metadataName", + "in": "path", + "description": "The Metadata name.", + "required": true, + "type": "string", + "pattern": "^\\S+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get single metadata by name": { + "$ref": "./examples/metadata/GetMetadata.json" + } + } + }, + "put": { + "operationId": "Metadata_Create", + "tags": [ + "Metadata" + ], + "description": "Create a Metadata.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "metadataName", + "in": "path", + "description": "The Metadata name.", + "required": true, + "type": "string", + "pattern": "^\\S+$" + }, + { + "name": "metadata", + "in": "body", + "description": "Metadata resource.", + "required": true, + "schema": { + "$ref": "#/definitions/MetadataModel" + } + } + ], + "responses": { + "200": { + "description": "Resource 'MetadataModel' update operation succeeded", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "201": { + "description": "Resource 'MetadataModel' create operation succeeded", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create/update full metadata.": { + "$ref": "./examples/metadata/PutMetadata.json" + }, + "Create/update minimal metadata.": { + "$ref": "./examples/metadata/PutMetadataMinimal.json" + } + } + }, + "patch": { + "operationId": "Metadata_Update", + "tags": [ + "Metadata" + ], + "description": "Update an existing Metadata.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "metadataName", + "in": "path", + "description": "The Metadata name.", + "required": true, + "type": "string", + "pattern": "^\\S+$" + }, + { + "name": "metadataPatch", + "in": "body", + "description": "Partial metadata request.", + "required": true, + "schema": { + "$ref": "#/definitions/metadataPatch" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Update metadata.": { + "$ref": "./examples/metadata/PatchMetadata.json" + } + } + }, + "delete": { + "operationId": "Metadata_Delete", + "tags": [ + "Metadata" + ], + "description": "Delete a Metadata.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "metadataName", + "in": "path", + "description": "The Metadata name.", + "required": true, + "type": "string", + "pattern": "^\\S+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/metadata/DeleteMetadata.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates": { + "get": { + "operationId": "SentinelOnboardingStates_List", + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Gets all Sentinel onboarding states", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SentinelOnboardingStatesList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all Sentinel onboarding states": { + "$ref": "./examples/onboardingStates/GetAllSentinelOnboardingStates.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}": { + "get": { + "operationId": "SentinelOnboardingStates_Get", + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Get Sentinel onboarding state", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sentinelOnboardingStateName", + "in": "path", + "description": "The Sentinel onboarding state name. Supports - default", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/GetSentinelOnboardingState.json" + } + } + }, + "put": { + "operationId": "SentinelOnboardingStates_Create", + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Create Sentinel onboarding state", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sentinelOnboardingStateName", + "in": "path", + "description": "The Sentinel onboarding state name. Supports - default", + "required": true, + "type": "string" + }, + { + "name": "sentinelOnboardingStateParameter", + "in": "body", + "description": "The Sentinel onboarding state parameter", + "required": false, + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + } + ], + "responses": { + "200": { + "description": "Resource 'SentinelOnboardingState' update operation succeeded", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "201": { + "description": "Resource 'SentinelOnboardingState' create operation succeeded", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/CreateSentinelOnboardingState.json" + } + } + }, + "delete": { + "operationId": "SentinelOnboardingStates_Delete", + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Delete Sentinel onboarding state", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sentinelOnboardingStateName", + "in": "path", + "description": "The Sentinel onboarding state name. Supports - default", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/DeleteSentinelOnboardingState.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings": { + "get": { + "operationId": "SecurityMLAnalyticsSettings_List", + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Gets all Security ML Analytics Settings.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}": { + "get": { + "operationId": "SecurityMLAnalyticsSettings_Get", + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Gets the Security ML Analytics Settings.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "settingsResourceName", + "in": "path", + "description": "Security ML Analytics Settings resource name", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a Anomaly Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json" + } + } + }, + "put": { + "operationId": "SecurityMLAnalyticsSettings_CreateOrUpdate", + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Creates or updates the Security ML Analytics Settings.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "settingsResourceName", + "in": "path", + "description": "Security ML Analytics Settings resource name", + "required": true, + "type": "string" + }, + { + "name": "securityMLAnalyticsSetting", + "in": "body", + "description": "The security ML Analytics setting", + "required": true, + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + } + ], + "responses": { + "200": { + "description": "Resource 'SecurityMLAnalyticsSetting' update operation succeeded", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "201": { + "description": "Resource 'SecurityMLAnalyticsSetting' create operation succeeded", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a Anomaly Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json" + } + } + }, + "delete": { + "operationId": "SecurityMLAnalyticsSettings_Delete", + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Delete the Security ML Analytics Settings.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "settingsResourceName", + "in": "path", + "description": "Security ML Analytics Settings resource name", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols": { + "get": { + "operationId": "SourceControls_List", + "tags": [ + "SourceControls" + ], + "description": "Gets all source controls, without source control items.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SourceControlList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all source controls.": { + "$ref": "./examples/sourcecontrols/GetSourceControls.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}": { + "get": { + "operationId": "SourceControls_Get", + "tags": [ + "SourceControls" + ], + "description": "Gets a source control byt its identifier.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sourceControlId", + "in": "path", + "description": "Source control Id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a source control.": { + "$ref": "./examples/sourcecontrols/GetSourceControlById.json" + } + } + }, + "put": { + "operationId": "SourceControls_Create", + "tags": [ + "SourceControls" + ], + "description": "Creates a source control.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sourceControlId", + "in": "path", + "description": "Source control Id", + "required": true, + "type": "string" + }, + { + "name": "sourceControl", + "in": "body", + "description": "The SourceControl", + "required": true, + "schema": { + "$ref": "#/definitions/SourceControl" + } + } + ], + "responses": { + "200": { + "description": "Resource 'SourceControl' update operation succeeded", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "201": { + "description": "Resource 'SourceControl' create operation succeeded", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Creates or updates a source control.": { + "$ref": "./examples/sourcecontrols/CreateSourceControl.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete": { + "post": { + "operationId": "SourceControls_Delete", + "tags": [ + "SourceControls" + ], + "description": "Delete a source control.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "sourceControlId", + "in": "path", + "description": "Source control Id", + "required": true, + "type": "string" + }, + { + "name": "repositoryAccess", + "in": "body", + "description": "The repository access credentials.", + "required": true, + "schema": { + "$ref": "#/definitions/RepositoryAccessProperties" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Warning" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a source control.": { + "$ref": "./examples/sourcecontrols/DeleteSourceControl.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": { + "post": { + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "tags": [ + "ThreatIntelligence" + ], + "description": "Create a new threat intelligence indicator.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ThreatIntelligenceProperties", + "in": "body", + "description": "The content of the action request", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + } + } + ], + "responses": { + "200": { + "description": "Resource 'ThreatIntelligenceInformation' update operation succeeded", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Resource 'ThreatIntelligenceInformation' create operation succeeded", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create a new Threat Intelligence": { + "$ref": "./examples/threatintelligence/CreateThreatIntelligence.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators": { + "get": { + "operationId": "ThreatIntelligenceIndicators_List", + "tags": [ + "ThreatIntelligence" + ], + "description": "Get all threat intelligence indicators.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$filter", + "in": "query", + "description": "Filters the results, based on a Boolean condition. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Returns only the first n results. Optional.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + }, + { + "name": "$orderby", + "in": "query", + "description": "Sorts the results. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all threat intelligence indicators": { + "$ref": "./examples/threatintelligence/GetThreatIntelligence.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}": { + "get": { + "operationId": "ThreatIntelligenceIndicator_Get", + "tags": [ + "ThreatIntelligence" + ], + "description": "View a threat intelligence indicator by name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "name", + "in": "path", + "description": "Threat intelligence indicator name field.", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "View a threat intelligence indicator by name": { + "$ref": "./examples/threatintelligence/GetThreatIntelligenceById.json" + } + } + }, + "put": { + "operationId": "ThreatIntelligenceIndicator_Create", + "tags": [ + "ThreatIntelligence" + ], + "description": "Update a threat Intelligence indicator.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "name", + "in": "path", + "description": "Threat intelligence indicator name field.", + "required": true, + "type": "string" + }, + { + "name": "ThreatIntelligenceProperties", + "in": "body", + "description": "Properties of threat intelligence indicators to create and update.", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + } + } + ], + "responses": { + "200": { + "description": "Resource 'ThreatIntelligenceInformation' update operation succeeded", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Resource 'ThreatIntelligenceInformation' create operation succeeded", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Update a threat Intelligence indicator": { + "$ref": "./examples/threatintelligence/UpdateThreatIntelligence.json" + } + } + }, + "delete": { + "operationId": "ThreatIntelligenceIndicator_Delete", + "tags": [ + "ThreatIntelligence" + ], + "description": "Delete a threat intelligence indicator.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "name", + "in": "path", + "description": "Threat intelligence indicator name field.", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/DeleteThreatIntelligence.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags": { + "post": { + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "tags": [ + "ThreatIntelligence" + ], + "description": "Append tags to a threat intelligence indicator.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "name", + "in": "path", + "description": "Threat intelligence indicator name field.", + "required": true, + "type": "string" + }, + { + "name": "ThreatIntelligenceAppendTags", + "in": "body", + "description": "The threat intelligence append tags request body", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceAppendTags" + } + } + ], + "responses": { + "200": { + "description": "The request has succeeded." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Append tags to a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/AppendTagsThreatIntelligence.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags": { + "post": { + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "tags": [ + "ThreatIntelligence" + ], + "description": "Replace tags added to a threat intelligence indicator.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "name", + "in": "path", + "description": "Threat intelligence indicator name field.", + "required": true, + "type": "string" + }, + { + "name": "ThreatIntelligenceReplaceTags", + "in": "body", + "description": "Tags in the threat intelligence indicator to be replaced.", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Replace tags to a Threat Intelligence": { + "$ref": "./examples/threatintelligence/ReplaceTagsThreatIntelligence.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics": { + "get": { + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "tags": [ + "ThreatIntelligence" + ], + "description": "Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceMetricsList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get threat intelligence indicators metrics.": { + "$ref": "./examples/threatintelligence/CollectThreatIntelligenceMetrics.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators": { + "post": { + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "tags": [ + "ThreatIntelligence" + ], + "description": "Query threat intelligence indicators as per filtering criteria.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "ThreatIntelligenceFilteringCriteria", + "in": "body", + "description": "The content of the action request", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceFilteringCriteria" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Query threat intelligence indicators as per filtering criteria": { + "$ref": "./examples/threatintelligence/QueryThreatIntelligence.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists": { + "get": { + "operationId": "Watchlists_List", + "tags": [ + "Watchlists" + ], + "description": "Get all watchlists, without watchlist items.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WatchlistList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all watchlists.": { + "$ref": "./examples/watchlists/GetWatchlists.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}": { + "get": { + "operationId": "Watchlists_Get", + "tags": [ + "Watchlists" + ], + "description": "Get a watchlist, without its watchlist items.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a watchlist.": { + "$ref": "./examples/watchlists/GetWatchlistByAlias.json" + } + } + }, + "put": { + "operationId": "Watchlists_CreateOrUpdate", + "tags": [ + "Watchlists" + ], + "description": "Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with rawContent and contentType properties.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + }, + { + "name": "watchlist", + "in": "body", + "description": "The watchlist", + "required": true, + "schema": { + "$ref": "#/definitions/Watchlist" + } + } + ], + "responses": { + "200": { + "description": "Resource 'Watchlist' update operation succeeded", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "201": { + "description": "Resource 'Watchlist' create operation succeeded", + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "headers": { + "Azure-AsyncOperation": { + "type": "string", + "description": "A link to the status monitor" + }, + "Retry-After": { + "type": "integer", + "format": "int32", + "description": "The Retry-After header can indicate how long the client should wait before polling the operation status." + } + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a watchlist and bulk creates watchlist items.": { + "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItems.json" + }, + "Create or update a watchlist.": { + "$ref": "./examples/watchlists/CreateWatchlist.json" + } + }, + "x-ms-long-running-operation-options": { + "final-state-via": "azure-async-operation", + "final-state-schema": "#/definitions/Watchlist" + }, + "x-ms-long-running-operation": true + }, + "delete": { + "operationId": "Watchlists_Delete", + "tags": [ + "Watchlists" + ], + "description": "Delete a watchlist.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + } + ], + "responses": { + "202": { + "description": "Resource deletion accepted.", + "headers": { + "Azure-AsyncOperation": { + "type": "string", + "format": "uri", + "description": "A link to the status monitor" + }, + "Location": { + "type": "string", + "description": "The Location header contains the URL where the status of the long running operation can be checked." + }, + "Retry-After": { + "type": "integer", + "format": "int32", + "description": "The Retry-After header can indicate how long the client should wait before polling the operation status." + } + } + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a watchlist.": { + "$ref": "./examples/watchlists/DeleteWatchlist.json" + } + }, + "x-ms-long-running-operation-options": { + "final-state-via": "azure-async-operation" + }, + "x-ms-long-running-operation": true + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems": { + "get": { + "operationId": "WatchlistItems_List", + "tags": [ + "WatchlistItems" + ], + "description": "Get all watchlist Items.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + }, + { + "name": "$skipToken", + "in": "query", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WatchlistItemList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get all watchlist Items.": { + "$ref": "./examples/watchlists/GetWatchlistItems.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": { + "get": { + "operationId": "WatchlistItems_Get", + "tags": [ + "WatchlistItems" + ], + "description": "Get a watchlist item.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + }, + { + "name": "watchlistItemId", + "in": "path", + "description": "The watchlist item id (GUID)", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a watchlist item.": { + "$ref": "./examples/watchlists/GetWatchlistItemById.json" + } + } + }, + "put": { + "operationId": "WatchlistItems_CreateOrUpdate", + "tags": [ + "WatchlistItems" + ], + "description": "Create or update a watchlist item.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + }, + { + "name": "watchlistItemId", + "in": "path", + "description": "The watchlist item id (GUID)", + "required": true, + "type": "string" + }, + { + "name": "watchlistItem", + "in": "body", + "description": "The watchlist item", + "required": true, + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + } + ], + "responses": { + "200": { + "description": "Resource 'WatchlistItem' update operation succeeded", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "201": { + "description": "Resource 'WatchlistItem' create operation succeeded", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create or update a watchlist item.": { + "$ref": "./examples/watchlists/CreateWatchlistItem.json" + } + } + }, + "delete": { + "operationId": "WatchlistItems_Delete", + "tags": [ + "WatchlistItems" + ], + "description": "Delete a watchlist item.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "workspaceName", + "in": "path", + "description": "The name of the monitor workspace.", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 90, + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$" + }, + { + "name": "watchlistAlias", + "in": "path", + "description": "The watchlist alias", + "required": true, + "type": "string" + }, + { + "name": "watchlistItemId", + "in": "path", + "description": "The watchlist item id (GUID)", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a watchlist item.": { + "$ref": "./examples/watchlists/DeleteWatchlistItem.json" + } + } + } + } + }, + "definitions": { + "AADDataConnector": { + "type": "object", + "description": "Represents AADIP (Azure Active Directory Identity Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AADDataConnectorProperties", + "description": "AADIP (Azure Active Directory Identity Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADDataConnectorProperties": { + "type": "object", + "description": "AADIP (Azure Active Directory Identity Protection) data connector properties.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "required": [ + "tenantId" + ] + }, + "AATPDataConnector": { + "type": "object", + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPDataConnectorProperties", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPDataConnectorProperties": { + "type": "object", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "required": [ + "tenantId" + ] + }, + "ASCDataConnector": { + "type": "object", + "description": "Represents ASC (Azure Security Center) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCDataConnectorProperties", + "description": "ASC (Azure Security Center) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCDataConnectorProperties": { + "type": "object", + "description": "ASC (Azure Security Center) data connector properties.", + "properties": { + "subscriptionId": { + "type": "string", + "description": "The subscription id to connect to, and get the data from." + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ] + }, + "AWSAuthModel": { + "type": "object", + "description": "Model for API authentication with AWS.", + "properties": { + "roleArn": { + "type": "string", + "description": "AWS STS assume role ARN" + }, + "externalId": { + "type": "string", + "description": "AWS STS assume role external ID. This is used to prevent the confused deputy problem: 'https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html'" + } + }, + "required": [ + "roleArn" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "AWS" + }, + "AccountEntity": { + "type": "object", + "description": "Represents an account entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AccountEntityProperties", + "description": "Account entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Account" + }, + "AccountEntityProperties": { + "type": "object", + "description": "Account entity property bag.", + "properties": { + "aadTenantId": { + "type": "string", + "description": "The Azure Active Directory tenant id.", + "readOnly": true + }, + "aadUserId": { + "type": "string", + "description": "The Azure Active Directory user id.", + "readOnly": true + }, + "accountName": { + "type": "string", + "description": "The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.", + "readOnly": true + }, + "displayName": { + "type": "string", + "description": "The display name of the account.", + "readOnly": true + }, + "hostEntityId": { + "type": "string", + "description": "The Host entity id that contains the account in case it is a local account (not domain joined)", + "readOnly": true + }, + "isDomainJoined": { + "type": "boolean", + "description": "Determines whether this is a domain account.", + "readOnly": true + }, + "ntDomain": { + "type": "string", + "description": "The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY.", + "readOnly": true + }, + "objectGuid": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.", + "readOnly": true + }, + "puid": { + "type": "string", + "description": "The Azure Active Directory Passport User ID.", + "readOnly": true + }, + "sid": { + "type": "string", + "description": "The account security identifier, e.g. S-1-5-18.", + "readOnly": true + }, + "upnSuffix": { + "type": "string", + "description": "The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.", + "readOnly": true + }, + "dnsDomain": { + "type": "string", + "description": "The fully qualified domain DNS name.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "ActionPropertiesBase": { + "type": "object", + "description": "Action property bag base.", + "properties": { + "logicAppResourceId": { + "type": "string", + "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}." + } + }, + "required": [ + "logicAppResourceId" + ] + }, + "ActionRequest": { + "type": "object", + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionRequestProperties", + "description": "Action properties for put request", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ] + }, + "ActionRequestProperties": { + "type": "object", + "description": "Action property bag.", + "properties": { + "triggerUri": { + "type": "string", + "format": "password", + "description": "Logic App Callback URL for this specific workflow.", + "x-ms-secret": true + } + }, + "required": [ + "triggerUri" + ], + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ] + }, + "ActionResponse": { + "type": "object", + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionResponseProperties", + "description": "Action properties for get request", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the action." + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "ActionResponseProperties": { + "type": "object", + "description": "Action property bag.", + "properties": { + "workflowId": { + "type": "string", + "description": "The name of the logic app's workflow." + } + }, + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ] + }, + "ActionType": { + "type": "string", + "description": "The type of the automation rule action.", + "enum": [ + "ModifyProperties", + "RunPlaybook", + "AddIncidentTask" + ], + "x-ms-enum": { + "name": "ActionType", + "modelAsString": true, + "values": [ + { + "name": "ModifyProperties", + "value": "ModifyProperties", + "description": "Modify an object's properties" + }, + { + "name": "RunPlaybook", + "value": "RunPlaybook", + "description": "Run a playbook on an object" + }, + { + "name": "AddIncidentTask", + "value": "AddIncidentTask", + "description": "Add a task to an incident object" + } + ] + } + }, + "ActionsList": { + "type": "object", + "description": "List all the actions.", + "properties": { + "value": { + "type": "array", + "description": "The ActionResponse items on this page", + "items": { + "$ref": "#/definitions/ActionResponse" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "AddIncidentTaskActionProperties": { + "type": "object", + "properties": { + "title": { + "type": "string", + "description": "The title of the task." + }, + "description": { + "type": "string", + "description": "The description of the task." + } + }, + "required": [ + "title" + ] + }, + "AlertDetail": { + "type": "string", + "description": "Alert detail", + "enum": [ + "DisplayName", + "Severity" + ], + "x-ms-enum": { + "name": "AlertDetail", + "modelAsString": true, + "values": [ + { + "name": "DisplayName", + "value": "DisplayName", + "description": "Alert display name" + }, + { + "name": "Severity", + "value": "Severity", + "description": "Alert severity" + } + ] + } + }, + "AlertDetailsOverride": { + "type": "object", + "description": "Settings for how to dynamically override alert static details", + "properties": { + "alertDisplayNameFormat": { + "type": "string", + "description": "the format containing columns name(s) to override the alert name" + }, + "alertDescriptionFormat": { + "type": "string", + "description": "the format containing columns name(s) to override the alert description" + }, + "alertTacticsColumnName": { + "type": "string", + "description": "the column name to take the alert tactics from" + }, + "alertSeverityColumnName": { + "type": "string", + "description": "the column name to take the alert severity from" + }, + "alertDynamicProperties": { + "type": "array", + "description": "List of additional dynamic properties to override", + "items": { + "$ref": "#/definitions/AlertPropertyMapping" + }, + "x-ms-identifiers": [] + } + } + }, + "AlertProperty": { + "type": "string", + "description": "The V3 alert property", + "enum": [ + "AlertLink", + "ConfidenceLevel", + "ConfidenceScore", + "ExtendedLinks", + "ProductName", + "ProviderName", + "ProductComponentName", + "RemediationSteps", + "Techniques" + ], + "x-ms-enum": { + "name": "AlertProperty", + "modelAsString": true, + "values": [ + { + "name": "AlertLink", + "value": "AlertLink", + "description": "Alert's link" + }, + { + "name": "ConfidenceLevel", + "value": "ConfidenceLevel", + "description": "Confidence level property" + }, + { + "name": "ConfidenceScore", + "value": "ConfidenceScore", + "description": "Confidence score" + }, + { + "name": "ExtendedLinks", + "value": "ExtendedLinks", + "description": "Extended links to the alert" + }, + { + "name": "ProductName", + "value": "ProductName", + "description": "Product name alert property" + }, + { + "name": "ProviderName", + "value": "ProviderName", + "description": "Provider name alert property" + }, + { + "name": "ProductComponentName", + "value": "ProductComponentName", + "description": "Product component name alert property" + }, + { + "name": "RemediationSteps", + "value": "RemediationSteps", + "description": "Remediation steps alert property" + }, + { + "name": "Techniques", + "value": "Techniques", + "description": "Techniques alert property" + } + ] + } + }, + "AlertPropertyMapping": { + "type": "object", + "description": "A single alert property mapping to override", + "properties": { + "alertProperty": { + "$ref": "#/definitions/AlertProperty", + "description": "The V3 alert property" + }, + "value": { + "type": "string", + "description": "the column name to use to override this property" + } + } + }, + "AlertRule": { + "type": "object", + "description": "Alert rule.", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "AlertRuleKind": { + "type": "string", + "description": "The kind of the alert rule", + "enum": [ + "Scheduled", + "MicrosoftSecurityIncidentCreation", + "Fusion" + ], + "x-ms-enum": { + "name": "AlertRuleKind", + "modelAsString": true, + "values": [ + { + "name": "Scheduled", + "value": "Scheduled", + "description": "Scheduled" + }, + { + "name": "MicrosoftSecurityIncidentCreation", + "value": "MicrosoftSecurityIncidentCreation", + "description": "MicrosoftSecurityIncidentCreation" + }, + { + "name": "Fusion", + "value": "Fusion", + "description": "Fusion" + } + ] + } + }, + "AlertRuleTemplate": { + "type": "object", + "description": "Alert rule template.", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "AlertRuleTemplateDataSource": { + "type": "object", + "description": "alert rule template data sources", + "properties": { + "connectorId": { + "type": "string", + "description": "The connector id that provides the following data types" + }, + "dataTypes": { + "type": "array", + "description": "The data types used by the alert rule template", + "items": { + "type": "string" + } + } + } + }, + "AlertRuleTemplatePropertiesBase": { + "type": "object", + "description": "Base alert rule template property bag.", + "properties": { + "alertRulesCreatedByTemplateCount": { + "type": "integer", + "format": "int32", + "description": "The number of alert rules that were created by this template" + }, + "lastUpdatedDateUTC": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert rule template has been updated.", + "readOnly": true + }, + "createdDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template has been added.", + "readOnly": true + }, + "description": { + "type": "string", + "description": "The description of the alert rule template." + }, + "displayName": { + "type": "string", + "description": "The display name for alert rule template." + }, + "requiredDataConnectors": { + "type": "array", + "description": "The required data sources for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ] + }, + "status": { + "$ref": "#/definitions/TemplateStatus", + "description": "The alert rule template status." + } + } + }, + "AlertRuleTemplatesList": { + "type": "object", + "description": "List all the alert rule templates.", + "properties": { + "value": { + "type": "array", + "description": "The AlertRuleTemplate items on this page", + "items": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "AlertRulesList": { + "type": "object", + "description": "List all the alert rules.", + "properties": { + "value": { + "type": "array", + "description": "The AlertRule items on this page", + "items": { + "$ref": "#/definitions/AlertRule" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "AlertSeverity": { + "type": "string", + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "x-ms-enum": { + "name": "AlertSeverity", + "modelAsString": true, + "values": [ + { + "name": "High", + "value": "High", + "description": "High severity" + }, + { + "name": "Medium", + "value": "Medium", + "description": "Medium severity" + }, + { + "name": "Low", + "value": "Low", + "description": "Low severity" + }, + { + "name": "Informational", + "value": "Informational", + "description": "Informational severity" + } + ] + } + }, + "AlertStatus": { + "type": "string", + "description": "The lifecycle status of the alert.", + "enum": [ + "Unknown", + "New", + "Resolved", + "Dismissed", + "InProgress" + ], + "x-ms-enum": { + "name": "AlertStatus", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown value" + }, + { + "name": "New", + "value": "New", + "description": "New alert" + }, + { + "name": "Resolved", + "value": "Resolved", + "description": "Alert closed after handling" + }, + { + "name": "Dismissed", + "value": "Dismissed", + "description": "Alert dismissed as false positive" + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "Alert is being handled" + } + ] + } + }, + "AlertsDataTypeOfDataConnector": { + "type": "object", + "description": "Alerts data type for data connectors.", + "properties": { + "alerts": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Alerts data type connection." + } + }, + "required": [ + "alerts" + ] + }, + "AnomalySecurityMLAnalyticsSettings": { + "type": "object", + "description": "Represents Anomaly Security ML Analytics Settings", + "properties": { + "properties": { + "$ref": "#/definitions/AnomalySecurityMLAnalyticsSettingsProperties", + "description": "Anomaly Security ML Analytics Settings properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + ], + "x-ms-discriminator-value": "Anomaly" + }, + "AnomalySecurityMLAnalyticsSettingsProperties": { + "type": "object", + "description": "AnomalySecurityMLAnalytics settings base property bag.", + "properties": { + "description": { + "type": "string", + "description": "The description of the SecurityMLAnalyticsSettings." + }, + "displayName": { + "type": "string", + "description": "The display name for settings created by this SecurityMLAnalyticsSettings." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this settings is enabled or disabled." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this SecurityMLAnalyticsSettings has been modified.", + "readOnly": true + }, + "requiredDataConnectors": { + "type": "array", + "description": "The required data sources for this SecurityMLAnalyticsSettings", + "items": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ] + }, + "tactics": { + "type": "array", + "description": "The tactics of the SecurityMLAnalyticsSettings", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the SecurityMLAnalyticsSettings", + "items": { + "type": "string" + } + }, + "anomalyVersion": { + "type": "string", + "description": "The anomaly version of the AnomalySecurityMLAnalyticsSettings." + }, + "customizableObservations": { + "description": "The customizable observations of the AnomalySecurityMLAnalyticsSettings." + }, + "frequency": { + "type": "string", + "format": "duration", + "description": "The frequency that this SecurityMLAnalyticsSettings will be run." + }, + "settingsStatus": { + "$ref": "#/definitions/SettingsStatus", + "description": "The anomaly SecurityMLAnalyticsSettings status" + }, + "isDefaultSettings": { + "type": "boolean", + "description": "Determines whether this anomaly security ml analytics settings is a default settings" + }, + "anomalySettingsVersion": { + "type": "integer", + "format": "int32", + "description": "The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not." + }, + "settingsDefinitionId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The anomaly settings definition Id" + } + }, + "required": [ + "displayName", + "enabled", + "anomalyVersion", + "frequency", + "settingsStatus", + "isDefaultSettings" + ] + }, + "AntispamMailDirection": { + "type": "string", + "description": "The directionality of this mail message", + "enum": [ + "Unknown", + "Inbound", + "Outbound", + "Intraorg" + ], + "x-ms-enum": { + "name": "AntispamMailDirection", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown" + }, + { + "name": "Inbound", + "value": "Inbound", + "description": "Inbound" + }, + { + "name": "Outbound", + "value": "Outbound", + "description": "Outbound" + }, + { + "name": "Intraorg", + "value": "Intraorg", + "description": "Intraorg" + } + ] + } + }, + "ApiKeyAuthModel": { + "type": "object", + "description": "Model for authentication with the API Key. Will result in additional header on the request (default behavior) to the remote server: 'ApiKeyName: ApiKeyIdentifier ApiKey'. If 'IsApiKeyInPostPayload' is true it will send it in the body of the request and not the header.", + "properties": { + "apiKey": { + "type": "string", + "description": "API Key for the user secret key credential" + }, + "apiKeyName": { + "type": "string", + "description": "API Key name" + }, + "apiKeyIdentifier": { + "type": "string", + "description": "API Key Identifier" + }, + "isApiKeyInPostPayload": { + "type": "boolean", + "description": "Flag to indicate if API key is set in HTTP POST payload" + } + }, + "required": [ + "apiKey", + "apiKeyName" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "APIKey" + }, + "AttackTactic": { + "type": "string", + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "Reconnaissance", + "ResourceDevelopment", + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "PreAttack", + "ImpairProcessControl", + "InhibitResponseFunction" + ], + "x-ms-enum": { + "name": "AttackTactic", + "modelAsString": true, + "values": [ + { + "name": "Reconnaissance", + "value": "Reconnaissance", + "description": "Reconnaissance" + }, + { + "name": "ResourceDevelopment", + "value": "ResourceDevelopment", + "description": "ResourceDevelopment" + }, + { + "name": "InitialAccess", + "value": "InitialAccess", + "description": "InitialAccess" + }, + { + "name": "Execution", + "value": "Execution", + "description": "Execution" + }, + { + "name": "Persistence", + "value": "Persistence", + "description": "Persistence" + }, + { + "name": "PrivilegeEscalation", + "value": "PrivilegeEscalation", + "description": "PrivilegeEscalation" + }, + { + "name": "DefenseEvasion", + "value": "DefenseEvasion", + "description": "DefenseEvasion" + }, + { + "name": "CredentialAccess", + "value": "CredentialAccess", + "description": "CredentialAccess" + }, + { + "name": "Discovery", + "value": "Discovery", + "description": "Discovery" + }, + { + "name": "LateralMovement", + "value": "LateralMovement", + "description": "LateralMovement" + }, + { + "name": "Collection", + "value": "Collection", + "description": "Collection" + }, + { + "name": "Exfiltration", + "value": "Exfiltration", + "description": "Exfiltration" + }, + { + "name": "CommandAndControl", + "value": "CommandAndControl", + "description": "CommandAndControl" + }, + { + "name": "Impact", + "value": "Impact", + "description": "Impact" + }, + { + "name": "PreAttack", + "value": "PreAttack", + "description": "PreAttack" + }, + { + "name": "ImpairProcessControl", + "value": "ImpairProcessControl", + "description": "ImpairProcessControl" + }, + { + "name": "InhibitResponseFunction", + "value": "InhibitResponseFunction", + "description": "InhibitResponseFunction" + } + ] + } + }, + "AutomationRule": { + "type": "object", + "description": "Concrete proxy resource types can be created by aliasing this type using a specific property type.", + "properties": { + "properties": { + "$ref": "#/definitions/AutomationRuleProperties", + "description": "Automation rule properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "required": [ + "properties" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "AutomationRuleAction": { + "type": "object", + "description": "Describes an automation rule action.", + "properties": { + "order": { + "type": "integer", + "format": "int32" + }, + "actionType": { + "$ref": "#/definitions/ActionType", + "description": "The type of the automation rule action." + } + }, + "discriminator": "actionType", + "required": [ + "order", + "actionType" + ] + }, + "AutomationRuleAddIncidentTaskAction": { + "type": "object", + "description": "Describes an automation rule action to add a task to an incident", + "properties": { + "actionConfiguration": { + "$ref": "#/definitions/AddIncidentTaskActionProperties" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "x-ms-discriminator-value": "AddIncidentTask" + }, + "AutomationRuleBooleanCondition": { + "type": "object", + "properties": { + "operator": { + "$ref": "#/definitions/AutomationRuleBooleanConditionSupportedOperator" + }, + "innerConditions": { + "type": "array", + "minItems": 2, + "maxItems": 10, + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [] + } + } + }, + "AutomationRuleBooleanConditionSupportedOperator": { + "type": "string", + "enum": [ + "And", + "Or" + ], + "x-ms-enum": { + "name": "AutomationRuleBooleanConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "name": "And", + "value": "And", + "description": "Evaluates as true if all the item conditions are evaluated as true" + }, + { + "name": "Or", + "value": "Or", + "description": "Evaluates as true if at least one of the item conditions are evaluated as true" + } + ] + } + }, + "AutomationRuleCondition": { + "type": "object", + "description": "Describes an automation rule condition.", + "properties": { + "conditionType": { + "$ref": "#/definitions/ConditionType" + } + }, + "discriminator": "conditionType", + "required": [ + "conditionType" + ] + }, + "AutomationRuleModifyPropertiesAction": { + "type": "object", + "description": "Describes an automation rule action to modify an object's properties", + "properties": { + "actionConfiguration": { + "$ref": "#/definitions/IncidentPropertiesAction" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "x-ms-discriminator-value": "ModifyProperties" + }, + "AutomationRuleProperties": { + "type": "object", + "description": "Automation rule properties", + "properties": { + "displayName": { + "type": "string", + "description": "The display name of the automation rule.", + "maxLength": 500 + }, + "order": { + "type": "integer", + "format": "int32", + "description": "The order of execution of the automation rule.", + "minimum": 1, + "maximum": 1000 + }, + "triggeringLogic": { + "$ref": "#/definitions/AutomationRuleTriggeringLogic", + "description": "Describes automation rule triggering logic." + }, + "actions": { + "type": "array", + "description": "The actions to execute when the automation rule is triggered.", + "maxItems": 20, + "items": { + "$ref": "#/definitions/AutomationRuleAction" + }, + "x-ms-identifiers": [] + }, + "lastModifiedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The last time the automation rule was updated.", + "readOnly": true + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the automation rule was created.", + "readOnly": true + }, + "lastModifiedBy": { + "$ref": "#/definitions/ClientInfo", + "description": "Information on the client (user or application) that made some action", + "readOnly": true + }, + "createdBy": { + "$ref": "#/definitions/ClientInfo", + "description": "Information on the client (user or application) that made some action", + "readOnly": true + } + }, + "required": [ + "displayName", + "order", + "triggeringLogic", + "actions" + ] + }, + "AutomationRulePropertyArrayChangedConditionSupportedArrayType": { + "type": "string", + "enum": [ + "Alerts", + "Labels", + "Tactics", + "Comments" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "name": "Alerts", + "value": "Alerts", + "description": "Evaluate the condition on the alerts" + }, + { + "name": "Labels", + "value": "Labels", + "description": "Evaluate the condition on the labels" + }, + { + "name": "Tactics", + "value": "Tactics", + "description": "Evaluate the condition on the tactics" + }, + { + "name": "Comments", + "value": "Comments", + "description": "Evaluate the condition on the comments" + } + ] + } + }, + "AutomationRulePropertyArrayChangedConditionSupportedChangeType": { + "type": "string", + "enum": [ + "Added" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedChangeType", + "modelAsString": true, + "values": [ + { + "name": "Added", + "value": "Added", + "description": "Evaluate the condition on items added to the array" + } + ] + } + }, + "AutomationRulePropertyArrayChangedValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedArrayType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedChangeType" + } + } + }, + "AutomationRulePropertyArrayConditionSupportedArrayConditionType": { + "type": "string", + "enum": [ + "AnyItem", + "AllItems" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyArrayConditionSupportedArrayConditionType", + "modelAsString": true, + "values": [ + { + "name": "AnyItem", + "value": "AnyItem", + "description": "Evaluate the condition as true if any item fulfills it" + }, + { + "name": "AllItems", + "value": "AllItems", + "description": "Evaluate the condition as true if all the items fulfill it" + } + ] + } + }, + "AutomationRulePropertyArrayConditionSupportedArrayType": { + "type": "string", + "enum": [ + "CustomDetails", + "CustomDetailValues" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyArrayConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "name": "CustomDetails", + "value": "CustomDetails", + "description": "Evaluate the condition on the custom detail keys" + }, + { + "name": "CustomDetailValues", + "value": "CustomDetailValues", + "description": "Evaluate the condition on a custom detail's values" + } + ] + } + }, + "AutomationRulePropertyArrayValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayType" + }, + "arrayConditionType": { + "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayConditionType" + }, + "itemConditions": { + "type": "array", + "maxItems": 10, + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [] + } + } + }, + "AutomationRulePropertyChangedConditionSupportedChangedType": { + "type": "string", + "enum": [ + "ChangedFrom", + "ChangedTo" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedChangedType", + "modelAsString": true, + "values": [ + { + "name": "ChangedFrom", + "value": "ChangedFrom", + "description": "Evaluate the condition on the previous value of the property" + }, + { + "name": "ChangedTo", + "value": "ChangedTo", + "description": "Evaluate the condition on the updated value of the property" + } + ] + } + }, + "AutomationRulePropertyChangedConditionSupportedPropertyType": { + "type": "string", + "enum": [ + "IncidentSeverity", + "IncidentStatus", + "IncidentOwner" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedPropertyType", + "modelAsString": true, + "values": [ + { + "name": "IncidentSeverity", + "value": "IncidentSeverity", + "description": "Evaluate the condition on the incident severity" + }, + { + "name": "IncidentStatus", + "value": "IncidentStatus", + "description": "Evaluate the condition on the incident status" + }, + { + "name": "IncidentOwner", + "value": "IncidentOwner", + "description": "Evaluate the condition on the incident owner" + } + ] + } + }, + "AutomationRulePropertyConditionSupportedOperator": { + "type": "string", + "enum": [ + "Equals", + "NotEquals", + "Contains", + "NotContains", + "StartsWith", + "NotStartsWith", + "EndsWith", + "NotEndsWith" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "name": "Equals", + "value": "Equals", + "description": "Evaluates if the property equals at least one of the condition values" + }, + { + "name": "NotEquals", + "value": "NotEquals", + "description": "Evaluates if the property does not equal any of the condition values" + }, + { + "name": "Contains", + "value": "Contains", + "description": "Evaluates if the property contains at least one of the condition values" + }, + { + "name": "NotContains", + "value": "NotContains", + "description": "Evaluates if the property does not contain any of the condition values" + }, + { + "name": "StartsWith", + "value": "StartsWith", + "description": "Evaluates if the property starts with any of the condition values" + }, + { + "name": "NotStartsWith", + "value": "NotStartsWith", + "description": "Evaluates if the property does not start with any of the condition values" + }, + { + "name": "EndsWith", + "value": "EndsWith", + "description": "Evaluates if the property ends with any of the condition values" + }, + { + "name": "NotEndsWith", + "value": "NotEndsWith", + "description": "Evaluates if the property does not end with any of the condition values" + } + ] + } + }, + "AutomationRulePropertyConditionSupportedProperty": { + "type": "string", + "description": "The property to evaluate in an automation rule property condition.", + "enum": [ + "IncidentTitle", + "IncidentDescription", + "IncidentSeverity", + "IncidentStatus", + "IncidentRelatedAnalyticRuleIds", + "IncidentTactics", + "IncidentLabel", + "IncidentProviderName", + "IncidentUpdatedBySource", + "IncidentCustomDetailsKey", + "IncidentCustomDetailsValue", + "AccountAadTenantId", + "AccountAadUserId", + "AccountName", + "AccountNTDomain", + "AccountPUID", + "AccountSid", + "AccountObjectGuid", + "AccountUPNSuffix", + "AlertProductNames", + "AlertAnalyticRuleIds", + "AzureResourceResourceId", + "AzureResourceSubscriptionId", + "CloudApplicationAppId", + "CloudApplicationAppName", + "DNSDomainName", + "FileDirectory", + "FileName", + "FileHashValue", + "HostAzureID", + "HostName", + "HostNetBiosName", + "HostNTDomain", + "HostOSVersion", + "IoTDeviceId", + "IoTDeviceName", + "IoTDeviceType", + "IoTDeviceVendor", + "IoTDeviceModel", + "IoTDeviceOperatingSystem", + "IPAddress", + "MailboxDisplayName", + "MailboxPrimaryAddress", + "MailboxUPN", + "MailMessageDeliveryAction", + "MailMessageDeliveryLocation", + "MailMessageRecipient", + "MailMessageSenderIP", + "MailMessageSubject", + "MailMessageP1Sender", + "MailMessageP2Sender", + "MalwareCategory", + "MalwareName", + "ProcessCommandLine", + "ProcessId", + "RegistryKey", + "RegistryValueData", + "Url" + ], + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedProperty", + "modelAsString": true, + "values": [ + { + "name": "IncidentTitle", + "value": "IncidentTitle", + "description": "The title of the incident" + }, + { + "name": "IncidentDescription", + "value": "IncidentDescription", + "description": "The description of the incident" + }, + { + "name": "IncidentSeverity", + "value": "IncidentSeverity", + "description": "The severity of the incident" + }, + { + "name": "IncidentStatus", + "value": "IncidentStatus", + "description": "The status of the incident" + }, + { + "name": "IncidentRelatedAnalyticRuleIds", + "value": "IncidentRelatedAnalyticRuleIds", + "description": "The related Analytic rule ids of the incident" + }, + { + "name": "IncidentTactics", + "value": "IncidentTactics", + "description": "The tactics of the incident" + }, + { + "name": "IncidentLabel", + "value": "IncidentLabel", + "description": "The labels of the incident" + }, + { + "name": "IncidentProviderName", + "value": "IncidentProviderName", + "description": "The provider name of the incident" + }, + { + "name": "IncidentUpdatedBySource", + "value": "IncidentUpdatedBySource", + "description": "The update source of the incident" + }, + { + "name": "IncidentCustomDetailsKey", + "value": "IncidentCustomDetailsKey", + "description": "The incident custom detail key" + }, + { + "name": "IncidentCustomDetailsValue", + "value": "IncidentCustomDetailsValue", + "description": "The incident custom detail value" + }, + { + "name": "AccountAadTenantId", + "value": "AccountAadTenantId", + "description": "The account Azure Active Directory tenant id" + }, + { + "name": "AccountAadUserId", + "value": "AccountAadUserId", + "description": "The account Azure Active Directory user id" + }, + { + "name": "AccountName", + "value": "AccountName", + "description": "The account name" + }, + { + "name": "AccountNTDomain", + "value": "AccountNTDomain", + "description": "The account NetBIOS domain name" + }, + { + "name": "AccountPUID", + "value": "AccountPUID", + "description": "The account Azure Active Directory Passport User ID" + }, + { + "name": "AccountSid", + "value": "AccountSid", + "description": "The account security identifier" + }, + { + "name": "AccountObjectGuid", + "value": "AccountObjectGuid", + "description": "The account unique identifier" + }, + { + "name": "AccountUPNSuffix", + "value": "AccountUPNSuffix", + "description": "The account user principal name suffix" + }, + { + "name": "AlertProductNames", + "value": "AlertProductNames", + "description": "The name of the product of the alert" + }, + { + "name": "AlertAnalyticRuleIds", + "value": "AlertAnalyticRuleIds", + "description": "The analytic rule ids of the alert" + }, + { + "name": "AzureResourceResourceId", + "value": "AzureResourceResourceId", + "description": "The Azure resource id" + }, + { + "name": "AzureResourceSubscriptionId", + "value": "AzureResourceSubscriptionId", + "description": "The Azure resource subscription id" + }, + { + "name": "CloudApplicationAppId", + "value": "CloudApplicationAppId", + "description": "The cloud application identifier" + }, + { + "name": "CloudApplicationAppName", + "value": "CloudApplicationAppName", + "description": "The cloud application name" + }, + { + "name": "DNSDomainName", + "value": "DNSDomainName", + "description": "The dns record domain name" + }, + { + "name": "FileDirectory", + "value": "FileDirectory", + "description": "The file directory full path" + }, + { + "name": "FileName", + "value": "FileName", + "description": "The file name without path" + }, + { + "name": "FileHashValue", + "value": "FileHashValue", + "description": "The file hash value" + }, + { + "name": "HostAzureID", + "value": "HostAzureID", + "description": "The host Azure resource id" + }, + { + "name": "HostName", + "value": "HostName", + "description": "The host name without domain" + }, + { + "name": "HostNetBiosName", + "value": "HostNetBiosName", + "description": "The host NetBIOS name" + }, + { + "name": "HostNTDomain", + "value": "HostNTDomain", + "description": "The host NT domain" + }, + { + "name": "HostOSVersion", + "value": "HostOSVersion", + "description": "The host operating system" + }, + { + "name": "IoTDeviceId", + "value": "IoTDeviceId", + "description": "\"The IoT device id" + }, + { + "name": "IoTDeviceName", + "value": "IoTDeviceName", + "description": "The IoT device name" + }, + { + "name": "IoTDeviceType", + "value": "IoTDeviceType", + "description": "The IoT device type" + }, + { + "name": "IoTDeviceVendor", + "value": "IoTDeviceVendor", + "description": "The IoT device vendor" + }, + { + "name": "IoTDeviceModel", + "value": "IoTDeviceModel", + "description": "The IoT device model" + }, + { + "name": "IoTDeviceOperatingSystem", + "value": "IoTDeviceOperatingSystem", + "description": "The IoT device operating system" + }, + { + "name": "IPAddress", + "value": "IPAddress", + "description": "The IP address" + }, + { + "name": "MailboxDisplayName", + "value": "MailboxDisplayName", + "description": "The mailbox display name" + }, + { + "name": "MailboxPrimaryAddress", + "value": "MailboxPrimaryAddress", + "description": "The mailbox primary address" + }, + { + "name": "MailboxUPN", + "value": "MailboxUPN", + "description": "The mailbox user principal name" + }, + { + "name": "MailMessageDeliveryAction", + "value": "MailMessageDeliveryAction", + "description": "The mail message delivery action" + }, + { + "name": "MailMessageDeliveryLocation", + "value": "MailMessageDeliveryLocation", + "description": "The mail message delivery location" + }, + { + "name": "MailMessageRecipient", + "value": "MailMessageRecipient", + "description": "The mail message recipient" + }, + { + "name": "MailMessageSenderIP", + "value": "MailMessageSenderIP", + "description": "The mail message sender IP address" + }, + { + "name": "MailMessageSubject", + "value": "MailMessageSubject", + "description": "The mail message subject" + }, + { + "name": "MailMessageP1Sender", + "value": "MailMessageP1Sender", + "description": "The mail message P1 sender" + }, + { + "name": "MailMessageP2Sender", + "value": "MailMessageP2Sender", + "description": "The mail message P2 sender" + }, + { + "name": "MalwareCategory", + "value": "MalwareCategory", + "description": "The malware category" + }, + { + "name": "MalwareName", + "value": "MalwareName", + "description": "The malware name" + }, + { + "name": "ProcessCommandLine", + "value": "ProcessCommandLine", + "description": "The process execution command line" + }, + { + "name": "ProcessId", + "value": "ProcessId", + "description": "The process id" + }, + { + "name": "RegistryKey", + "value": "RegistryKey", + "description": "The registry key path" + }, + { + "name": "RegistryValueData", + "value": "RegistryValueData", + "description": "The registry key value in string formatted representation" + }, + { + "name": "Url", + "value": "Url", + "description": "The url" + } + ] + } + }, + "AutomationRulePropertyValuesChangedCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedPropertyType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedChangedType" + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRulePropertyValuesCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedProperty", + "description": "The property to evaluate in an automation rule property condition." + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRuleRunPlaybookAction": { + "type": "object", + "description": "Describes an automation rule action to run a playbook", + "properties": { + "actionConfiguration": { + "$ref": "#/definitions/PlaybookActionProperties" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "x-ms-discriminator-value": "RunPlaybook" + }, + "AutomationRuleTriggeringLogic": { + "type": "object", + "description": "Describes automation rule triggering logic.", + "properties": { + "isEnabled": { + "type": "boolean", + "description": "Determines whether the automation rule is enabled or disabled." + }, + "expirationTimeUtc": { + "type": "string", + "format": "date-time", + "description": "Determines when the automation rule should automatically expire and be disabled." + }, + "triggersOn": { + "$ref": "#/definitions/TriggersOn" + }, + "triggersWhen": { + "$ref": "#/definitions/TriggersWhen" + }, + "conditions": { + "type": "array", + "description": "The conditions to evaluate to determine if the automation rule should be triggered on a given object.", + "maxItems": 50, + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [ + "conditionType" + ] + } + }, + "required": [ + "isEnabled", + "triggersOn", + "triggersWhen" + ] + }, + "AutomationRulesList": { + "type": "object", + "description": "Paged collection of AutomationRule items", + "properties": { + "value": { + "type": "array", + "description": "The AutomationRule items on this page", + "items": { + "$ref": "#/definitions/AutomationRule" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "AwsCloudTrailDataConnector": { + "type": "object", + "description": "Represents Amazon Web Services CloudTrail data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", + "description": "Amazon Web Services CloudTrail data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsCloudTrailDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Amazon Web Services CloudTrail data connector.", + "properties": { + "logs": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypesLogs", + "description": "Logs data type." + } + }, + "required": [ + "logs" + ] + }, + "AwsCloudTrailDataConnectorDataTypesLogs": { + "type": "object", + "description": "Logs data type.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "AwsCloudTrailDataConnectorProperties": { + "type": "object", + "description": "Amazon Web Services CloudTrail data connector properties.", + "properties": { + "awsRoleArn": { + "type": "string", + "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account." + }, + "dataTypes": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ] + }, + "Azure.Core.uuid": { + "type": "string", + "format": "uuid", + "description": "Universally Unique Identifier" + }, + "AzureDevOpsResourceInfo": { + "type": "object", + "description": "Resources created in Azure DevOps repository.", + "properties": { + "pipelineId": { + "type": "string", + "description": "Id of the pipeline created for the source-control." + }, + "serviceConnectionId": { + "type": "string", + "description": "Id of the service-connection created for the source-control." + } + } + }, + "AzureResourceEntity": { + "type": "object", + "description": "Represents an azure resource entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AzureResourceEntityProperties", + "description": "AzureResource entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "AzureResource" + }, + "AzureResourceEntityProperties": { + "type": "object", + "description": "AzureResource entity property bag.", + "properties": { + "resourceId": { + "type": "string", + "description": "The azure resource id of the resource", + "readOnly": true + }, + "subscriptionId": { + "type": "string", + "description": "The subscription id of the resource", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "BasicAuthModel": { + "type": "object", + "description": "Model for API authentication with basic flow - user name + password.", + "properties": { + "userName": { + "type": "string", + "description": "The user name." + }, + "password": { + "type": "string", + "format": "password", + "description": "The password", + "x-ms-secret": true + } + }, + "required": [ + "userName", + "password" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "Basic" + }, + "Bookmark": { + "type": "object", + "description": "Represents a bookmark in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/BookmarkProperties", + "description": "Bookmark properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "BookmarkList": { + "type": "object", + "description": "List all the bookmarks.", + "properties": { + "value": { + "type": "array", + "description": "The Bookmark items on this page", + "items": { + "$ref": "#/definitions/Bookmark" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "BookmarkProperties": { + "type": "object", + "description": "Describes bookmark properties", + "properties": { + "created": { + "type": "string", + "format": "date-time", + "description": "The time the bookmark was created" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark" + }, + "displayName": { + "type": "string", + "description": "The display name of the bookmark" + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this bookmark", + "items": { + "type": "string" + } + }, + "notes": { + "type": "string", + "description": "The notes of the bookmark" + }, + "query": { + "type": "string", + "description": "The query of the bookmark." + }, + "queryResult": { + "type": "string", + "description": "The query result of the bookmark." + }, + "updated": { + "type": "string", + "format": "date-time", + "description": "The last time the bookmark was updated" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark" + }, + "eventTime": { + "type": "string", + "format": "date-time", + "description": "The bookmark event time" + }, + "queryStartTime": { + "type": "string", + "format": "date-time", + "description": "The start time for the query" + }, + "queryEndTime": { + "type": "string", + "format": "date-time", + "description": "The end time for the query" + }, + "incidentInfo": { + "$ref": "#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark" + } + }, + "required": [ + "displayName", + "query" + ] + }, + "BooleanConditionProperties": { + "type": "object", + "description": "Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions", + "properties": { + "conditionProperties": { + "$ref": "#/definitions/AutomationRuleBooleanCondition" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "x-ms-discriminator-value": "Boolean" + }, + "CcpAuthConfig": { + "type": "object", + "description": "Base Model for API authentication.", + "properties": { + "type": { + "$ref": "#/definitions/CcpAuthType", + "description": "The auth type" + } + }, + "discriminator": "type", + "required": [ + "type" + ] + }, + "CcpAuthType": { + "type": "string", + "description": "Type of paging", + "enum": [ + "Basic", + "APIKey", + "OAuth2", + "AWS", + "GCP", + "Session", + "JwtToken", + "GitHub", + "ServiceBus", + "Oracle", + "None" + ], + "x-ms-enum": { + "name": "CcpAuthType", + "modelAsString": true, + "values": [ + { + "name": "Basic", + "value": "Basic", + "description": "Basic" + }, + { + "name": "APIKey", + "value": "APIKey", + "description": "APIKey" + }, + { + "name": "OAuth2", + "value": "OAuth2", + "description": "OAuth2" + }, + { + "name": "AWS", + "value": "AWS", + "description": "AWS" + }, + { + "name": "GCP", + "value": "GCP", + "description": "GCP" + }, + { + "name": "Session", + "value": "Session", + "description": "Session" + }, + { + "name": "JwtToken", + "value": "JwtToken", + "description": "JwtToken" + }, + { + "name": "GitHub", + "value": "GitHub", + "description": "GitHub" + }, + { + "name": "ServiceBus", + "value": "ServiceBus", + "description": "ServiceBus" + }, + { + "name": "Oracle", + "value": "Oracle", + "description": "Oracle" + }, + { + "name": "None", + "value": "None", + "description": "None" + } + ] + } + }, + "CcpResponseConfig": { + "type": "object", + "description": "A custom response configuration for a rule.", + "properties": { + "eventsJsonPaths": { + "type": "array", + "description": "The json paths, '$' char is the json root.", + "items": { + "type": "string" + } + }, + "successStatusJsonPath": { + "type": "string", + "description": "The value where the status message/code should appear in the response." + }, + "successStatusValue": { + "type": "string", + "description": "The status value.", + "x-nullable": true + }, + "isGzipCompressed": { + "type": "boolean", + "description": "The value indicating whether the remote server support Gzip and we should expect Gzip response." + }, + "compressionAlgo": { + "type": "string", + "description": "The compression algorithm. For Example: 'gzip', 'multi-gzip', 'deflate'.", + "default": "gzip" + }, + "format": { + "type": "string", + "description": "The response format. possible values are json,csv,xml", + "default": "json" + }, + "csvDelimiter": { + "type": "string", + "description": "The csv delimiter, in case the response format is CSV." + }, + "hasCsvBoundary": { + "type": "boolean", + "description": "The value indicating whether the response has CSV boundary in case the response in CSV format.", + "x-nullable": true + }, + "hasCsvHeader": { + "type": "boolean", + "description": "The value indicating whether the response has headers in case the response in CSV format.", + "x-nullable": true + }, + "convertChildPropertiesToArray": { + "type": "boolean", + "description": "The value indicating whether the response isn't an array of events / logs. By setting this flag to true it means the remote server will response with an object which each property has as a value an array of events / logs.", + "x-nullable": true + }, + "csvEscape": { + "type": "string", + "description": "The character used to escape characters in CSV.", + "default": "\"", + "minLength": 1, + "maxLength": 1, + "x-nullable": true + } + }, + "required": [ + "eventsJsonPaths" + ] + }, + "ClientInfo": { + "type": "object", + "description": "Information on the client (user or application) that made some action", + "properties": { + "email": { + "type": "string", + "description": "The email of the client." + }, + "name": { + "type": "string", + "description": "The name of the client." + }, + "objectId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The object id of the client." + }, + "userPrincipalName": { + "type": "string", + "description": "The user principal name of the client." + } + } + }, + "CloudApplicationEntity": { + "type": "object", + "description": "Represents a cloud application entity.", + "properties": { + "properties": { + "$ref": "#/definitions/CloudApplicationEntityProperties", + "description": "CloudApplication entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "CloudApplication" + }, + "CloudApplicationEntityProperties": { + "type": "object", + "description": "CloudApplication entity property bag.", + "properties": { + "appId": { + "type": "integer", + "format": "int32", + "description": "The technical identifier of the application.", + "readOnly": true + }, + "appName": { + "type": "string", + "description": "The name of the related cloud application.", + "readOnly": true + }, + "instanceName": { + "type": "string", + "description": "The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "CloudError": { + "type": "object", + "description": "Error response structure.", + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody", + "description": "Error data" + } + } + }, + "CloudErrorBody": { + "type": "object", + "description": "Error details.", + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", + "readOnly": true + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface.", + "readOnly": true + } + } + }, + "ConditionType": { + "type": "string", + "enum": [ + "Property", + "PropertyArray", + "PropertyChanged", + "PropertyArrayChanged", + "Boolean" + ], + "x-ms-enum": { + "name": "ConditionType", + "modelAsString": true, + "values": [ + { + "name": "Property", + "value": "Property", + "description": "Evaluate an object property value" + }, + { + "name": "PropertyArray", + "value": "PropertyArray", + "description": "Evaluate an object array property value" + }, + { + "name": "PropertyChanged", + "value": "PropertyChanged", + "description": "Evaluate an object property changed value" + }, + { + "name": "PropertyArrayChanged", + "value": "PropertyArrayChanged", + "description": "Evaluate an object array property changed value" + }, + { + "name": "Boolean", + "value": "Boolean", + "description": "Apply a boolean operator (e.g AND, OR) to conditions" + } + ] + } + }, + "ConfidenceLevel": { + "type": "string", + "description": "The confidence level of this alert.", + "enum": [ + "Unknown", + "Low", + "High" + ], + "x-ms-enum": { + "name": "ConfidenceLevel", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown confidence, the is the default value" + }, + { + "name": "Low", + "value": "Low", + "description": "Low confidence, meaning we have some doubts this is indeed malicious or part of an attack" + }, + { + "name": "High", + "value": "High", + "description": "High confidence that the alert is true positive malicious" + } + ] + } + }, + "ConfidenceScoreStatus": { + "type": "string", + "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", + "enum": [ + "NotApplicable", + "InProcess", + "NotFinal", + "Final" + ], + "x-ms-enum": { + "name": "ConfidenceScoreStatus", + "modelAsString": true, + "values": [ + { + "name": "NotApplicable", + "value": "NotApplicable", + "description": "Score will not be calculated for this alert as it is not supported by virtual analyst" + }, + { + "name": "InProcess", + "value": "InProcess", + "description": "No score was set yet and calculation is in progress" + }, + { + "name": "NotFinal", + "value": "NotFinal", + "description": "Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data" + }, + { + "name": "Final", + "value": "Final", + "description": "Final score was calculated and available" + } + ] + } + }, + "ConnectivityCriterion": { + "type": "object", + "description": "The criteria by which we determine whether the connector is connected or not.\nFor Example, use a KQL query to check if the expected data type is flowing).", + "properties": { + "type": { + "type": "string", + "description": "Gets or sets the type of connectivity." + }, + "value": { + "type": "array", + "description": "Gets or sets the queries for checking connectivity.", + "items": { + "type": "string" + } + } + }, + "required": [ + "type" + ] + }, + "ConnectorDataType": { + "type": "object", + "description": "The data type which is created by the connector,\nincluding a query indicated when was the last time that data type was received in the workspace.", + "properties": { + "name": { + "type": "string", + "description": "Gets or sets the name of the data type to show in the graph." + }, + "lastDataReceivedQuery": { + "type": "string", + "description": "Gets or sets the query to indicate when relevant data was last received in the workspace." + } + }, + "required": [ + "name", + "lastDataReceivedQuery" + ] + }, + "ConnectorDefinitionsAvailability": { + "type": "object", + "description": "The exposure status of the connector to the customers.", + "properties": { + "status": { + "type": "integer", + "format": "int32", + "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." + }, + "isPreview": { + "type": "boolean", + "description": "Gets or sets a value indicating whether the connector is preview." + } + } + }, + "ConnectorDefinitionsPermissions": { + "type": "object", + "description": "The required Permissions for the connector.", + "properties": { + "tenant": { + "type": "array", + "description": "Gets or sets the required tenant permissions for the connector.", + "items": { + "type": "string" + } + }, + "licenses": { + "type": "array", + "description": "Gets or sets the required licenses for the user to create connections.", + "items": { + "type": "string" + } + }, + "resourceProvider": { + "type": "array", + "description": "Gets or sets the resource provider permissions required for the user to create connections.", + "items": { + "$ref": "#/definitions/ConnectorDefinitionsResourceProvider" + }, + "x-ms-identifiers": [] + }, + "customs": { + "type": "array", + "description": "Gets or sets the customs permissions required for the user to create connections.", + "items": { + "$ref": "#/definitions/CustomPermissionDetails" + }, + "x-ms-identifiers": [] + } + } + }, + "ConnectorDefinitionsResourceProvider": { + "type": "object", + "description": "The resource provider details include the required permissions for the user to create connections.\nThe user should have the required permissions(Read\\Write, ..) in the specified scope ProviderPermissionsScope against the specified resource provider.", + "properties": { + "provider": { + "type": "string", + "description": "Gets or sets the provider name." + }, + "permissionsDisplayText": { + "type": "string", + "description": "Gets or sets the permissions description text." + }, + "providerDisplayName": { + "type": "string", + "description": "Gets or sets the permissions provider display name." + }, + "scope": { + "$ref": "#/definitions/ProviderPermissionsScope", + "description": "The scope on which the user should have permissions, in order to be able to create connections." + }, + "requiredPermissions": { + "$ref": "#/definitions/ResourceProviderRequiredPermissions", + "description": "Required permissions for the connector resource provider that define in ResourceProviders.\nFor more information about the permissions see here." + } + }, + "required": [ + "provider", + "permissionsDisplayText", + "providerDisplayName", + "scope", + "requiredPermissions" + ] + }, + "ContentType": { + "type": "string", + "description": "The content type of a source control path.", + "enum": [ + "AnalyticsRule", + "AutomationRule", + "HuntingQuery", + "Parser", + "Playbook", + "Workbook" + ], + "x-ms-enum": { + "name": "ContentType", + "modelAsString": true, + "values": [ + { + "name": "AnalyticsRule", + "value": "AnalyticsRule", + "description": "AnalyticsRule" + }, + { + "name": "AutomationRule", + "value": "AutomationRule", + "description": "AutomationRule" + }, + { + "name": "HuntingQuery", + "value": "HuntingQuery", + "description": "HuntingQuery" + }, + { + "name": "Parser", + "value": "Parser", + "description": "Parser" + }, + { + "name": "Playbook", + "value": "Playbook", + "description": "Playbook" + }, + { + "name": "Workbook", + "value": "Workbook", + "description": "Workbook" + } + ] + } + }, + "CreatedByType": { + "type": "string", + "description": "The type of identity that created the resource.", + "enum": [ + "User", + "Application", + "ManagedIdentity", + "Key" + ], + "x-ms-enum": { + "name": "CreatedByType", + "modelAsString": true, + "values": [ + { + "name": "User", + "value": "User", + "description": "User" + }, + { + "name": "Application", + "value": "Application", + "description": "Application" + }, + { + "name": "ManagedIdentity", + "value": "ManagedIdentity", + "description": "ManagedIdentity" + }, + { + "name": "Key", + "value": "Key", + "description": "Key" + } + ] + } + }, + "CustomPermissionDetails": { + "type": "object", + "description": "The Custom permissions required for the connector.", + "properties": { + "name": { + "type": "string", + "description": "Gets or sets the custom permissions name." + }, + "description": { + "type": "string", + "description": "Gets or sets the custom permissions description." + } + }, + "required": [ + "name", + "description" + ] + }, + "CustomizableConnectionsConfig": { + "type": "object", + "description": "The UiConfig for 'Customizable' connector definition kind.", + "properties": { + "templateSpecName": { + "type": "string", + "description": "Gets or sets the template name. The template includes ARM templates that can be created by the connector, usually it will be the dataConnectors ARM templates." + }, + "templateSpecVersion": { + "type": "string", + "description": "Gets or sets the template version." + } + }, + "required": [ + "templateSpecName", + "templateSpecVersion" + ] + }, + "CustomizableConnectorDefinition": { + "type": "object", + "description": "Connector definition for kind 'Customizable'.", + "properties": { + "properties": { + "$ref": "#/definitions/CustomizableConnectorDefinitionProperties", + "description": "Customizable properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDefinition" + } + ], + "x-ms-discriminator-value": "Customizable" + }, + "CustomizableConnectorDefinitionProperties": { + "type": "object", + "description": "The UiConfig for 'Customizable' connector definition kind.", + "properties": { + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "Gets or sets the connector definition created date in UTC format." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "Gets or sets the connector definition last modified date in UTC format." + }, + "connectorUiConfig": { + "$ref": "#/definitions/CustomizableConnectorUiConfig", + "description": "The UiConfig for 'Customizable' connector definition kind." + }, + "connectionsConfig": { + "$ref": "#/definitions/CustomizableConnectionsConfig", + "description": "The UiConfig for 'Customizable' connector definition kind." + } + }, + "required": [ + "connectorUiConfig" + ] + }, + "CustomizableConnectorUiConfig": { + "type": "object", + "description": "The UiConfig for 'Customizable' connector definition kind.", + "properties": { + "id": { + "type": "string", + "description": "Gets or sets custom connector id. optional field." + }, + "title": { + "type": "string", + "description": "Gets or sets the connector blade title." + }, + "publisher": { + "type": "string", + "description": "Gets or sets the connector publisher name." + }, + "descriptionMarkdown": { + "type": "string", + "description": "Gets or sets the connector description in markdown format." + }, + "graphQueries": { + "type": "array", + "description": "Gets or sets the graph queries to show the current data volume over time.", + "items": { + "$ref": "#/definitions/GraphQuery" + }, + "x-ms-identifiers": [] + }, + "dataTypes": { + "type": "array", + "description": "Gets or sets the data types to check for last data received.", + "items": { + "$ref": "#/definitions/ConnectorDataType" + }, + "x-ms-identifiers": [] + }, + "connectivityCriteria": { + "type": "array", + "description": "Gets or sets the way the connector checks whether the connector is connected.", + "items": { + "$ref": "#/definitions/ConnectivityCriterion" + }, + "x-ms-identifiers": [] + }, + "availability": { + "$ref": "#/definitions/ConnectorDefinitionsAvailability", + "description": "The exposure status of the connector to the customers." + }, + "permissions": { + "$ref": "#/definitions/ConnectorDefinitionsPermissions", + "description": "The required Permissions for the connector." + }, + "instructionSteps": { + "type": "array", + "description": "Gets or sets the instruction steps to enable the connector.", + "items": { + "$ref": "#/definitions/InstructionStep" + }, + "x-ms-identifiers": [] + }, + "logo": { + "type": "string", + "description": "Gets or sets the connector logo to be used when displaying the connector within Azure Sentinel's connector's gallery.\nThe logo value should be in SVG format." + }, + "isConnectivityCriteriasMatchSome": { + "type": "boolean", + "description": "Gets or sets a value indicating whether to use 'OR'(SOME) or 'AND' between ConnectivityCriteria items." + } + }, + "required": [ + "title", + "publisher", + "descriptionMarkdown", + "graphQueries", + "dataTypes", + "connectivityCriteria", + "permissions", + "instructionSteps" + ] + }, + "DCRConfiguration": { + "type": "object", + "description": "The configuration of the destination of the data.", + "properties": { + "dataCollectionEndpoint": { + "type": "string", + "description": "Represents the data collection ingestion endpoint in log analytics." + }, + "dataCollectionRuleImmutableId": { + "type": "string", + "description": "The data collection rule immutable id, the rule defines the transformation and data destination." + }, + "streamName": { + "type": "string", + "description": "The stream we are sending the data to." + } + }, + "required": [ + "dataCollectionEndpoint", + "dataCollectionRuleImmutableId", + "streamName" + ] + }, + "DataConnector": { + "type": "object", + "description": "Data connector", + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "DataConnectorDataTypeCommon": { + "type": "object", + "description": "Common field for data type in data connectors.", + "properties": { + "state": { + "$ref": "#/definitions/DataTypeState", + "description": "Describe whether this data type connection is enabled or not." + } + }, + "required": [ + "state" + ] + }, + "DataConnectorDefinition": { + "type": "object", + "description": "An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal,\nand the info required to define data connections.", + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorDefinitionKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "DataConnectorDefinitionArmCollectionWrapper": { + "type": "object", + "description": "Encapsulate the data connector definition object", + "properties": { + "value": { + "type": "array", + "description": "The DataConnectorDefinition items on this page", + "items": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "DataConnectorDefinitionKind": { + "type": "string", + "description": "The kind of the data connector definitions", + "enum": [ + "Customizable" + ], + "x-ms-enum": { + "name": "DataConnectorDefinitionKind", + "modelAsString": true, + "values": [ + { + "name": "Customizable", + "value": "Customizable", + "description": "Customizable" + } + ] + } + }, + "DataConnectorKind": { + "type": "string", + "description": "The kind of the data connector", + "enum": [ + "AzureActiveDirectory", + "AzureSecurityCenter", + "MicrosoftCloudAppSecurity", + "ThreatIntelligence", + "Office365", + "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", + "MicrosoftThreatIntelligence", + "PremiumMicrosoftDefenderForThreatIntelligence", + "RestApiPoller" + ], + "x-ms-enum": { + "name": "DataConnectorKind", + "modelAsString": true, + "values": [ + { + "name": "AzureActiveDirectory", + "value": "AzureActiveDirectory", + "description": "AzureActiveDirectory" + }, + { + "name": "AzureSecurityCenter", + "value": "AzureSecurityCenter", + "description": "AzureSecurityCenter" + }, + { + "name": "MicrosoftCloudAppSecurity", + "value": "MicrosoftCloudAppSecurity", + "description": "MicrosoftCloudAppSecurity" + }, + { + "name": "ThreatIntelligence", + "value": "ThreatIntelligence", + "description": "ThreatIntelligence" + }, + { + "name": "Office365", + "value": "Office365", + "description": "Office365" + }, + { + "name": "AmazonWebServicesCloudTrail", + "value": "AmazonWebServicesCloudTrail", + "description": "AmazonWebServicesCloudTrail" + }, + { + "name": "AzureAdvancedThreatProtection", + "value": "AzureAdvancedThreatProtection", + "description": "AzureAdvancedThreatProtection" + }, + { + "name": "MicrosoftDefenderAdvancedThreatProtection", + "value": "MicrosoftDefenderAdvancedThreatProtection", + "description": "MicrosoftDefenderAdvancedThreatProtection" + }, + { + "name": "MicrosoftThreatIntelligence", + "value": "MicrosoftThreatIntelligence", + "description": "MicrosoftThreatIntelligence" + }, + { + "name": "PremiumMicrosoftDefenderForThreatIntelligence", + "value": "PremiumMicrosoftDefenderForThreatIntelligence", + "description": "PremiumMicrosoftDefenderForThreatIntelligence" + }, + { + "name": "RestApiPoller", + "value": "RestApiPoller", + "description": "RestApiPoller" + } + ] + } + }, + "DataConnectorList": { + "type": "object", + "description": "List all the data connectors.", + "properties": { + "value": { + "type": "array", + "description": "The DataConnector items on this page", + "items": { + "$ref": "#/definitions/DataConnector" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "DataConnectorTenantId": { + "type": "object", + "description": "Properties data connector on tenant level.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + } + }, + "required": [ + "tenantId" + ] + }, + "DataConnectorWithAlertsProperties": { + "type": "object", + "description": "Data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + } + }, + "DataTypeState": { + "type": "string", + "description": "Describe whether this data type connection is enabled or not.", + "enum": [ + "Enabled", + "Disabled" + ], + "x-ms-enum": { + "name": "DataTypeState", + "modelAsString": true, + "values": [ + { + "name": "Enabled", + "value": "Enabled", + "description": "Enabled" + }, + { + "name": "Disabled", + "value": "Disabled", + "description": "Disabled" + } + ] + } + }, + "DeliveryAction": { + "type": "string", + "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc", + "enum": [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ], + "x-ms-enum": { + "name": "DeliveryAction", + "modelAsString": false, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown" + }, + { + "name": "DeliveredAsSpam", + "value": "DeliveredAsSpam", + "description": "DeliveredAsSpam" + }, + { + "name": "Delivered", + "value": "Delivered", + "description": "Delivered" + }, + { + "name": "Blocked", + "value": "Blocked", + "description": "Blocked" + }, + { + "name": "Replaced", + "value": "Replaced", + "description": "Replaced" + } + ] + } + }, + "DeliveryLocation": { + "type": "string", + "description": "The delivery location of this mail message like Inbox, JunkFolder etc", + "enum": [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ], + "x-ms-enum": { + "name": "DeliveryLocation", + "modelAsString": false, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown" + }, + { + "name": "Inbox", + "value": "Inbox", + "description": "Inbox" + }, + { + "name": "JunkFolder", + "value": "JunkFolder", + "description": "JunkFolder" + }, + { + "name": "DeletedFolder", + "value": "DeletedFolder", + "description": "DeletedFolder" + }, + { + "name": "Quarantine", + "value": "Quarantine", + "description": "Quarantine" + }, + { + "name": "External", + "value": "External", + "description": "External" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + }, + { + "name": "Dropped", + "value": "Dropped", + "description": "Dropped" + }, + { + "name": "Forwarded", + "value": "Forwarded", + "description": "Forwarded" + } + ] + } + }, + "Deployment": { + "type": "object", + "description": "Description about a deployment.", + "properties": { + "deploymentId": { + "type": "string", + "description": "Deployment identifier." + }, + "deploymentState": { + "$ref": "#/definitions/DeploymentState", + "description": "Current status of the deployment." + }, + "deploymentResult": { + "$ref": "#/definitions/DeploymentResult", + "description": "The outcome of the deployment." + }, + "deploymentTime": { + "type": "string", + "format": "date-time", + "description": "The time when the deployment finished." + }, + "deploymentLogsUrl": { + "type": "string", + "description": "Url to access repository action logs." + } + } + }, + "DeploymentFetchStatus": { + "type": "string", + "description": "Status while trying to fetch the deployment information.", + "enum": [ + "Success", + "Unauthorized", + "NotFound" + ], + "x-ms-enum": { + "name": "DeploymentFetchStatus", + "modelAsString": true, + "values": [ + { + "name": "Success", + "value": "Success", + "description": "Success" + }, + { + "name": "Unauthorized", + "value": "Unauthorized", + "description": "Unauthorized" + }, + { + "name": "NotFound", + "value": "NotFound", + "description": "NotFound" + } + ] + } + }, + "DeploymentInfo": { + "type": "object", + "description": "Information regarding a deployment.", + "properties": { + "deploymentFetchStatus": { + "$ref": "#/definitions/DeploymentFetchStatus", + "description": "Status while fetching the last deployment." + }, + "deployment": { + "$ref": "#/definitions/Deployment", + "description": "Deployment information." + }, + "message": { + "type": "string", + "description": "Additional details about the deployment that can be shown to the user." + } + } + }, + "DeploymentResult": { + "type": "string", + "description": "Status while trying to fetch the deployment information.", + "enum": [ + "Success", + "Canceled", + "Failed" + ], + "x-ms-enum": { + "name": "DeploymentResult", + "modelAsString": true, + "values": [ + { + "name": "Success", + "value": "Success", + "description": "Success" + }, + { + "name": "Canceled", + "value": "Canceled", + "description": "Canceled" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + } + ] + } + }, + "DeploymentState": { + "type": "string", + "description": "The current state of the deployment.", + "enum": [ + "In_Progress", + "Completed", + "Queued", + "Canceling" + ], + "x-ms-enum": { + "name": "DeploymentState", + "modelAsString": true, + "values": [ + { + "name": "In_Progress", + "value": "In_Progress", + "description": "In_Progress" + }, + { + "name": "Completed", + "value": "Completed", + "description": "Completed" + }, + { + "name": "Queued", + "value": "Queued", + "description": "Queued" + }, + { + "name": "Canceling", + "value": "Canceling", + "description": "Canceling" + } + ] + } + }, + "DnsEntity": { + "type": "object", + "description": "Represents a dns entity.", + "properties": { + "properties": { + "$ref": "#/definitions/DnsEntityProperties", + "description": "Dns entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "DnsResolution" + }, + "DnsEntityProperties": { + "type": "object", + "description": "Dns entity property bag.", + "properties": { + "dnsServerIpEntityId": { + "type": "string", + "description": "An ip entity id for the dns server resolving the request", + "readOnly": true + }, + "domainName": { + "type": "string", + "description": "The name of the dns record associated with the alert", + "readOnly": true + }, + "hostIpAddressEntityId": { + "type": "string", + "description": "An ip entity id for the dns request client", + "readOnly": true + }, + "ipAddressEntityIds": { + "type": "array", + "description": "Ip entity identifiers for the resolved ip address.", + "items": { + "type": "string" + }, + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "ElevationToken": { + "type": "string", + "description": "The elevation token associated with the process.", + "enum": [ + "Default", + "Full", + "Limited" + ], + "x-ms-enum": { + "name": "ElevationToken", + "modelAsString": false, + "values": [ + { + "name": "Default", + "value": "Default", + "description": "Default elevation token" + }, + { + "name": "Full", + "value": "Full", + "description": "Full elevation token" + }, + { + "name": "Limited", + "value": "Limited", + "description": "Limited elevation token" + } + ] + } + }, + "Entity": { + "type": "object", + "description": "Specific entity.", + "properties": { + "kind": { + "$ref": "#/definitions/EntityKindEnum", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "EntityCommonProperties": { + "type": "object", + "description": "Entity common property bag.", + "properties": { + "additionalData": { + "type": "object", + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "additionalProperties": {}, + "readOnly": true + }, + "friendlyName": { + "type": "string", + "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", + "readOnly": true + } + } + }, + "EntityKindEnum": { + "type": "string", + "description": "The kind of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DnsResolution", + "FileHash", + "Ip", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "Url", + "IoTDevice", + "SecurityAlert", + "Bookmark", + "MailCluster", + "MailMessage", + "Mailbox", + "SubmissionMail" + ], + "x-ms-enum": { + "name": "EntityKindEnum", + "modelAsString": true, + "values": [ + { + "name": "Account", + "value": "Account", + "description": "Entity represents account in the system." + }, + { + "name": "Host", + "value": "Host", + "description": "Entity represents host in the system." + }, + { + "name": "File", + "value": "File", + "description": "Entity represents file in the system." + }, + { + "name": "AzureResource", + "value": "AzureResource", + "description": "Entity represents azure resource in the system." + }, + { + "name": "CloudApplication", + "value": "CloudApplication", + "description": "Entity represents cloud application in the system." + }, + { + "name": "DnsResolution", + "value": "DnsResolution", + "description": "Entity represents dns resolution in the system." + }, + { + "name": "FileHash", + "value": "FileHash", + "description": "Entity represents file hash in the system." + }, + { + "name": "Ip", + "value": "Ip", + "description": "Entity represents ip in the system." + }, + { + "name": "Malware", + "value": "Malware", + "description": "Entity represents malware in the system." + }, + { + "name": "Process", + "value": "Process", + "description": "Entity represents process in the system." + }, + { + "name": "RegistryKey", + "value": "RegistryKey", + "description": "Entity represents registry key in the system." + }, + { + "name": "RegistryValue", + "value": "RegistryValue", + "description": "Entity represents registry value in the system." + }, + { + "name": "SecurityGroup", + "value": "SecurityGroup", + "description": "Entity represents security group in the system." + }, + { + "name": "Url", + "value": "Url", + "description": "Entity represents url in the system." + }, + { + "name": "IoTDevice", + "value": "IoTDevice", + "description": "Entity represents IoT device in the system." + }, + { + "name": "SecurityAlert", + "value": "SecurityAlert", + "description": "Entity represents security alert in the system." + }, + { + "name": "Bookmark", + "value": "Bookmark", + "description": "Entity represents bookmark in the system." + }, + { + "name": "MailCluster", + "value": "MailCluster", + "description": "Entity represents mail cluster in the system." + }, + { + "name": "MailMessage", + "value": "MailMessage", + "description": "Entity represents mail message in the system." + }, + { + "name": "Mailbox", + "value": "Mailbox", + "description": "Entity represents mailbox in the system." + }, + { + "name": "SubmissionMail", + "value": "SubmissionMail", + "description": "Entity represents submission mail in the system." + } + ] + } + }, + "EntityManualTriggerRequestBody": { + "type": "object", + "description": "Describes the request body for triggering a playbook on an entity.", + "properties": { + "incidentArmId": { + "type": "string", + "format": "arm-id", + "description": "Incident ARM id.", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "scopes": [ + "Extension" + ], + "type": "Microsoft.SecurityInsights/incidents" + } + ] + } + }, + "tenantId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The tenant id of the playbook resource." + }, + "logicAppsResourceId": { + "type": "string", + "format": "arm-id", + "description": "The resource id of the playbook resource.", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "type": "Microsoft.Logic/workflows" + }, + { + "type": "Microsoft.Web/sites" + } + ] + } + } + }, + "required": [ + "logicAppsResourceId" + ] + }, + "EntityMapping": { + "type": "object", + "description": "Single entity mapping for the alert rule", + "properties": { + "entityType": { + "$ref": "#/definitions/EntityMappingType", + "description": "The V3 type of the mapped entity" + }, + "fieldMappings": { + "type": "array", + "description": "array of field mappings for the given entity mapping", + "items": { + "$ref": "#/definitions/FieldMapping" + }, + "x-ms-identifiers": [] + } + } + }, + "EntityMappingType": { + "type": "string", + "description": "The V3 type of the mapped entity", + "enum": [ + "Account", + "Host", + "IP", + "Malware", + "File", + "Process", + "CloudApplication", + "DNS", + "AzureResource", + "FileHash", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail" + ], + "x-ms-enum": { + "name": "EntityMappingType", + "modelAsString": true, + "values": [ + { + "name": "Account", + "value": "Account", + "description": "User account entity type" + }, + { + "name": "Host", + "value": "Host", + "description": "Host entity type" + }, + { + "name": "IP", + "value": "IP", + "description": "IP address entity type" + }, + { + "name": "Malware", + "value": "Malware", + "description": "Malware entity type" + }, + { + "name": "File", + "value": "File", + "description": "System file entity type" + }, + { + "name": "Process", + "value": "Process", + "description": "Process entity type" + }, + { + "name": "CloudApplication", + "value": "CloudApplication", + "description": "Cloud app entity type" + }, + { + "name": "DNS", + "value": "DNS", + "description": "DNS entity type" + }, + { + "name": "AzureResource", + "value": "AzureResource", + "description": "Azure resource entity type" + }, + { + "name": "FileHash", + "value": "FileHash", + "description": "File-hash entity type" + }, + { + "name": "RegistryKey", + "value": "RegistryKey", + "description": "Registry key entity type" + }, + { + "name": "RegistryValue", + "value": "RegistryValue", + "description": "Registry value entity type" + }, + { + "name": "SecurityGroup", + "value": "SecurityGroup", + "description": "Security group entity type" + }, + { + "name": "URL", + "value": "URL", + "description": "URL entity type" + }, + { + "name": "Mailbox", + "value": "Mailbox", + "description": "Mailbox entity type" + }, + { + "name": "MailCluster", + "value": "MailCluster", + "description": "Mail cluster entity type" + }, + { + "name": "MailMessage", + "value": "MailMessage", + "description": "Mail message entity type" + }, + { + "name": "SubmissionMail", + "value": "SubmissionMail", + "description": "Submission mail entity type" + } + ] + } + }, + "EntityResource": { + "type": "object", + "description": "Entity resource model", + "properties": { + "name": { + "type": "string", + "description": "The name of the EntityResource", + "readOnly": true + } + }, + "required": [ + "name" + ] + }, + "EventGroupingAggregationKind": { + "type": "string", + "description": "The event grouping aggregation kinds", + "enum": [ + "SingleAlert", + "AlertPerResult" + ], + "x-ms-enum": { + "name": "EventGroupingAggregationKind", + "modelAsString": true, + "values": [ + { + "name": "SingleAlert", + "value": "SingleAlert", + "description": "SingleAlert" + }, + { + "name": "AlertPerResult", + "value": "AlertPerResult", + "description": "AlertPerResult" + } + ] + } + }, + "EventGroupingSettings": { + "type": "object", + "description": "Event grouping settings property bag.", + "properties": { + "aggregationKind": { + "$ref": "#/definitions/EventGroupingAggregationKind", + "description": "The event grouping aggregation kinds" + } + } + }, + "FieldMapping": { + "type": "object", + "description": "A single field mapping of the mapped entity", + "properties": { + "identifier": { + "type": "string", + "description": "the V3 identifier of the entity" + }, + "columnName": { + "type": "string", + "description": "the column name to be mapped to the identifier" + } + } + }, + "FileEntity": { + "type": "object", + "description": "Represents a file entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "File" + }, + "FileEntityProperties": { + "type": "object", + "description": "File entity property bag.", + "properties": { + "directory": { + "type": "string", + "description": "The full path to the file.", + "readOnly": true + }, + "fileHashEntityIds": { + "type": "array", + "description": "The file hash entity identifiers associated with this file", + "items": { + "type": "string" + }, + "readOnly": true + }, + "fileName": { + "type": "string", + "description": "The file name without path (some alerts might not include path).", + "readOnly": true + }, + "hostEntityId": { + "type": "string", + "description": "The Host entity id which the file belongs to", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "FileHashAlgorithm": { + "type": "string", + "description": "The hash algorithm type.", + "enum": [ + "Unknown", + "MD5", + "SHA1", + "SHA256", + "SHA256AC" + ], + "x-ms-enum": { + "name": "FileHashAlgorithm", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown hash algorithm" + }, + { + "name": "MD5", + "value": "MD5", + "description": "MD5 hash type" + }, + { + "name": "SHA1", + "value": "SHA1", + "description": "SHA1 hash type" + }, + { + "name": "SHA256", + "value": "SHA256", + "description": "SHA256 hash type" + }, + { + "name": "SHA256AC", + "value": "SHA256AC", + "description": "SHA256 Authenticode hash type" + } + ] + } + }, + "FileHashEntity": { + "type": "object", + "description": "Represents a file hash entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileHashEntityProperties", + "description": "FileHash entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "FileHash" + }, + "FileHashEntityProperties": { + "type": "object", + "description": "FileHash entity property bag.", + "properties": { + "algorithm": { + "$ref": "#/definitions/FileHashAlgorithm", + "description": "The hash algorithm type.", + "readOnly": true + }, + "hashValue": { + "type": "string", + "description": "The file hash value.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "Flag": { + "type": "string", + "description": "The boolean value the metadata is for.", + "enum": [ + "true", + "false" + ], + "x-ms-enum": { + "name": "Flag", + "modelAsString": true, + "values": [ + { + "name": "true", + "value": "true", + "description": "true" + }, + { + "name": "false", + "value": "false", + "description": "false" + } + ] + } + }, + "FusionAlertRule": { + "type": "object", + "description": "Represents Fusion alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleProperties", + "description": "Fusion alert rule properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleProperties": { + "type": "object", + "description": "Fusion alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "type": "string", + "description": "The Name of the alert rule template used to create this rule." + }, + "description": { + "type": "string", + "description": "The description of the alert rule.", + "readOnly": true + }, + "displayName": { + "type": "string", + "description": "The display name for alerts created by this alert rule.", + "readOnly": true + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert has been modified.", + "readOnly": true + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ] + }, + "FusionAlertRuleTemplate": { + "type": "object", + "description": "Represents Fusion alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleTemplateProperties", + "description": "Fusion alert rule template properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleTemplateProperties": { + "type": "object", + "description": "Fusion alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "type": "integer", + "format": "int32", + "description": "The number of alert rules that were created by this template" + }, + "createdDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template has been added.", + "readOnly": true + }, + "lastUpdatedDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template was last updated.", + "readOnly": true + }, + "description": { + "type": "string", + "description": "The description of the alert rule template." + }, + "displayName": { + "type": "string", + "description": "The display name for alert rule template." + }, + "requiredDataConnectors": { + "type": "array", + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "x-ms-identifiers": [] + }, + "status": { + "$ref": "#/definitions/TemplateStatus", + "description": "The alert rule template status." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + } + } + } + }, + "GCPAuthModel": { + "type": "object", + "description": "Model for API authentication for all GCP kind connectors.", + "properties": { + "serviceAccountEmail": { + "type": "string", + "description": "GCP Service Account Email" + }, + "projectNumber": { + "type": "string", + "description": "GCP Project Number" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "GCP Workload Identity Provider ID" + } + }, + "required": [ + "serviceAccountEmail", + "projectNumber", + "workloadIdentityProviderId" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "GCP" + }, + "GenericBlobSbsAuthModel": { + "type": "object", + "description": "Model for API authentication for working with service bus or storage account.", + "properties": { + "credentialsConfig": { + "type": "object", + "description": "Credentials for service bus namespace, keyvault uri for access key", + "additionalProperties": { + "type": "string" + } + }, + "storageAccountCredentialsConfig": { + "type": "object", + "description": "Credentials for storage account, keyvault uri for access key", + "additionalProperties": { + "type": "string" + } + } + }, + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "ServiceBus" + }, + "GeoLocation": { + "type": "object", + "description": "The geo-location context attached to the ip entity", + "properties": { + "asn": { + "type": "integer", + "format": "int32", + "description": "Autonomous System Number", + "readOnly": true + }, + "city": { + "type": "string", + "description": "City name", + "readOnly": true + }, + "countryCode": { + "type": "string", + "description": "The country code according to ISO 3166 format", + "readOnly": true + }, + "countryName": { + "type": "string", + "description": "Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name", + "readOnly": true + }, + "latitude": { + "type": "number", + "format": "double", + "description": "The latitude of the identified location, expressed as a floating point number with range of - 90 to 90. Latitude and longitude are derived from the city or postal code.", + "readOnly": true + }, + "longitude": { + "type": "number", + "format": "double", + "description": "The longitude of the identified location, expressed as a floating point number with range of -180 to 180. Latitude and longitude are derived from the city or postal code.", + "readOnly": true + }, + "state": { + "type": "string", + "description": "State name", + "readOnly": true + } + } + }, + "GitHubAuthModel": { + "type": "object", + "description": "Model for API authentication for GitHub. For this authentication first we need to approve the Router app (Microsoft Security DevOps) to access the GitHub account, Then we only need the InstallationId to get the access token from https://api.github.com/app/installations/{installId}/access_tokens.", + "properties": { + "installationId": { + "type": "string", + "description": "The GitHubApp auth installation id." + } + }, + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "GitHub" + }, + "GitHubResourceInfo": { + "type": "object", + "description": "Resources created in GitHub repository.", + "properties": { + "appInstallationId": { + "type": "string", + "description": "GitHub application installation id." + } + } + }, + "GraphQuery": { + "type": "object", + "description": "The graph query to show the volume of data arriving into the workspace over time.", + "properties": { + "metricName": { + "type": "string", + "description": "Gets or sets the metric name that the query is checking. For example: 'Total data receive'." + }, + "legend": { + "type": "string", + "description": "Gets or sets the legend for the graph." + }, + "baseQuery": { + "type": "string", + "description": "Gets or sets the base query for the graph.\nThe base query is wrapped by Sentinel UI infra with a KQL query, that measures the volume over time." + } + }, + "required": [ + "metricName", + "legend", + "baseQuery" + ] + }, + "GroupingConfiguration": { + "type": "object", + "description": "Grouping configuration property bag.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Grouping enabled" + }, + "reopenClosedIncident": { + "type": "boolean", + "description": "Re-open closed matching incidents" + }, + "lookbackDuration": { + "type": "string", + "format": "duration", + "description": "Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)" + }, + "matchingMethod": { + "$ref": "#/definitions/MatchingMethod", + "description": "Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty." + }, + "groupByEntities": { + "type": "array", + "description": "A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.", + "items": { + "$ref": "#/definitions/EntityMappingType" + } + }, + "groupByAlertDetails": { + "type": "array", + "description": "A list of alert details to group by (when matchingMethod is Selected)", + "items": { + "$ref": "#/definitions/AlertDetail" + } + }, + "groupByCustomDetails": { + "type": "array", + "description": "A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.", + "items": { + "type": "string" + } + } + }, + "required": [ + "enabled", + "reopenClosedIncident", + "lookbackDuration", + "matchingMethod" + ] + }, + "HostEntity": { + "type": "object", + "description": "Represents a host entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HostEntityProperties", + "description": "Host entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Host" + }, + "HostEntityProperties": { + "type": "object", + "description": "Host entity property bag.", + "properties": { + "azureID": { + "type": "string", + "description": "The azure resource id of the VM.", + "readOnly": true + }, + "dnsDomain": { + "type": "string", + "description": "The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain", + "readOnly": true + }, + "hostName": { + "type": "string", + "description": "The hostname without the domain suffix.", + "readOnly": true + }, + "isDomainJoined": { + "type": "boolean", + "description": "Determines whether this host belongs to a domain.", + "readOnly": true + }, + "netBiosName": { + "type": "string", + "description": "The host name (pre-windows2000).", + "readOnly": true + }, + "ntDomain": { + "type": "string", + "description": "The NT domain that this host belongs to.", + "readOnly": true + }, + "omsAgentID": { + "type": "string", + "description": "The OMS agent id, if the host has OMS agent installed.", + "readOnly": true + }, + "osFamily": { + "$ref": "#/definitions/OSFamily", + "description": "The operating system type." + }, + "osVersion": { + "type": "string", + "description": "A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "HttpMethodVerb": { + "type": "string", + "description": "The HTTP method, default value GET.", + "enum": [ + "GET", + "POST", + "PUT", + "DELETE" + ], + "x-ms-enum": { + "name": "HttpMethodVerb", + "modelAsString": true, + "values": [ + { + "name": "GET", + "value": "GET", + "description": "GET" + }, + { + "name": "POST", + "value": "POST", + "description": "POST" + }, + { + "name": "PUT", + "value": "PUT", + "description": "PUT" + }, + { + "name": "DELETE", + "value": "DELETE", + "description": "DELETE" + } + ] + } + }, + "HuntingBookmark": { + "type": "object", + "description": "Represents a Hunting bookmark entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntingBookmarkProperties", + "description": "HuntingBookmark entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Bookmark" + }, + "HuntingBookmarkProperties": { + "type": "object", + "description": "Describes bookmark properties", + "properties": { + "created": { + "type": "string", + "format": "date-time", + "description": "The time the bookmark was created" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark" + }, + "displayName": { + "type": "string", + "description": "The display name of the bookmark" + }, + "eventTime": { + "type": "string", + "format": "date-time", + "description": "The time of the event" + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this bookmark", + "items": { + "type": "string" + } + }, + "notes": { + "type": "string", + "description": "The notes of the bookmark" + }, + "query": { + "type": "string", + "description": "The query of the bookmark." + }, + "queryResult": { + "type": "string", + "description": "The query result of the bookmark." + }, + "updated": { + "type": "string", + "format": "date-time", + "description": "The last time the bookmark was updated" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark" + }, + "incidentInfo": { + "$ref": "#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark" + } + }, + "required": [ + "displayName", + "query" + ], + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "Incident": { + "type": "object", + "description": "Represents an incident in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentProperties", + "description": "Incident properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "IncidentAdditionalData": { + "type": "object", + "description": "Incident additional data property bag.", + "properties": { + "alertsCount": { + "type": "integer", + "format": "int32", + "description": "The number of alerts in the incident", + "readOnly": true + }, + "bookmarksCount": { + "type": "integer", + "format": "int32", + "description": "The number of bookmarks in the incident", + "readOnly": true + }, + "commentsCount": { + "type": "integer", + "format": "int32", + "description": "The number of comments in the incident", + "readOnly": true + }, + "alertProductNames": { + "type": "array", + "description": "List of product names of alerts in the incident", + "items": { + "type": "string" + }, + "readOnly": true + }, + "tactics": { + "type": "array", + "description": "The tactics associated with incident", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true + }, + "providerIncidentUrl": { + "type": "string", + "description": "The provider incident url to the incident in Microsoft 365 Defender portal", + "readOnly": true + } + } + }, + "IncidentAlertList": { + "type": "object", + "description": "List of incident alerts.", + "properties": { + "value": { + "type": "array", + "description": "Array of incident alerts.", + "items": { + "$ref": "#/definitions/SecurityAlert" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ] + }, + "IncidentBookmarkList": { + "type": "object", + "description": "List of incident bookmarks.", + "properties": { + "value": { + "type": "array", + "description": "Array of incident bookmarks.", + "items": { + "$ref": "#/definitions/HuntingBookmark" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ] + }, + "IncidentClassification": { + "type": "string", + "description": "The reason the incident was closed", + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ], + "x-ms-enum": { + "name": "IncidentClassification", + "modelAsString": true, + "values": [ + { + "name": "Undetermined", + "value": "Undetermined", + "description": "Incident classification was undetermined" + }, + { + "name": "TruePositive", + "value": "TruePositive", + "description": "Incident was true positive" + }, + { + "name": "BenignPositive", + "value": "BenignPositive", + "description": "Incident was benign positive" + }, + { + "name": "FalsePositive", + "value": "FalsePositive", + "description": "Incident was false positive" + } + ] + } + }, + "IncidentClassificationReason": { + "type": "string", + "description": "The classification reason the incident was closed with", + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ], + "x-ms-enum": { + "name": "IncidentClassificationReason", + "modelAsString": true, + "values": [ + { + "name": "SuspiciousActivity", + "value": "SuspiciousActivity", + "description": "Classification reason was suspicious activity" + }, + { + "name": "SuspiciousButExpected", + "value": "SuspiciousButExpected", + "description": "Classification reason was suspicious but expected" + }, + { + "name": "IncorrectAlertLogic", + "value": "IncorrectAlertLogic", + "description": "Classification reason was incorrect alert logic" + }, + { + "name": "InaccurateData", + "value": "InaccurateData", + "description": "Classification reason was inaccurate data" + } + ] + } + }, + "IncidentComment": { + "type": "object", + "description": "Represents an incident comment", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentCommentProperties", + "description": "Incident comment properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "IncidentCommentList": { + "type": "object", + "description": "List of incident comments.", + "properties": { + "value": { + "type": "array", + "description": "The IncidentComment items on this page", + "items": { + "$ref": "#/definitions/IncidentComment" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "IncidentCommentProperties": { + "type": "object", + "description": "Incident comment property bag.", + "properties": { + "message": { + "type": "string", + "description": "The comment message" + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the comment was created", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the comment was updated", + "readOnly": true + }, + "author": { + "$ref": "#/definitions/ClientInfo", + "description": "Describes the client that created the comment", + "readOnly": true + } + }, + "required": [ + "message" + ] + }, + "IncidentConfiguration": { + "type": "object", + "description": "Incident Configuration property bag.", + "properties": { + "createIncident": { + "type": "boolean", + "description": "Create incidents from alerts triggered by this analytics rule" + }, + "groupingConfiguration": { + "$ref": "#/definitions/GroupingConfiguration", + "description": "Set how the alerts that are triggered by this analytics rule, are grouped into incidents" + } + }, + "required": [ + "createIncident" + ] + }, + "IncidentEntitiesResponse": { + "type": "object", + "description": "The incident related entities response.", + "properties": { + "entities": { + "type": "array", + "description": "Array of the incident related entities.", + "items": { + "$ref": "#/definitions/Entity" + }, + "x-ms-identifiers": [] + }, + "metaData": { + "type": "array", + "description": "The metadata from the incident related entities results.", + "items": { + "$ref": "#/definitions/IncidentEntitiesResultsMetadata" + }, + "x-ms-identifiers": [] + } + } + }, + "IncidentEntitiesResultsMetadata": { + "type": "object", + "description": "Information of a specific aggregation in the incident related entities result.", + "properties": { + "entityKind": { + "$ref": "#/definitions/EntityKindEnum", + "description": "The kind of the aggregated entity." + }, + "count": { + "type": "integer", + "format": "int32", + "description": "Total number of aggregations of the given kind in the incident related entities result." + } + }, + "required": [ + "entityKind", + "count" + ] + }, + "IncidentInfo": { + "type": "object", + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "type": "string", + "description": "Incident Id" + }, + "severity": { + "$ref": "#/definitions/IncidentSeverity", + "description": "The severity of the incident" + }, + "title": { + "type": "string", + "description": "The title of the incident" + }, + "relationName": { + "type": "string", + "description": "Relation Name" + } + } + }, + "IncidentLabel": { + "type": "object", + "description": "Represents an incident label", + "properties": { + "labelName": { + "type": "string", + "description": "The name of the label" + }, + "labelType": { + "$ref": "#/definitions/IncidentLabelType", + "description": "The type of the label", + "readOnly": true + } + }, + "required": [ + "labelName" + ] + }, + "IncidentLabelType": { + "type": "string", + "description": "The type of the label", + "enum": [ + "User", + "AutoAssigned" + ], + "x-ms-enum": { + "name": "IncidentLabelType", + "modelAsString": true, + "values": [ + { + "name": "User", + "value": "User", + "description": "Label manually created by a user" + }, + { + "name": "AutoAssigned", + "value": "AutoAssigned", + "description": "Label automatically created by the system" + } + ] + } + }, + "IncidentList": { + "type": "object", + "description": "List all the incidents.", + "properties": { + "value": { + "type": "array", + "description": "The Incident items on this page", + "items": { + "$ref": "#/definitions/Incident" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "IncidentOwnerInfo": { + "type": "object", + "description": "Information on the user an incident is assigned to", + "properties": { + "email": { + "type": "string", + "description": "The email of the user the incident is assigned to." + }, + "assignedTo": { + "type": "string", + "description": "The name of the user the incident is assigned to." + }, + "objectId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The object id of the user the incident is assigned to." + }, + "userPrincipalName": { + "type": "string", + "description": "The user principal name of the user the incident is assigned to." + }, + "ownerType": { + "$ref": "#/definitions/OwnerType", + "description": "The type of the owner the incident is assigned to." + } + } + }, + "IncidentProperties": { + "type": "object", + "description": "Describes incident properties", + "properties": { + "title": { + "type": "string", + "description": "The title of the incident" + }, + "description": { + "type": "string", + "description": "The description of the incident" + }, + "severity": { + "$ref": "#/definitions/IncidentSeverity", + "description": "The severity of the incident" + }, + "status": { + "$ref": "#/definitions/IncidentStatus", + "description": "The status of the incident" + }, + "classification": { + "$ref": "#/definitions/IncidentClassification", + "description": "The reason the incident was closed" + }, + "classificationReason": { + "$ref": "#/definitions/IncidentClassificationReason", + "description": "The classification reason the incident was closed with" + }, + "classificationComment": { + "type": "string", + "description": "Describes the reason the incident was closed" + }, + "owner": { + "$ref": "#/definitions/IncidentOwnerInfo", + "description": "Describes a user that the incident is assigned to" + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this incident", + "items": { + "$ref": "#/definitions/IncidentLabel" + }, + "x-ms-identifiers": [] + }, + "firstActivityTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time of the first activity in the incident" + }, + "lastActivityTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time of the last activity in the incident" + }, + "lastModifiedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The last time the incident was updated", + "readOnly": true + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the incident was created", + "readOnly": true + }, + "incidentNumber": { + "type": "integer", + "format": "int32", + "description": "A sequential number", + "readOnly": true + }, + "additionalData": { + "$ref": "#/definitions/IncidentAdditionalData", + "description": "Additional data on the incident", + "readOnly": true + }, + "relatedAnalyticRuleIds": { + "type": "array", + "description": "List of resource ids of Analytic rules related to the incident", + "items": { + "type": "string", + "format": "arm-id", + "description": "Related Analytic rule resource id", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "scopes": [ + "Extension" + ], + "type": "Microsoft.SecurityInsights/alertRules" + } + ] + } + }, + "readOnly": true + }, + "incidentUrl": { + "type": "string", + "description": "The deep-link url to the incident in Azure portal", + "readOnly": true + }, + "providerName": { + "type": "string", + "description": "The name of the source provider that generated the incident", + "readOnly": true + }, + "providerIncidentId": { + "type": "string", + "description": "The incident ID assigned by the incident provider", + "readOnly": true + } + }, + "required": [ + "title", + "severity", + "status" + ] + }, + "IncidentPropertiesAction": { + "type": "object", + "properties": { + "severity": { + "$ref": "#/definitions/IncidentSeverity", + "description": "The severity of the incident" + }, + "status": { + "$ref": "#/definitions/IncidentStatus", + "description": "The status of the incident" + }, + "classification": { + "$ref": "#/definitions/IncidentClassification", + "description": "The reason the incident was closed" + }, + "classificationReason": { + "$ref": "#/definitions/IncidentClassificationReason", + "description": "The classification reason the incident was closed with" + }, + "classificationComment": { + "type": "string", + "description": "Describes the reason the incident was closed." + }, + "owner": { + "$ref": "#/definitions/IncidentOwnerInfo", + "description": "Information on the user an incident is assigned to" + }, + "labels": { + "type": "array", + "description": "List of labels to add to the incident.", + "items": { + "$ref": "#/definitions/IncidentLabel" + }, + "x-ms-identifiers": [ + "labelName" + ] + } + } + }, + "IncidentSeverity": { + "type": "string", + "description": "The severity of the incident", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "x-ms-enum": { + "name": "IncidentSeverity", + "modelAsString": true, + "values": [ + { + "name": "High", + "value": "High", + "description": "High severity" + }, + { + "name": "Medium", + "value": "Medium", + "description": "Medium severity" + }, + { + "name": "Low", + "value": "Low", + "description": "Low severity" + }, + { + "name": "Informational", + "value": "Informational", + "description": "Informational severity" + } + ] + } + }, + "IncidentStatus": { + "type": "string", + "description": "The status of the incident", + "enum": [ + "New", + "Active", + "Closed" + ], + "x-ms-enum": { + "name": "IncidentStatus", + "modelAsString": true, + "values": [ + { + "name": "New", + "value": "New", + "description": "An active incident which isn't being handled currently" + }, + { + "name": "Active", + "value": "Active", + "description": "An active incident which is being handled" + }, + { + "name": "Closed", + "value": "Closed", + "description": "A non-active incident" + } + ] + } + }, + "IncidentTask": { + "type": "object", + "description": "Describes incident task properties", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentTaskProperties", + "description": "Describes the properties of an incident task", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "required": [ + "properties" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "IncidentTaskList": { + "type": "object", + "description": "List of incident tasks", + "properties": { + "value": { + "type": "array", + "description": "The IncidentTask items on this page", + "items": { + "$ref": "#/definitions/IncidentTask" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "IncidentTaskProperties": { + "type": "object", + "description": "Describes the properties of an incident task", + "properties": { + "title": { + "type": "string", + "description": "The title of the task" + }, + "description": { + "type": "string", + "description": "The description of the task" + }, + "status": { + "$ref": "#/definitions/IncidentTaskStatus", + "description": "The status of the task" + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the task was created", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The last time the task was updated", + "readOnly": true + }, + "createdBy": { + "$ref": "#/definitions/ClientInfo", + "description": "Information on the client (user or application) that made some action" + }, + "lastModifiedBy": { + "$ref": "#/definitions/ClientInfo", + "description": "Information on the client (user or application) that made some action" + } + }, + "required": [ + "title", + "status" + ] + }, + "IncidentTaskStatus": { + "type": "string", + "description": "The status of the task", + "enum": [ + "New", + "Completed" + ], + "x-ms-enum": { + "name": "IncidentTaskStatus", + "modelAsString": true, + "values": [ + { + "name": "New", + "value": "New", + "description": "A new task" + }, + { + "name": "Completed", + "value": "Completed", + "description": "A completed task" + } + ] + } + }, + "InstructionStep": { + "type": "object", + "description": "Instruction steps to enable the connector.", + "properties": { + "title": { + "type": "string", + "description": "Gets or sets the instruction step title." + }, + "description": { + "type": "string", + "description": "Gets or sets the instruction step description." + }, + "instructions": { + "type": "array", + "description": "Gets or sets the instruction step details.", + "items": { + "$ref": "#/definitions/InstructionStepDetails" + }, + "x-ms-identifiers": [] + }, + "innerSteps": { + "type": "array", + "description": "Gets or sets the inner instruction steps details.\nFor Example: instruction step 1 might contain inner instruction steps: [instruction step 1.1, instruction step 1.2].", + "items": { + "$ref": "#/definitions/InstructionStep" + }, + "x-ms-identifiers": [] + } + } + }, + "InstructionStepDetails": { + "type": "object", + "description": "Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.", + "properties": { + "parameters": { + "description": "Gets or sets the instruction type parameters settings." + }, + "type": { + "type": "string", + "description": "Gets or sets the instruction type name." + } + }, + "required": [ + "parameters", + "type" + ] + }, + "IoTDeviceEntity": { + "type": "object", + "description": "Represents an IoT device entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDeviceEntityProperties", + "description": "IoTDevice entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "IoTDevice" + }, + "IoTDeviceEntityProperties": { + "type": "object", + "description": "IoTDevice entity property bag.", + "properties": { + "deviceId": { + "type": "string", + "description": "The ID of the IoT Device in the IoT Hub", + "readOnly": true + }, + "deviceName": { + "type": "string", + "description": "The friendly name of the device", + "readOnly": true + }, + "source": { + "type": "string", + "description": "The source of the device", + "readOnly": true + }, + "iotSecurityAgentId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The ID of the security agent running on the device", + "readOnly": true + }, + "deviceType": { + "type": "string", + "description": "The type of the device", + "readOnly": true + }, + "vendor": { + "type": "string", + "description": "The vendor of the device", + "readOnly": true + }, + "edgeId": { + "type": "string", + "description": "The ID of the edge device", + "readOnly": true + }, + "macAddress": { + "type": "string", + "description": "The MAC address of the device", + "readOnly": true + }, + "model": { + "type": "string", + "description": "The model of the device", + "readOnly": true + }, + "serialNumber": { + "type": "string", + "description": "The serial number of the device", + "readOnly": true + }, + "firmwareVersion": { + "type": "string", + "description": "The firmware version of the device", + "readOnly": true + }, + "operatingSystem": { + "type": "string", + "description": "The operating system of the device", + "readOnly": true + }, + "iotHubEntityId": { + "type": "string", + "description": "The AzureResource entity id of the IoT Hub", + "readOnly": true + }, + "hostEntityId": { + "type": "string", + "description": "The Host entity id of this device", + "readOnly": true + }, + "ipAddressEntityId": { + "type": "string", + "description": "The IP entity if of this device", + "readOnly": true + }, + "threatIntelligence": { + "type": "array", + "description": "A list of TI contexts attached to the IoTDevice entity.", + "items": { + "$ref": "#/definitions/threatIntelligence" + }, + "readOnly": true, + "x-ms-identifiers": [] + }, + "protocols": { + "type": "array", + "description": "A list of protocols of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "IpEntity": { + "type": "object", + "description": "Represents an ip entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IpEntityProperties", + "description": "Ip entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Ip" + }, + "IpEntityProperties": { + "type": "object", + "description": "Ip entity property bag.", + "properties": { + "address": { + "type": "string", + "description": "The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)", + "readOnly": true + }, + "location": { + "$ref": "#/definitions/GeoLocation", + "description": "The geo-location context attached to the ip entity", + "readOnly": true + }, + "threatIntelligence": { + "type": "array", + "description": "A list of TI contexts attached to the ip entity.", + "items": { + "$ref": "#/definitions/threatIntelligence" + }, + "readOnly": true, + "x-ms-identifiers": [] + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "JwtAuthModel": { + "type": "object", + "description": "Model for API authentication with JWT. Simple exchange between user name + password to access token.", + "properties": { + "tokenEndpoint": { + "type": "string", + "description": "Token endpoint to request JWT" + }, + "userName": { + "type": "object", + "description": "The user name. If user name and password sent in header request we only need to populate the `value` property with the user name (Same as basic auth). If user name and password sent in body request we need to specify the `Key` and `Value`.", + "additionalProperties": { + "type": "string" + } + }, + "password": { + "type": "object", + "format": "password", + "description": "The password", + "additionalProperties": { + "type": "string" + }, + "x-ms-secret": true + }, + "queryParameters": { + "type": "object", + "description": "The custom query parameter we want to add once we send request to token endpoint.", + "additionalProperties": { + "type": "string" + } + }, + "headers": { + "type": "object", + "description": "The custom headers we want to add once we send request to token endpoint.", + "additionalProperties": { + "type": "string" + } + }, + "isCredentialsInHeaders": { + "type": "boolean", + "description": "Flag indicating whether we want to send the user name and password to token endpoint in the headers.", + "x-nullable": true + }, + "isJsonRequest": { + "type": "boolean", + "description": "Flag indicating whether the body request is JSON (header Content-Type = application/json), meaning its a Form URL encoded request (header Content-Type = application/x-www-form-urlencoded).", + "default": false, + "x-nullable": true + }, + "requestTimeoutInSeconds": { + "type": "integer", + "format": "int32", + "description": "Request timeout in seconds.", + "default": 100, + "maximum": 180 + } + }, + "required": [ + "tokenEndpoint", + "userName", + "password" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "JwtToken" + }, + "KillChainIntent": { + "type": "string", + "description": "The intent of the alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "x-ms-enum": { + "name": "KillChainIntent", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "The default value." + }, + { + "name": "Probing", + "value": "Probing", + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in." + }, + { + "name": "Exploitation", + "value": "Exploitation", + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage." + }, + { + "name": "Persistence", + "value": "Persistence", + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access." + }, + { + "name": "PrivilegeEscalation", + "value": "PrivilegeEscalation", + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege." + }, + { + "name": "DefenseEvasion", + "value": "DefenseEvasion", + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation." + }, + { + "name": "CredentialAccess", + "value": "CredentialAccess", + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment." + }, + { + "name": "Discovery", + "value": "Discovery", + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must navigate themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase." + }, + { + "name": "LateralMovement", + "value": "LateralMovement", + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect." + }, + { + "name": "Execution", + "value": "Execution", + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network." + }, + { + "name": "Collection", + "value": "Collection", + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate." + }, + { + "name": "Exfiltration", + "value": "Exfiltration", + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate." + }, + { + "name": "CommandAndControl", + "value": "CommandAndControl", + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network." + }, + { + "name": "Impact", + "value": "Impact", + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others." + } + ] + } + }, + "Kind": { + "type": "string", + "description": "The kind of content the metadata is for.", + "enum": [ + "DataConnector", + "DataType", + "Workbook", + "WorkbookTemplate", + "Playbook", + "PlaybookTemplate", + "AnalyticsRuleTemplate", + "AnalyticsRule", + "HuntingQuery", + "InvestigationQuery", + "Parser", + "Watchlist", + "WatchlistTemplate", + "Solution", + "AzureFunction", + "LogicAppsCustomConnector", + "AutomationRule", + "ResourcesDataConnector", + "Notebook", + "Standalone", + "SummaryRule" + ], + "x-ms-enum": { + "name": "Kind", + "modelAsString": true, + "values": [ + { + "name": "DataConnector", + "value": "DataConnector", + "description": "DataConnector" + }, + { + "name": "DataType", + "value": "DataType", + "description": "DataType" + }, + { + "name": "Workbook", + "value": "Workbook", + "description": "Workbook" + }, + { + "name": "WorkbookTemplate", + "value": "WorkbookTemplate", + "description": "WorkbookTemplate" + }, + { + "name": "Playbook", + "value": "Playbook", + "description": "Playbook" + }, + { + "name": "PlaybookTemplate", + "value": "PlaybookTemplate", + "description": "PlaybookTemplate" + }, + { + "name": "AnalyticsRuleTemplate", + "value": "AnalyticsRuleTemplate", + "description": "AnalyticsRuleTemplate" + }, + { + "name": "AnalyticsRule", + "value": "AnalyticsRule", + "description": "AnalyticsRule" + }, + { + "name": "HuntingQuery", + "value": "HuntingQuery", + "description": "HuntingQuery" + }, + { + "name": "InvestigationQuery", + "value": "InvestigationQuery", + "description": "InvestigationQuery" + }, + { + "name": "Parser", + "value": "Parser", + "description": "Parser" + }, + { + "name": "Watchlist", + "value": "Watchlist", + "description": "Watchlist" + }, + { + "name": "WatchlistTemplate", + "value": "WatchlistTemplate", + "description": "WatchlistTemplate" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "AzureFunction", + "value": "AzureFunction", + "description": "AzureFunction" + }, + { + "name": "LogicAppsCustomConnector", + "value": "LogicAppsCustomConnector", + "description": "LogicAppsCustomConnector" + }, + { + "name": "AutomationRule", + "value": "AutomationRule", + "description": "AutomationRule" + }, + { + "name": "ResourcesDataConnector", + "value": "ResourcesDataConnector", + "description": "ResourcesDataConnector" + }, + { + "name": "Notebook", + "value": "Notebook", + "description": "Notebook" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + }, + { + "name": "SummaryRule", + "value": "SummaryRule", + "description": "SummaryRule" + } + ] + } + }, + "MCASDataConnector": { + "type": "object", + "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASDataConnectorProperties", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "discoveryLogs": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Discovery log data type connection." + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + } + ] + }, + "MCASDataConnectorProperties": { + "type": "object", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MCASDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MDATPDataConnector": { + "type": "object", + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPDataConnectorProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPDataConnectorProperties": { + "type": "object", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "properties": { + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "required": [ + "tenantId" + ] + }, + "MSTIDataConnector": { + "type": "object", + "description": "Represents Microsoft Threat Intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTIDataConnectorProperties", + "description": "Microsoft Threat Intelligence data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTIDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector.", + "properties": { + "microsoftEmergingThreatFeed": { + "$ref": "#/definitions/MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed", + "description": "Data type for Microsoft Threat Intelligence Platforms data connector." + } + }, + "required": [ + "microsoftEmergingThreatFeed" + ] + }, + "MSTIDataConnectorProperties": { + "type": "object", + "description": "Microsoft Threat Intelligence data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MSTIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "MailClusterEntity": { + "type": "object", + "description": "Represents a mail cluster entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailClusterEntityProperties", + "description": "Mail cluster entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "MailCluster" + }, + "MailClusterEntityProperties": { + "type": "object", + "description": "Mail cluster entity property bag.", + "properties": { + "networkMessageIds": { + "type": "array", + "description": "The mail message IDs that are part of the mail cluster", + "items": { + "type": "string" + }, + "readOnly": true + }, + "countByDeliveryStatus": { + "description": "Count of mail messages by DeliveryStatus string representation", + "readOnly": true + }, + "countByThreatType": { + "description": "Count of mail messages by ThreatType string representation", + "readOnly": true + }, + "countByProtectionStatus": { + "description": "Count of mail messages by ProtectionStatus string representation", + "readOnly": true + }, + "threats": { + "type": "array", + "description": "The threats of mail messages that are part of the mail cluster", + "items": { + "type": "string" + }, + "readOnly": true + }, + "query": { + "type": "string", + "description": "The query that was used to identify the messages of the mail cluster", + "readOnly": true + }, + "queryTime": { + "type": "string", + "format": "date-time", + "description": "The query time", + "readOnly": true + }, + "mailCount": { + "type": "integer", + "format": "int32", + "description": "The number of mail messages that are part of the mail cluster", + "readOnly": true + }, + "isVolumeAnomaly": { + "type": "boolean", + "description": "Is this a volume anomaly mail cluster", + "readOnly": true + }, + "source": { + "type": "string", + "description": "The source of the mail cluster (default is 'O365 ATP')", + "readOnly": true + }, + "clusterSourceIdentifier": { + "type": "string", + "description": "The id of the cluster source", + "readOnly": true + }, + "clusterSourceType": { + "type": "string", + "description": "The type of the cluster source", + "readOnly": true + }, + "clusterQueryStartTime": { + "type": "string", + "format": "date-time", + "description": "The cluster query start time", + "readOnly": true + }, + "clusterQueryEndTime": { + "type": "string", + "format": "date-time", + "description": "The cluster query end time", + "readOnly": true + }, + "clusterGroup": { + "type": "string", + "description": "The cluster group", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "MailMessageEntity": { + "type": "object", + "description": "Represents a mail message entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailMessageEntityProperties", + "description": "Mail message entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "MailMessage" + }, + "MailMessageEntityProperties": { + "type": "object", + "description": "Mail message entity property bag.", + "properties": { + "fileEntityIds": { + "type": "array", + "description": "The File entity ids of this mail message's attachments", + "items": { + "type": "string" + }, + "readOnly": true + }, + "recipient": { + "type": "string", + "description": "The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient", + "readOnly": true + }, + "urls": { + "type": "array", + "description": "The Urls contained in this mail message", + "items": { + "type": "string" + }, + "readOnly": true + }, + "threats": { + "type": "array", + "description": "The threats of this mail message", + "items": { + "type": "string" + }, + "readOnly": true + }, + "p1Sender": { + "type": "string", + "description": "The p1 sender's email address", + "readOnly": true + }, + "p1SenderDisplayName": { + "type": "string", + "description": "The p1 sender's display name", + "readOnly": true + }, + "p1SenderDomain": { + "type": "string", + "description": "The p1 sender's domain", + "readOnly": true + }, + "senderIP": { + "type": "string", + "description": "The sender's IP address", + "readOnly": true + }, + "p2Sender": { + "type": "string", + "description": "The p2 sender's email address", + "readOnly": true + }, + "p2SenderDisplayName": { + "type": "string", + "description": "The p2 sender's display name", + "readOnly": true + }, + "p2SenderDomain": { + "type": "string", + "description": "The p2 sender's domain", + "readOnly": true + }, + "receiveDate": { + "type": "string", + "format": "date-time", + "description": "The receive date of this message", + "readOnly": true + }, + "networkMessageId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The network message id of this mail message", + "readOnly": true + }, + "internetMessageId": { + "type": "string", + "description": "The internet message id of this mail message", + "readOnly": true + }, + "subject": { + "type": "string", + "description": "The subject of this mail message", + "readOnly": true + }, + "language": { + "type": "string", + "description": "The language of this mail message", + "readOnly": true + }, + "threatDetectionMethods": { + "type": "array", + "description": "The threat detection methods", + "items": { + "type": "string" + }, + "readOnly": true + }, + "bodyFingerprintBin1": { + "type": "integer", + "format": "int32", + "description": "The bodyFingerprintBin1" + }, + "bodyFingerprintBin2": { + "type": "integer", + "format": "int32", + "description": "The bodyFingerprintBin2" + }, + "bodyFingerprintBin3": { + "type": "integer", + "format": "int32", + "description": "The bodyFingerprintBin3" + }, + "bodyFingerprintBin4": { + "type": "integer", + "format": "int32", + "description": "The bodyFingerprintBin4" + }, + "bodyFingerprintBin5": { + "type": "integer", + "format": "int32", + "description": "The bodyFingerprintBin5" + }, + "antispamDirection": { + "$ref": "#/definitions/AntispamMailDirection", + "description": "The directionality of this mail message" + }, + "deliveryAction": { + "$ref": "#/definitions/DeliveryAction", + "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc" + }, + "deliveryLocation": { + "$ref": "#/definitions/DeliveryLocation", + "description": "The delivery location of this mail message like Inbox, JunkFolder etc" + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "MailboxEntity": { + "type": "object", + "description": "Represents a mailbox entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailboxEntityProperties", + "description": "Mailbox entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Mailbox" + }, + "MailboxEntityProperties": { + "type": "object", + "description": "Mailbox entity property bag.", + "properties": { + "mailboxPrimaryAddress": { + "type": "string", + "description": "The mailbox's primary address", + "readOnly": true + }, + "displayName": { + "type": "string", + "description": "The mailbox's display name", + "readOnly": true + }, + "upn": { + "type": "string", + "description": "The mailbox's UPN", + "readOnly": true + }, + "externalDirectoryObjectId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "MalwareEntity": { + "type": "object", + "description": "Represents a malware entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MalwareEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Malware" + }, + "MalwareEntityProperties": { + "type": "object", + "description": "Malware entity property bag.", + "properties": { + "category": { + "type": "string", + "description": "The malware category by the vendor, e.g. Trojan", + "readOnly": true + }, + "fileEntityIds": { + "type": "array", + "description": "List of linked file entity identifiers on which the malware was found", + "items": { + "type": "string" + }, + "readOnly": true + }, + "malwareName": { + "type": "string", + "description": "The malware name by the vendor, e.g. Win32/Toga!rfn", + "readOnly": true + }, + "processEntityIds": { + "type": "array", + "description": "List of linked process entity identifiers on which the malware was found.", + "items": { + "type": "string" + }, + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "ManualTriggerRequestBody": { + "type": "object", + "properties": { + "tenantId": { + "$ref": "#/definitions/Azure.Core.uuid" + }, + "logicAppsResourceId": { + "type": "string", + "format": "arm-id", + "description": "Related Analytic rule resource id", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "type": "Microsoft.Logic/workflows" + }, + { + "type": "Microsoft.Web/sites" + } + ] + } + } + }, + "required": [ + "logicAppsResourceId" + ] + }, + "MatchingMethod": { + "type": "string", + "description": "Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.", + "enum": [ + "AllEntities", + "AnyAlert", + "Selected" + ], + "x-ms-enum": { + "name": "MatchingMethod", + "modelAsString": true, + "values": [ + { + "name": "AllEntities", + "value": "AllEntities", + "description": "Grouping alerts into a single incident if all the entities match" + }, + { + "name": "AnyAlert", + "value": "AnyAlert", + "description": "Grouping any alerts triggered by this rule into a single incident" + }, + { + "name": "Selected", + "value": "Selected", + "description": "Grouping alerts into a single incident if the selected entities, custom details and alert details match" + } + ] + } + }, + "MetadataDependencyOperator": { + "type": "string", + "description": "Operator used for list of dependencies in criteria array.", + "enum": [ + "AND", + "OR" + ], + "x-ms-enum": { + "name": "MetadataDependencyOperator", + "modelAsString": true, + "values": [ + { + "name": "AND", + "value": "AND", + "description": "AND" + }, + { + "name": "OR", + "value": "OR", + "description": "OR" + } + ] + } + }, + "MetadataList": { + "type": "object", + "description": "List of all the metadata.", + "properties": { + "value": { + "type": "array", + "description": "The MetadataModel items on this page", + "items": { + "$ref": "#/definitions/MetadataModel" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "MetadataModel": { + "type": "object", + "description": "Metadata resource definition.", + "properties": { + "properties": { + "$ref": "#/definitions/metadataProperties", + "description": "Metadata properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "MicrosoftSecurityIncidentCreationAlertRule": { + "type": "object", + "description": "Represents MicrosoftSecurityIncidentCreation rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", + "description": "MicrosoftSecurityIncidentCreation rule properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { + "type": "object", + "description": "MicrosoftSecurityIncidentCreation rule common property bag.", + "properties": { + "displayNamesFilter": { + "type": "array", + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + } + }, + "displayNamesExcludeFilter": { + "type": "array", + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + } + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "type": "array", + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "#/definitions/AlertSeverity" + } + } + }, + "required": [ + "productFilter" + ] + }, + "MicrosoftSecurityIncidentCreationAlertRuleProperties": { + "type": "object", + "description": "MicrosoftSecurityIncidentCreation rule property bag.", + "properties": { + "alertRuleTemplateName": { + "type": "string", + "description": "The Name of the alert rule template used to create this rule." + }, + "description": { + "type": "string", + "description": "The description of the alert rule." + }, + "displayName": { + "type": "string", + "description": "The display name for alerts created by this alert rule." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert has been modified.", + "readOnly": true + } + }, + "required": [ + "displayName", + "enabled" + ], + "allOf": [ + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ] + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { + "type": "object", + "description": "Represents MicrosoftSecurityIncidentCreation rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": { + "type": "object", + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "properties": { + "displayNamesFilter": { + "type": "array", + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + } + }, + "displayNamesExcludeFilter": { + "type": "array", + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + } + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "type": "array", + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "#/definitions/AlertSeverity" + } + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ] + }, + "MicrosoftSecurityProductName": { + "type": "string", + "description": "The alerts' productName on which the cases will be generated", + "enum": [ + "Microsoft Cloud App Security", + "Azure Security Center", + "Azure Advanced Threat Protection", + "Azure Active Directory Identity Protection", + "Azure Security Center for IoT" + ], + "x-ms-enum": { + "name": "MicrosoftSecurityProductName", + "modelAsString": true, + "values": [ + { + "name": "Microsoft Cloud App Security", + "value": "Microsoft Cloud App Security", + "description": "Microsoft Cloud App Security" + }, + { + "name": "Azure Security Center", + "value": "Azure Security Center", + "description": "Azure Security Center" + }, + { + "name": "Azure Advanced Threat Protection", + "value": "Azure Advanced Threat Protection", + "description": "Azure Advanced Threat Protection" + }, + { + "name": "Azure Active Directory Identity Protection", + "value": "Azure Active Directory Identity Protection", + "description": "Azure Active Directory Identity Protection" + }, + { + "name": "Azure Security Center for IoT", + "value": "Azure Security Center for IoT", + "description": "Azure Security Center for IoT" + } + ] + } + }, + "MstiDataConnectorDataTypesMicrosoftEmergingThreatFeed": { + "type": "object", + "description": "Data type for Microsoft Threat Intelligence Platforms data connector.", + "properties": { + "lookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the feed to be imported." + } + }, + "required": [ + "lookbackPeriod" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "NoneAuthModel": { + "type": "object", + "description": "Model for API authentication with no authentication method - public API.", + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "None" + }, + "OAuthModel": { + "type": "object", + "description": "Model for API authentication with OAuth2.", + "properties": { + "authorizationCode": { + "type": "string", + "format": "password", + "description": "The user's authorization code.", + "x-ms-secret": true + }, + "clientSecret": { + "type": "string", + "format": "password", + "description": "The Application (client) secret that the OAuth provider assigned to your app.", + "x-ms-secret": true + }, + "clientId": { + "type": "string", + "description": "The Application (client) ID that the OAuth provider assigned to your app." + }, + "isCredentialsInHeaders": { + "type": "boolean", + "description": "Indicating whether we want to send the clientId and clientSecret to token endpoint in the headers.", + "default": false, + "x-nullable": true + }, + "scope": { + "type": "string", + "description": "The Application (client) Scope that the OAuth provider assigned to your app." + }, + "redirectUri": { + "type": "string", + "format": "uri", + "description": "The Application redirect url that the user config in the OAuth provider." + }, + "grantType": { + "type": "string", + "description": "The grant type, usually will be 'authorization code'." + }, + "tokenEndpoint": { + "type": "string", + "description": "The token endpoint. Defines the OAuth2 refresh token." + }, + "tokenEndpointHeaders": { + "type": "object", + "description": "The token endpoint headers.", + "additionalProperties": { + "type": "string" + } + }, + "tokenEndpointQueryParameters": { + "type": "object", + "description": "The token endpoint query parameters.", + "additionalProperties": { + "type": "string" + } + }, + "authorizationEndpoint": { + "type": "string", + "description": "The authorization endpoint." + }, + "authorizationEndpointHeaders": { + "type": "object", + "description": "The authorization endpoint headers.", + "additionalProperties": { + "type": "string" + } + }, + "authorizationEndpointQueryParameters": { + "type": "object", + "description": "The authorization endpoint query parameters.", + "additionalProperties": { + "type": "string" + } + }, + "isJwtBearerFlow": { + "type": "boolean", + "description": "A value indicating whether it's a JWT flow." + }, + "accessTokenPrepend": { + "type": "string", + "description": "Access token prepend. Default is 'Bearer'." + } + }, + "required": [ + "clientSecret", + "clientId", + "grantType", + "tokenEndpoint" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "OAuth2" + }, + "OSFamily": { + "type": "string", + "description": "The operating system type.", + "enum": [ + "Linux", + "Windows", + "Android", + "IOS", + "Unknown" + ], + "x-ms-enum": { + "name": "OSFamily", + "modelAsString": false, + "values": [ + { + "name": "Linux", + "value": "Linux", + "description": "Host with Linux operating system." + }, + { + "name": "Windows", + "value": "Windows", + "description": "Host with Windows operating system." + }, + { + "name": "Android", + "value": "Android", + "description": "Host with Android operating system." + }, + { + "name": "IOS", + "value": "IOS", + "description": "Host with IOS operating system." + }, + { + "name": "Unknown", + "value": "Unknown", + "description": "Host with Unknown operating system." + } + ] + } + }, + "OfficeDataConnector": { + "type": "object", + "description": "Represents office data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeDataConnectorProperties", + "description": "Office data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "Office365" + }, + "OfficeDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for office data connector.", + "properties": { + "exchange": { + "$ref": "#/definitions/OfficeDataConnectorDataTypesExchange", + "description": "Exchange data type connection." + }, + "sharePoint": { + "$ref": "#/definitions/OfficeDataConnectorDataTypesSharePoint", + "description": "SharePoint data type connection." + }, + "teams": { + "$ref": "#/definitions/OfficeDataConnectorDataTypesTeams", + "description": "Teams data type connection." + } + }, + "required": [ + "exchange", + "sharePoint", + "teams" + ] + }, + "OfficeDataConnectorDataTypesExchange": { + "type": "object", + "description": "Exchange data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "OfficeDataConnectorDataTypesSharePoint": { + "type": "object", + "description": "SharePoint data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "OfficeDataConnectorDataTypesTeams": { + "type": "object", + "description": "Teams data type connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "OfficeDataConnectorProperties": { + "type": "object", + "description": "Office data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficeDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "Operation": { + "type": "object", + "description": "Operation provided by provider", + "properties": { + "display": { + "$ref": "#/definitions/OperationDisplay", + "description": "Properties of the operation" + }, + "name": { + "type": "string", + "description": "Name of the operation" + }, + "origin": { + "type": "string", + "description": "The origin of the operation" + }, + "isDataAction": { + "type": "boolean", + "description": "Indicates whether the operation is a data action" + } + } + }, + "OperationDisplay": { + "type": "object", + "description": "Properties of the operation", + "properties": { + "description": { + "type": "string", + "description": "Description of the operation" + }, + "operation": { + "type": "string", + "description": "Operation name" + }, + "provider": { + "type": "string", + "description": "Provider name" + }, + "resource": { + "type": "string", + "description": "Resource name" + } + } + }, + "OperationsList": { + "type": "object", + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "type": "string", + "description": "URL to fetch the next set of operations.", + "readOnly": true + }, + "value": { + "type": "array", + "description": "Array of operations", + "items": { + "$ref": "#/definitions/Operation" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ] + }, + "OracleAuthModel": { + "type": "object", + "description": "Model for API authentication for Oracle.", + "properties": { + "tenantId": { + "type": "string", + "description": "Oracle tenant ID" + }, + "userId": { + "type": "string", + "description": "Oracle user ID" + }, + "publicFingerprint": { + "type": "string", + "description": "Public Fingerprint" + }, + "pemFile": { + "type": "string", + "description": "Content of the PRM file" + } + }, + "required": [ + "tenantId", + "userId", + "publicFingerprint", + "pemFile" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "Oracle" + }, + "OwnerType": { + "type": "string", + "description": "The type of the owner the hunt is assigned to.", + "enum": [ + "Unknown", + "User", + "Group" + ], + "x-ms-enum": { + "name": "OwnerType", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "The hunt owner type is unknown" + }, + { + "name": "User", + "value": "User", + "description": "The hunt owner type is an AAD user" + }, + { + "name": "Group", + "value": "Group", + "description": "The hunt owner type is an AAD group" + } + ] + } + }, + "PackageKind": { + "type": "string", + "description": "The package kind", + "enum": [ + "Solution", + "Standalone" + ], + "x-ms-enum": { + "name": "PackageKind", + "modelAsString": true, + "values": [ + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + } + ] + } + }, + "PlaybookActionProperties": { + "type": "object", + "properties": { + "logicAppResourceId": { + "type": "string", + "format": "arm-id", + "description": "The resource id of the playbook resource.", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "type": "Microsoft.Logic/workflows" + }, + { + "type": "Microsoft.Web/sites" + } + ] + } + }, + "tenantId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The tenant id of the playbook resource." + } + }, + "required": [ + "logicAppResourceId" + ] + }, + "PremiumMdtiDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for Microsoft Defender for Threat Intelligence Premium data connector.", + "properties": { + "connector": { + "$ref": "#/definitions/PremiumMdtiDataConnectorDataTypesConnector", + "description": "Data type for Microsoft Defender for Threat Intelligence Premium data connector." + } + }, + "required": [ + "connector" + ] + }, + "PremiumMdtiDataConnectorDataTypesConnector": { + "type": "object", + "description": "Data type for Microsoft Defender for Threat Intelligence Premium data connector.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "PremiumMdtiDataConnectorProperties": { + "type": "object", + "description": "Microsoft Defender for Threat Intelligence Premium data connector properties.", + "properties": { + "lookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the feed to be imported. The date-time to begin importing the feed from, for example: 2024-01-01T00:00:00.000Z." + }, + "requiredSKUsPresent": { + "type": "boolean", + "description": "The flag to indicate whether the tenant has the premium SKU required to access this connector." + }, + "dataTypes": { + "$ref": "#/definitions/PremiumMdtiDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "lookbackPeriod", + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "PremiumMicrosoftDefenderForThreatIntelligence": { + "type": "object", + "description": "Represents Microsoft Defender for Threat Intelligence Premium data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/PremiumMdtiDataConnectorProperties", + "description": "Microsoft Defender for Threat Intelligence Premium data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "PremiumMicrosoftDefenderForThreatIntelligence" + }, + "ProcessEntity": { + "type": "object", + "description": "Represents a process entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ProcessEntityProperties", + "description": "Process entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Process" + }, + "ProcessEntityProperties": { + "type": "object", + "description": "Process entity property bag.", + "properties": { + "accountEntityId": { + "type": "string", + "description": "The account entity id running the processes.", + "readOnly": true + }, + "commandLine": { + "type": "string", + "description": "The command line used to create the process", + "readOnly": true + }, + "creationTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time when the process started to run", + "readOnly": true + }, + "elevationToken": { + "$ref": "#/definitions/ElevationToken", + "description": "The elevation token associated with the process." + }, + "hostEntityId": { + "type": "string", + "description": "The host entity id on which the process was running", + "readOnly": true + }, + "hostLogonSessionEntityId": { + "type": "string", + "description": "The session entity id in which the process was running", + "readOnly": true + }, + "imageFileEntityId": { + "type": "string", + "description": "Image file entity id", + "readOnly": true + }, + "parentProcessEntityId": { + "type": "string", + "description": "The parent process entity id.", + "readOnly": true + }, + "processId": { + "type": "string", + "description": "The process ID", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "PropertyArrayChangedConditionProperties": { + "type": "object", + "description": "Describes an automation rule condition that evaluates an array property's value change", + "properties": { + "conditionProperties": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedValuesCondition" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "x-ms-discriminator-value": "PropertyArrayChanged" + }, + "PropertyArrayConditionProperties": { + "type": "object", + "description": "Describes an automation rule condition that evaluates an array property's value", + "properties": { + "conditionProperties": { + "$ref": "#/definitions/AutomationRulePropertyArrayValuesCondition" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "x-ms-discriminator-value": "PropertyArray" + }, + "PropertyChangedConditionProperties": { + "type": "object", + "description": "Describes an automation rule condition that evaluates a property's value change", + "properties": { + "conditionProperties": { + "$ref": "#/definitions/AutomationRulePropertyValuesChangedCondition" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "x-ms-discriminator-value": "PropertyChanged" + }, + "PropertyConditionProperties": { + "type": "object", + "description": "Describes an automation rule condition that evaluates a property's value", + "properties": { + "conditionProperties": { + "$ref": "#/definitions/AutomationRulePropertyValuesCondition" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "x-ms-discriminator-value": "Property" + }, + "ProviderPermissionsScope": { + "type": "string", + "description": "The scope on which the user should have permissions, in order to be able to create connections.", + "enum": [ + "Subscription", + "ResourceGroup", + "Workspace" + ], + "x-ms-enum": { + "name": "ProviderPermissionsScope", + "modelAsString": true, + "values": [ + { + "name": "Subscription", + "value": "Subscription", + "description": "Subscription" + }, + { + "name": "ResourceGroup", + "value": "ResourceGroup", + "description": "ResourceGroup" + }, + { + "name": "Workspace", + "value": "Workspace", + "description": "Workspace" + } + ] + } + }, + "PullRequest": { + "type": "object", + "description": "Information regarding pull request for protected branches.", + "properties": { + "url": { + "type": "string", + "description": "URL of pull request", + "readOnly": true + }, + "state": { + "$ref": "#/definitions/PullRequestState", + "description": "State of the pull request", + "readOnly": true + } + } + }, + "PullRequestState": { + "type": "string", + "description": "Status of the pull request.", + "enum": [ + "Open", + "Closed" + ], + "x-ms-enum": { + "name": "PullRequestState", + "modelAsString": true, + "values": [ + { + "name": "Open", + "value": "Open", + "description": "Open" + }, + { + "name": "Closed", + "value": "Closed", + "description": "Closed" + } + ] + } + }, + "RegistryHive": { + "type": "string", + "description": "the hive that holds the registry key.", + "enum": [ + "HKEY_LOCAL_MACHINE", + "HKEY_CLASSES_ROOT", + "HKEY_CURRENT_CONFIG", + "HKEY_USERS", + "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "HKEY_PERFORMANCE_DATA", + "HKEY_PERFORMANCE_NLSTEXT", + "HKEY_PERFORMANCE_TEXT", + "HKEY_A", + "HKEY_CURRENT_USER" + ], + "x-ms-enum": { + "name": "RegistryHive", + "modelAsString": true, + "values": [ + { + "name": "HKEY_LOCAL_MACHINE", + "value": "HKEY_LOCAL_MACHINE", + "description": "HKEY_LOCAL_MACHINE" + }, + { + "name": "HKEY_CLASSES_ROOT", + "value": "HKEY_CLASSES_ROOT", + "description": "HKEY_CLASSES_ROOT" + }, + { + "name": "HKEY_CURRENT_CONFIG", + "value": "HKEY_CURRENT_CONFIG", + "description": "HKEY_CURRENT_CONFIG" + }, + { + "name": "HKEY_USERS", + "value": "HKEY_USERS", + "description": "HKEY_USERS" + }, + { + "name": "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "description": "HKEY_CURRENT_USER_LOCAL_SETTINGS" + }, + { + "name": "HKEY_PERFORMANCE_DATA", + "value": "HKEY_PERFORMANCE_DATA", + "description": "HKEY_PERFORMANCE_DATA" + }, + { + "name": "HKEY_PERFORMANCE_NLSTEXT", + "value": "HKEY_PERFORMANCE_NLSTEXT", + "description": "HKEY_PERFORMANCE_NLSTEXT" + }, + { + "name": "HKEY_PERFORMANCE_TEXT", + "value": "HKEY_PERFORMANCE_TEXT", + "description": "HKEY_PERFORMANCE_TEXT" + }, + { + "name": "HKEY_A", + "value": "HKEY_A", + "description": "HKEY_A" + }, + { + "name": "HKEY_CURRENT_USER", + "value": "HKEY_CURRENT_USER", + "description": "HKEY_CURRENT_USER" + } + ] + } + }, + "RegistryKeyEntity": { + "type": "object", + "description": "Represents a registry key entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryKeyEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "RegistryKey" + }, + "RegistryKeyEntityProperties": { + "type": "object", + "description": "RegistryKey entity property bag.", + "properties": { + "hive": { + "$ref": "#/definitions/RegistryHive", + "description": "the hive that holds the registry key.", + "readOnly": true + }, + "key": { + "type": "string", + "description": "The registry key path.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "RegistryValueEntity": { + "type": "object", + "description": "Represents a registry value entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryValueEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "RegistryValue" + }, + "RegistryValueEntityProperties": { + "type": "object", + "description": "RegistryValue entity property bag.", + "properties": { + "keyEntityId": { + "type": "string", + "description": "The registry key entity id.", + "readOnly": true + }, + "valueData": { + "type": "string", + "description": "String formatted representation of the value data.", + "readOnly": true + }, + "valueName": { + "type": "string", + "description": "The registry value name.", + "readOnly": true + }, + "valueType": { + "$ref": "#/definitions/RegistryValueKind", + "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "RegistryValueKind": { + "type": "string", + "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", + "enum": [ + "None", + "Unknown", + "String", + "ExpandString", + "Binary", + "DWord", + "MultiString", + "QWord" + ], + "x-ms-enum": { + "name": "RegistryValueKind", + "modelAsString": true, + "values": [ + { + "name": "None", + "value": "None", + "description": "None" + }, + { + "name": "Unknown", + "value": "Unknown", + "description": "Unknown value type" + }, + { + "name": "String", + "value": "String", + "description": "String value type" + }, + { + "name": "ExpandString", + "value": "ExpandString", + "description": "ExpandString value type" + }, + { + "name": "Binary", + "value": "Binary", + "description": "Binary value type" + }, + { + "name": "DWord", + "value": "DWord", + "description": "DWord value type" + }, + { + "name": "MultiString", + "value": "MultiString", + "description": "MultiString value type" + }, + { + "name": "QWord", + "value": "QWord", + "description": "QWord value type" + } + ] + } + }, + "Relation": { + "type": "object", + "description": "Represents a relation between two resources", + "properties": { + "properties": { + "$ref": "#/definitions/RelationProperties", + "description": "Relation properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "RelationList": { + "type": "object", + "description": "List of relations.", + "properties": { + "value": { + "type": "array", + "description": "The Relation items on this page", + "items": { + "$ref": "#/definitions/Relation" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items", + "readOnly": true + } + }, + "required": [ + "value" + ] + }, + "RelationProperties": { + "type": "object", + "description": "Relation property bag.", + "properties": { + "relatedResourceId": { + "type": "string", + "description": "The resource ID of the related resource" + }, + "relatedResourceName": { + "type": "string", + "description": "The name of the related resource", + "readOnly": true + }, + "relatedResourceType": { + "type": "string", + "description": "The resource type of the related resource", + "readOnly": true + }, + "relatedResourceKind": { + "type": "string", + "description": "The resource kind of the related resource", + "readOnly": true + } + }, + "required": [ + "relatedResourceId" + ] + }, + "Repo": { + "type": "object", + "description": "Represents a repository.", + "properties": { + "url": { + "type": "string", + "description": "The url to access the repository." + }, + "fullName": { + "type": "string", + "description": "The name of the repository." + }, + "installationId": { + "type": "integer", + "format": "int64", + "description": "The installation id of the repository." + }, + "branches": { + "type": "array", + "description": "Array of branches.", + "items": { + "type": "string" + } + } + } + }, + "RepoList": { + "type": "object", + "description": "List all the source controls.", + "properties": { + "value": { + "type": "array", + "description": "The Repo items on this page", + "items": { + "$ref": "#/definitions/Repo" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "RepoType": { + "type": "string", + "description": "The type of repository.", + "enum": [ + "Github", + "AzureDevOps" + ], + "x-ms-enum": { + "name": "RepoType", + "modelAsString": true, + "values": [ + { + "name": "Github", + "value": "Github", + "description": "Github" + }, + { + "name": "AzureDevOps", + "value": "AzureDevOps", + "description": "AzureDevOps" + } + ] + } + }, + "Repository": { + "type": "object", + "description": "metadata of a repository.", + "properties": { + "url": { + "type": "string", + "description": "Url of repository." + }, + "branch": { + "type": "string", + "description": "Branch name of repository." + }, + "displayUrl": { + "type": "string", + "description": "Display url of repository." + }, + "deploymentLogsUrl": { + "type": "string", + "description": "Url to access repository action logs.", + "readOnly": true + } + }, + "required": [ + "url", + "branch" + ] + }, + "RepositoryAccess": { + "type": "object", + "description": "Credentials to access repository.", + "properties": { + "kind": { + "$ref": "#/definitions/RepositoryAccessKind", + "description": "The kind of repository access credentials" + }, + "code": { + "type": "string", + "format": "password", + "description": "OAuth Code. Required when `kind` is `OAuth`", + "x-ms-secret": true + }, + "state": { + "type": "string", + "format": "password", + "description": "OAuth State. Required when `kind` is `OAuth`", + "x-ms-secret": true + }, + "clientId": { + "type": "string", + "description": "OAuth ClientId. Required when `kind` is `OAuth`" + }, + "token": { + "type": "string", + "format": "password", + "description": "Personal Access Token. Required when `kind` is `PAT`", + "x-ms-secret": true + }, + "installationId": { + "type": "string", + "description": "Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only." + } + }, + "required": [ + "kind" + ] + }, + "RepositoryAccessKind": { + "type": "string", + "description": "The kind of repository access credentials", + "enum": [ + "OAuth", + "PAT", + "App" + ], + "x-ms-enum": { + "name": "RepositoryAccessKind", + "modelAsString": true, + "values": [ + { + "name": "OAuth", + "value": "OAuth", + "description": "OAuth" + }, + { + "name": "PAT", + "value": "PAT", + "description": "PAT" + }, + { + "name": "App", + "value": "App", + "description": "App" + } + ] + } + }, + "RepositoryAccessObject": { + "type": "object", + "description": "Credentials to access repository.", + "properties": { + "repositoryAccess": { + "$ref": "#/definitions/RepositoryAccess", + "description": "RepositoryAccess properties", + "x-ms-client-flatten": true + } + }, + "required": [ + "repositoryAccess" + ] + }, + "RepositoryAccessProperties": { + "type": "object", + "description": "Credentials to access repository.", + "properties": { + "properties": { + "$ref": "#/definitions/RepositoryAccessObject", + "description": "RepositoryAccess properties", + "x-ms-client-flatten": true + } + }, + "required": [ + "properties" + ] + }, + "RepositoryResourceInfo": { + "type": "object", + "description": "Resources created in user's repository for the source-control.", + "properties": { + "webhook": { + "$ref": "#/definitions/Webhook", + "description": "The webhook object created for the source-control." + }, + "gitHubResourceInfo": { + "$ref": "#/definitions/GitHubResourceInfo", + "description": "Resources created in GitHub for this source-control.", + "readOnly": true + }, + "azureDevOpsResourceInfo": { + "$ref": "#/definitions/AzureDevOpsResourceInfo", + "description": "Resources created in Azure DevOps for this source-control.", + "readOnly": true + } + } + }, + "ResourceProviderRequiredPermissions": { + "type": "object", + "description": "Required permissions for the connector resource provider that define in ResourceProviders.\nFor more information about the permissions see here.", + "properties": { + "read": { + "type": "boolean", + "description": "Gets or sets a value indicating whether the permission is read action (GET)." + }, + "write": { + "type": "boolean", + "description": "Gets or sets a value indicating whether the permission is write action (PUT or PATCH)." + }, + "delete": { + "type": "boolean", + "description": "Gets or sets a value indicating whether the permission is delete action (DELETE)." + }, + "action": { + "type": "boolean", + "description": "Gets or sets a value indicating whether the permission is custom actions (POST)." + } + } + }, + "ResourceWithEtag": { + "type": "object", + "description": "An azure resource object with an Etag property", + "properties": { + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/Resource" + } + ] + }, + "RestApiPollerDataConnector": { + "type": "object", + "description": "Represents Rest Api Poller data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/RestApiPollerDataConnectorProperties", + "description": "Rest Api Poller data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "RestApiPoller" + }, + "RestApiPollerDataConnectorProperties": { + "type": "object", + "description": "Rest Api Poller data connector properties.", + "properties": { + "connectorDefinitionName": { + "type": "string", + "description": "The connector definition name (the dataConnectorDefinition resource id)." + }, + "auth": { + "$ref": "#/definitions/CcpAuthConfig", + "description": "The a authentication model." + }, + "request": { + "$ref": "#/definitions/RestApiPollerRequestConfig", + "description": "The request configuration." + }, + "dcrConfig": { + "$ref": "#/definitions/DCRConfiguration", + "description": "The DCR related properties." + }, + "isActive": { + "type": "boolean", + "description": "Indicates whether the connector is active or not." + }, + "dataType": { + "type": "string", + "description": "The Log Analytics table destination." + }, + "response": { + "$ref": "#/definitions/CcpResponseConfig", + "description": "The response configuration." + }, + "paging": { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig", + "description": "The paging configuration." + }, + "addOnAttributes": { + "type": "object", + "description": "The add on attributes. The key name will become attribute name (a column) and the value will become the attribute value in the payload.", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "connectorDefinitionName", + "auth", + "request" + ] + }, + "RestApiPollerRequestConfig": { + "type": "object", + "description": "The request configuration.", + "properties": { + "apiEndpoint": { + "type": "string", + "description": "The API endpoint." + }, + "rateLimitQPS": { + "type": "integer", + "format": "int32", + "description": "The Rate limit queries per second for the request..", + "x-nullable": true + }, + "queryWindowInMin": { + "type": "integer", + "format": "int32", + "description": "The query window in minutes for the request.", + "x-nullable": true + }, + "httpMethod": { + "$ref": "#/definitions/HttpMethodVerb", + "description": "The HTTP method, default value GET." + }, + "queryTimeFormat": { + "type": "string", + "description": "The query time format. A remote server can have a query to pull data from range 'start' to 'end'. This property indicate what is the expected time format the remote server know to parse." + }, + "retryCount": { + "type": "integer", + "format": "int32", + "description": "The retry count.", + "x-nullable": true + }, + "timeoutInSeconds": { + "type": "integer", + "format": "int32", + "description": "The timeout in seconds.", + "x-nullable": true + }, + "isPostPayloadJson": { + "type": "boolean", + "description": "Flag to indicate if HTTP POST payload is in JSON format (vs form-urlencoded).", + "x-nullable": true + }, + "headers": { + "type": "object", + "description": "The header for the request for the remote server.", + "additionalProperties": { + "type": "string" + } + }, + "queryParameters": { + "type": "object", + "description": "The HTTP query parameters to RESTful API.", + "additionalProperties": {} + }, + "queryParametersTemplate": { + "type": "string", + "description": "the query parameters template. Defines the query parameters template to use when passing query parameters in advanced scenarios." + }, + "startTimeAttributeName": { + "type": "string", + "description": "The query parameter name which the remote server expect to start query. This property goes hand to hand with `endTimeAttributeName`." + }, + "endTimeAttributeName": { + "type": "string", + "description": "The query parameter name which the remote server expect to end query. This property goes hand to hand with `startTimeAttributeName`" + }, + "queryTimeIntervalAttributeName": { + "type": "string", + "description": "The query parameter name which we need to send the server for query logs in time interval. Should be defined with `queryTimeIntervalPrepend` and `queryTimeIntervalDelimiter`" + }, + "queryTimeIntervalPrepend": { + "type": "string", + "description": "The string prepend to the value of the query parameter in `queryTimeIntervalAttributeName`." + }, + "queryTimeIntervalDelimiter": { + "type": "string", + "description": "The delimiter string between 2 QueryTimeFormat in the query parameter `queryTimeIntervalAttributeName`." + } + }, + "required": [ + "apiEndpoint" + ] + }, + "RestApiPollerRequestPagingConfig": { + "type": "object", + "description": "The request paging configuration.", + "properties": { + "pagingType": { + "$ref": "#/definitions/RestApiPollerRequestPagingKind", + "description": "Type of paging" + }, + "pageSize": { + "type": "integer", + "format": "int32", + "description": "Page size" + }, + "pageSizeParameterName": { + "type": "string", + "description": "Page size parameter name" + } + }, + "required": [ + "pagingType" + ] + }, + "RestApiPollerRequestPagingCountBaseConfig": { + "type": "object", + "description": "The request paging configuration for Count base paging type parameters.", + "properties": { + "zeroBasedIndexing": { + "type": "boolean", + "description": "Indicates whether the count is zero based" + }, + "pageCountJsonPath": { + "type": "string", + "description": "JSON path of page count in HTTP response payload" + }, + "pageNumberParaName": { + "type": "string", + "description": "Parameter name of page number in HTTP request" + }, + "pageNumberJsonPath": { + "type": "string", + "description": "JSON path of page number in HTTP response payload" + }, + "totalResultsJsonPath": { + "type": "string", + "description": "JSON path of total number of results in HTTP response payload" + } + }, + "allOf": [ + { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig" + } + ] + }, + "RestApiPollerRequestPagingKind": { + "type": "string", + "description": "Type of paging", + "enum": [ + "LinkHeader", + "NextPageToken", + "NextPageUrl", + "PersistentToken", + "PersistentLinkHeader", + "Offset", + "CountBasedPaging" + ], + "x-ms-enum": { + "name": "RestApiPollerRequestPagingKind", + "modelAsString": true, + "values": [ + { + "name": "LinkHeader", + "value": "LinkHeader", + "description": "LinkHeader" + }, + { + "name": "NextPageToken", + "value": "NextPageToken", + "description": "NextPageToken" + }, + { + "name": "NextPageUrl", + "value": "NextPageUrl", + "description": "NextPageUrl" + }, + { + "name": "PersistentToken", + "value": "PersistentToken", + "description": "PersistentToken" + }, + { + "name": "PersistentLinkHeader", + "value": "PersistentLinkHeader", + "description": "PersistentLinkHeader" + }, + { + "name": "Offset", + "value": "Offset", + "description": "Offset" + }, + { + "name": "CountBasedPaging", + "value": "CountBasedPaging", + "description": "CountBasedPaging" + } + ] + } + }, + "RestApiPollerRequestPagingLinkHeaderConfig": { + "type": "object", + "description": "The request paging configuration for LinkHeader and PersistentLinkHeader paging type parameters.", + "properties": { + "linkHeaderTokenJsonPath": { + "type": "string", + "description": "JSON path of link header token in HTTP response payload" + }, + "linkHeaderRelLinkName": { + "type": "string", + "description": "Rel link name from the link header" + } + }, + "allOf": [ + { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig" + } + ] + }, + "RestApiPollerRequestPagingNextPageUrlConfig": { + "type": "object", + "description": "The request paging configuration for NextPageUrl paging type parameters.", + "properties": { + "nextPageUrl": { + "type": "string", + "description": "Next page URL" + }, + "nextPageUrlQueryParameters": { + "type": "object", + "description": "Query parameters of next page URL", + "additionalProperties": { + "type": "string" + } + }, + "nextPageUrlQueryParametersTemplate": { + "type": "string", + "description": "Paging query parameters in string template format" + }, + "nextPageParaName": { + "type": "string", + "description": "Next page parameter name in HTTP request" + }, + "nextPageRequestHeader": { + "type": "string", + "description": "Next page header name in the request" + }, + "hasNextFlagJsonPath": { + "type": "string", + "description": "JSON path of flag in HTTP response payload to indicate more pages" + } + }, + "allOf": [ + { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig" + } + ] + }, + "RestApiPollerRequestPagingOffsetConfig": { + "type": "object", + "description": "The request paging configuration for Offset paging type parameters.", + "properties": { + "offsetParaName": { + "type": "string", + "description": "Offset parameter name in HTTP request" + } + }, + "allOf": [ + { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig" + } + ] + }, + "RestApiPollerRequestPagingTokenConfig": { + "type": "object", + "description": "The request paging configuration for NextPageToken and PersistentToken paging type parameters.", + "properties": { + "nextPageTokenJsonPath": { + "type": "string", + "description": "JSON path of next page token in HTTP response payload" + }, + "hasNextFlagJsonPath": { + "type": "string", + "description": "JSON path of flag in HTTP response payload to indicate more pages" + }, + "nextPageTokenResponseHeader": { + "type": "string", + "description": "HTTP response header name of next page token" + }, + "nextPageParaName": { + "type": "string", + "description": "Next page parameter name in HTTP request" + }, + "nextPageRequestHeader": { + "type": "string", + "description": "Next page header name in the request" + } + }, + "allOf": [ + { + "$ref": "#/definitions/RestApiPollerRequestPagingConfig" + } + ] + }, + "ScheduledAlertRule": { + "type": "object", + "description": "Represents scheduled alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleProperties", + "description": "Scheduled alert rule properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "x-ms-discriminator-value": "Scheduled" + }, + "ScheduledAlertRuleCommonProperties": { + "type": "object", + "description": "Scheduled alert rule template property bag.", + "properties": { + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "queryFrequency": { + "type": "string", + "format": "duration", + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." + }, + "queryPeriod": { + "type": "string", + "format": "duration", + "description": "The period (in ISO 8601 duration format) that this alert rule looks at." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/TriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "type": "integer", + "format": "int32", + "description": "The threshold triggers this alert rule." + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "type": "object", + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "type": "array", + "description": "Array of the entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/EntityMapping" + } + }, + "alertDetailsOverride": { + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + } + } + }, + "ScheduledAlertRuleProperties": { + "type": "object", + "description": "Scheduled alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "type": "string", + "description": "The Name of the alert rule template used to create this rule." + }, + "templateVersion": { + "type": "string", + "description": "The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2>" + }, + "description": { + "type": "string", + "description": "The description of the alert rule." + }, + "displayName": { + "type": "string", + "description": "The display name for alerts created by this alert rule." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "lastModifiedUtc": { + "type": "string", + "format": "date-time", + "description": "The last time that this alert rule has been modified.", + "readOnly": true + }, + "suppressionDuration": { + "type": "string", + "format": "duration", + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered." + }, + "suppressionEnabled": { + "type": "boolean", + "description": "Determines whether the suppression for this alert rule is enabled or disabled." + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + } + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + } + }, + "required": [ + "displayName", + "enabled", + "suppressionDuration", + "suppressionEnabled" + ], + "allOf": [ + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ] + }, + "ScheduledAlertRuleTemplate": { + "type": "object", + "description": "Represents scheduled alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleTemplateProperties", + "description": "Scheduled alert rule template properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "x-ms-discriminator-value": "Scheduled" + }, + "ScheduledAlertRuleTemplateProperties": { + "type": "object", + "description": "Scheduled alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "type": "integer", + "format": "int32", + "description": "The number of alert rules that were created by this template" + }, + "createdDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template has been added.", + "readOnly": true + }, + "lastUpdatedDateUTC": { + "type": "string", + "format": "date-time", + "description": "The time that this alert rule template was last updated.", + "readOnly": true + }, + "description": { + "type": "string", + "description": "The description of the alert rule template." + }, + "displayName": { + "type": "string", + "description": "The display name for alert rule template." + }, + "requiredDataConnectors": { + "type": "array", + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "x-ms-identifiers": [] + }, + "status": { + "$ref": "#/definitions/TemplateStatus", + "description": "The alert rule template status." + }, + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "queryFrequency": { + "type": "string", + "format": "duration", + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." + }, + "queryPeriod": { + "type": "string", + "format": "duration", + "description": "The period (in ISO 8601 duration format) that this alert rule looks at." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/TriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "type": "integer", + "format": "int32", + "description": "The threshold triggers this alert rule." + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + } + }, + "techniques": { + "type": "array", + "description": "The techniques of the alert rule", + "items": { + "type": "string" + } + }, + "version": { + "type": "string", + "description": "The version of this template - in format , where all are numbers. For example <1.0.2>." + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "type": "object", + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "type": "array", + "description": "Array of the entity mappings of the alert rule", + "items": { + "$ref": "#/definitions/EntityMapping" + } + }, + "alertDetailsOverride": { + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + } + } + }, + "SecurityAlert": { + "type": "object", + "description": "Represents a security alert entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityAlertProperties", + "description": "SecurityAlert entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "SecurityAlert" + }, + "SecurityAlertProperties": { + "type": "object", + "description": "SecurityAlert entity property bag.", + "properties": { + "alertDisplayName": { + "type": "string", + "description": "The display name of the alert.", + "readOnly": true + }, + "alertType": { + "type": "string", + "description": "The type name of the alert.", + "readOnly": true + }, + "compromisedEntity": { + "type": "string", + "description": "Display name of the main entity being reported on.", + "readOnly": true + }, + "confidenceLevel": { + "$ref": "#/definitions/ConfidenceLevel", + "description": "The confidence level of this alert.", + "readOnly": true + }, + "confidenceReasons": { + "type": "array", + "description": "The confidence reasons", + "items": { + "$ref": "#/definitions/SecurityAlertPropertiesConfidenceReasonsItem" + }, + "readOnly": true, + "x-ms-identifiers": [] + }, + "confidenceScore": { + "type": "number", + "format": "double", + "description": "The confidence score of the alert.", + "readOnly": true + }, + "confidenceScoreStatus": { + "$ref": "#/definitions/ConfidenceScoreStatus", + "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", + "readOnly": true + }, + "description": { + "type": "string", + "description": "Alert description.", + "readOnly": true + }, + "endTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The impact end time of the alert (the time of the last event contributing to the alert).", + "readOnly": true + }, + "intent": { + "$ref": "#/definitions/KillChainIntent", + "description": "Holds the alert intent stage(s) mapping for this alert.", + "readOnly": true + }, + "providerAlertId": { + "type": "string", + "description": "The identifier of the alert inside the product which generated the alert.", + "readOnly": true + }, + "processingEndTime": { + "type": "string", + "format": "date-time", + "description": "The time the alert was made available for consumption.", + "readOnly": true + }, + "productComponentName": { + "type": "string", + "description": "The name of a component inside the product which generated the alert.", + "readOnly": true + }, + "productName": { + "type": "string", + "description": "The name of the product which published this alert.", + "readOnly": true + }, + "productVersion": { + "type": "string", + "description": "The version of the product generating the alert.", + "readOnly": true + }, + "remediationSteps": { + "type": "array", + "description": "Manual action items to take to remediate the alert.", + "items": { + "type": "string" + }, + "readOnly": true + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity of the alert" + }, + "startTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The impact start time of the alert (the time of the first event contributing to the alert).", + "readOnly": true + }, + "status": { + "$ref": "#/definitions/AlertStatus", + "description": "The lifecycle status of the alert.", + "readOnly": true + }, + "systemAlertId": { + "type": "string", + "description": "Holds the product identifier of the alert for the product.", + "readOnly": true + }, + "tactics": { + "type": "array", + "description": "The tactics of the alert", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true + }, + "timeGenerated": { + "type": "string", + "format": "date-time", + "description": "The time the alert was generated.", + "readOnly": true + }, + "vendorName": { + "type": "string", + "description": "The name of the vendor that raise the alert.", + "readOnly": true + }, + "alertLink": { + "type": "string", + "description": "The uri link of the alert.", + "readOnly": true + }, + "resourceIdentifiers": { + "type": "array", + "description": "The list of resource identifiers of the alert.", + "items": {}, + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "SecurityAlertPropertiesConfidenceReasonsItem": { + "type": "object", + "description": "confidence reason item", + "properties": { + "reason": { + "type": "string", + "description": "The reason's description", + "readOnly": true + }, + "reasonType": { + "type": "string", + "description": "The type (category) of the reason", + "readOnly": true + } + } + }, + "SecurityGroupEntity": { + "type": "object", + "description": "Represents a security group entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityGroupEntityProperties", + "description": "SecurityGroup entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "SecurityGroup" + }, + "SecurityGroupEntityProperties": { + "type": "object", + "description": "SecurityGroup entity property bag.", + "properties": { + "distinguishedName": { + "type": "string", + "description": "The group distinguished name", + "readOnly": true + }, + "objectGuid": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "A single-value attribute that is the unique identifier for the object, assigned by active directory.", + "readOnly": true + }, + "sid": { + "type": "string", + "description": "The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "SecurityMLAnalyticsSetting": { + "type": "object", + "description": "Security ML Analytics Setting", + "properties": { + "kind": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "SecurityMLAnalyticsSettingsDataSource": { + "type": "object", + "description": "security ml analytics settings data sources", + "properties": { + "connectorId": { + "type": "string", + "description": "The connector id that provides the following data types" + }, + "dataTypes": { + "type": "array", + "description": "The data types used by the security ml analytics settings", + "items": { + "type": "string" + } + } + } + }, + "SecurityMLAnalyticsSettingsKind": { + "type": "string", + "description": "The kind of security ML analytics settings", + "enum": [ + "Anomaly" + ], + "x-ms-enum": { + "name": "SecurityMLAnalyticsSettingsKind", + "modelAsString": true, + "values": [ + { + "name": "Anomaly", + "value": "Anomaly", + "description": "Anomaly" + } + ] + } + }, + "SecurityMLAnalyticsSettingsList": { + "type": "object", + "description": "List all the SecurityMLAnalyticsSettings", + "properties": { + "value": { + "type": "array", + "description": "The SecurityMLAnalyticsSetting items on this page", + "items": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "SentinelOnboardingState": { + "type": "object", + "description": "Sentinel onboarding state", + "properties": { + "properties": { + "$ref": "#/definitions/SentinelOnboardingStateProperties", + "description": "The Sentinel onboarding state object", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "SentinelOnboardingStateProperties": { + "type": "object", + "description": "The Sentinel onboarding state properties", + "properties": { + "customerManagedKey": { + "type": "boolean", + "description": "Flag that indicates the status of the CMK setting" + } + } + }, + "SentinelOnboardingStatesList": { + "type": "object", + "description": "List of the Sentinel onboarding states", + "properties": { + "value": { + "type": "array", + "description": "Array of Sentinel onboarding states", + "items": { + "$ref": "#/definitions/SentinelOnboardingState" + } + } + }, + "required": [ + "value" + ] + }, + "ServicePrincipal": { + "type": "object", + "description": "Service principal metadata.", + "properties": { + "id": { + "type": "string", + "description": "Id of service principal.", + "readOnly": true + }, + "tenantId": { + "type": "string", + "description": "Tenant id of service principal.", + "readOnly": true + }, + "appId": { + "type": "string", + "description": "App id of service principal.", + "readOnly": true + }, + "credentialsExpireOn": { + "type": "string", + "format": "date-time", + "description": "Expiration time of service principal credentials." + } + } + }, + "SessionAuthModel": { + "type": "object", + "description": "Model for API authentication with session cookie.", + "properties": { + "userName": { + "type": "object", + "description": "The user name attribute key value.", + "additionalProperties": { + "type": "string" + } + }, + "password": { + "type": "object", + "format": "password", + "description": "The password attribute name.", + "additionalProperties": { + "type": "string" + }, + "x-ms-secret": true + }, + "queryParameters": { + "type": "object", + "description": "Query parameters to session service endpoint.", + "additionalProperties": {} + }, + "isPostPayloadJson": { + "type": "boolean", + "description": "Indicating whether API key is set in HTTP POST payload.", + "x-nullable": true + }, + "headers": { + "type": "object", + "description": "HTTP request headers to session service endpoint.", + "additionalProperties": { + "type": "string" + } + }, + "sessionTimeoutInMinutes": { + "type": "integer", + "format": "int32", + "description": "Session timeout in minutes.", + "x-nullable": true + }, + "sessionIdName": { + "type": "string", + "description": "Session id attribute name from HTTP response header." + }, + "sessionLoginRequestUri": { + "type": "string", + "description": "HTTP request URL to session service endpoint." + } + }, + "required": [ + "userName", + "password" + ], + "allOf": [ + { + "$ref": "#/definitions/CcpAuthConfig" + } + ], + "x-ms-discriminator-value": "Session" + }, + "SettingsStatus": { + "type": "string", + "description": "The anomaly SecurityMLAnalyticsSettings status", + "enum": [ + "Production", + "Flighting" + ], + "x-ms-enum": { + "name": "SettingsStatus", + "modelAsString": true, + "values": [ + { + "name": "Production", + "value": "Production", + "description": "Anomaly settings status in Production mode" + }, + { + "name": "Flighting", + "value": "Flighting", + "description": "Anomaly settings status in Flighting mode" + } + ] + } + }, + "SourceControl": { + "type": "object", + "description": "Represents a SourceControl in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/SourceControlProperties", + "description": "source control properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "required": [ + "properties" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "SourceControlList": { + "type": "object", + "description": "List all the source controls.", + "properties": { + "value": { + "type": "array", + "description": "The SourceControl items on this page", + "items": { + "$ref": "#/definitions/SourceControl" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "SourceControlProperties": { + "type": "object", + "description": "Describes source control properties", + "properties": { + "id": { + "type": "string", + "description": "The id (a Guid) of the source control", + "readOnly": true + }, + "version": { + "$ref": "#/definitions/Version", + "description": "The version number associated with the source control", + "readOnly": true + }, + "displayName": { + "type": "string", + "description": "The display name of the source control" + }, + "description": { + "type": "string", + "description": "A description of the source control" + }, + "repoType": { + "$ref": "#/definitions/RepoType", + "description": "The repository type of the source control" + }, + "contentTypes": { + "type": "array", + "description": "Array of source control content types.", + "items": { + "$ref": "#/definitions/ContentType" + } + }, + "repository": { + "$ref": "#/definitions/Repository", + "description": "Repository metadata." + }, + "servicePrincipal": { + "$ref": "#/definitions/ServicePrincipal", + "description": "Service principal metadata." + }, + "workloadIdentityFederation": { + "$ref": "#/definitions/WorkloadIdentityFederation", + "description": "Workload Identity metadata.", + "readOnly": true + }, + "repositoryAccess": { + "$ref": "#/definitions/RepositoryAccess", + "description": "Repository access credentials. This is write-only object and it never returns back to a user.", + "x-ms-mutability": [ + "update", + "create" + ] + }, + "repositoryResourceInfo": { + "$ref": "#/definitions/RepositoryResourceInfo", + "description": "Information regarding the resources created in user's repository." + }, + "lastDeploymentInfo": { + "$ref": "#/definitions/DeploymentInfo", + "description": "Information regarding the latest deployment for the source control.", + "readOnly": true + }, + "pullRequest": { + "$ref": "#/definitions/PullRequest", + "description": "Information regarding the pull request of the source control.", + "readOnly": true + } + }, + "required": [ + "displayName", + "repoType", + "contentTypes", + "repository" + ] + }, + "SourceKind": { + "type": "string", + "description": "Source type of the content", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "name": "SourceKind", + "modelAsString": true, + "values": [ + { + "name": "LocalWorkspace", + "value": "LocalWorkspace", + "description": "LocalWorkspace" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "SourceRepository", + "value": "SourceRepository", + "description": "SourceRepository" + } + ] + } + }, + "SourceType": { + "type": "string", + "description": "The sourceType of the watchlist", + "enum": [ + "Local", + "AzureStorage" + ], + "x-ms-enum": { + "name": "SourceType", + "modelAsString": true, + "values": [ + { + "name": "Local", + "value": "Local", + "description": "The source from local file." + }, + { + "name": "AzureStorage", + "value": "AzureStorage", + "description": "The source from Azure storage." + } + ] + } + }, + "SubmissionMailEntity": { + "type": "object", + "description": "Represents a submission mail entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SubmissionMailEntityProperties", + "description": "Submission mail entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "SubmissionMail" + }, + "SubmissionMailEntityProperties": { + "type": "object", + "description": "Submission mail entity property bag.", + "properties": { + "networkMessageId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The network message id of email to which submission belongs", + "readOnly": true + }, + "submissionId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The submission id", + "readOnly": true + }, + "submitter": { + "type": "string", + "description": "The submitter", + "readOnly": true + }, + "submissionDate": { + "type": "string", + "format": "date-time", + "description": "The submission date", + "readOnly": true + }, + "timestamp": { + "type": "string", + "format": "date-time", + "description": "The Time stamp when the message is received (Mail)", + "readOnly": true + }, + "recipient": { + "type": "string", + "description": "The recipient of the mail", + "readOnly": true + }, + "sender": { + "type": "string", + "description": "The sender of the mail", + "readOnly": true + }, + "senderIp": { + "type": "string", + "description": "The sender's IP", + "readOnly": true + }, + "subject": { + "type": "string", + "description": "The subject of submission mail", + "readOnly": true + }, + "reportType": { + "type": "string", + "description": "The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "SupportTier": { + "type": "string", + "description": "Type of support for content item", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "name": "SupportTier", + "modelAsString": true, + "values": [ + { + "name": "Microsoft", + "value": "Microsoft", + "description": "Microsoft" + }, + { + "name": "Partner", + "value": "Partner", + "description": "Partner" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + } + ] + } + }, + "TIDataConnector": { + "type": "object", + "description": "Represents threat intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/TIDataConnectorProperties", + "description": "TI (Threat Intelligence) data connector properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TIDataConnectorDataTypes": { + "type": "object", + "description": "The available data types for TI (Threat Intelligence) data connector.", + "properties": { + "indicators": { + "$ref": "#/definitions/TIDataConnectorDataTypesIndicators", + "description": "Data type for indicators connection." + } + }, + "required": [ + "indicators" + ] + }, + "TIDataConnectorDataTypesIndicators": { + "type": "object", + "description": "Data type for indicators connection.", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ] + }, + "TIDataConnectorProperties": { + "type": "object", + "description": "TI (Threat Intelligence) data connector properties.", + "properties": { + "tipLookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the feed to be imported.", + "x-nullable": true + }, + "dataTypes": { + "$ref": "#/definitions/TIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ] + }, + "TemplateBaseProperties": { + "type": "object", + "description": "Template property bag.", + "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/Kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "type": "array", + "description": "Providers for the content item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date content item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date for the content item" + }, + "customVersion": { + "type": "string", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "type": "string", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "previewImages": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts", + "items": { + "type": "string" + } + }, + "previewImagesDark": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "items": { + "type": "string" + } + }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "#/definitions/PackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "type": "string", + "description": "the name of the package contains this template" + }, + "isDeprecated": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this template is deprecated", + "readOnly": true + } + } + }, + "TemplateStatus": { + "type": "string", + "description": "The alert rule template status.", + "enum": [ + "Installed", + "Available", + "NotAvailable" + ], + "x-ms-enum": { + "name": "TemplateStatus", + "modelAsString": true, + "values": [ + { + "name": "Installed", + "value": "Installed", + "description": "Alert rule template installed. and can not use more then once" + }, + { + "name": "Available", + "value": "Available", + "description": "Alert rule template is available." + }, + { + "name": "NotAvailable", + "value": "NotAvailable", + "description": "Alert rule template is not available" + } + ] + } + }, + "ThreatIntelligenceAppendTags": { + "type": "object", + "description": "Array of tags to be appended to the threat intelligence indicator.", + "properties": { + "threatIntelligenceTags": { + "type": "array", + "description": "List of tags to be appended.", + "items": { + "type": "string" + } + } + } + }, + "ThreatIntelligenceExternalReference": { + "type": "object", + "description": "Describes external reference", + "properties": { + "description": { + "type": "string", + "description": "External reference description" + }, + "externalId": { + "type": "string", + "description": "External reference ID" + }, + "sourceName": { + "type": "string", + "description": "External reference source name" + }, + "url": { + "type": "string", + "description": "External reference URL" + }, + "hashes": { + "type": "object", + "description": "External reference hashes", + "additionalProperties": { + "type": "string" + } + } + } + }, + "ThreatIntelligenceFilteringCriteria": { + "type": "object", + "description": "Filtering criteria for querying threat intelligence indicators.", + "properties": { + "pageSize": { + "type": "integer", + "format": "int32", + "description": "Page size" + }, + "minConfidence": { + "type": "integer", + "format": "int32", + "description": "Minimum confidence." + }, + "maxConfidence": { + "type": "integer", + "format": "int32", + "description": "Maximum confidence." + }, + "minValidUntil": { + "type": "string", + "description": "Start time for ValidUntil filter." + }, + "maxValidUntil": { + "type": "string", + "description": "End time for ValidUntil filter." + }, + "includeDisabled": { + "type": "boolean", + "description": "Parameter to include/exclude disabled indicators." + }, + "sortBy": { + "type": "array", + "description": "Columns to sort by and sorting order", + "items": { + "$ref": "#/definitions/ThreatIntelligenceSortingCriteria" + }, + "x-ms-identifiers": [] + }, + "sources": { + "type": "array", + "description": "Sources of threat intelligence indicators", + "items": { + "type": "string" + } + }, + "patternTypes": { + "type": "array", + "description": "Pattern types", + "items": { + "type": "string" + } + }, + "threatTypes": { + "type": "array", + "description": "Threat types of threat intelligence indicators", + "items": { + "type": "string" + } + }, + "ids": { + "type": "array", + "description": "Ids of threat intelligence indicators", + "items": { + "type": "string" + } + }, + "keywords": { + "type": "array", + "description": "Keywords for searching threat intelligence indicators", + "items": { + "type": "string" + } + }, + "skipToken": { + "type": "string", + "description": "Skip token." + } + } + }, + "ThreatIntelligenceGranularMarkingModel": { + "type": "object", + "description": "Describes threat granular marking model entity", + "properties": { + "language": { + "type": "string", + "description": "Language granular marking model" + }, + "markingRef": { + "type": "integer", + "format": "int32", + "description": "marking reference granular marking model" + }, + "selectors": { + "type": "array", + "description": "granular marking model selectors", + "items": { + "type": "string" + } + } + } + }, + "ThreatIntelligenceIndicatorModel": { + "type": "object", + "description": "Threat intelligence indicator entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties", + "description": "Threat Intelligence Entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + ], + "x-ms-discriminator-value": "indicator" + }, + "ThreatIntelligenceIndicatorProperties": { + "type": "object", + "description": "Describes threat intelligence entity properties", + "properties": { + "threatIntelligenceTags": { + "type": "array", + "description": "List of tags", + "items": { + "type": "string" + } + }, + "lastUpdatedTimeUtc": { + "type": "string", + "description": "Last updated time in UTC" + }, + "source": { + "type": "string", + "description": "Source of a threat intelligence entity" + }, + "displayName": { + "type": "string", + "description": "Display name of a threat intelligence entity" + }, + "description": { + "type": "string", + "description": "Description of a threat intelligence entity" + }, + "indicatorTypes": { + "type": "array", + "description": "Indicator types of threat intelligence entities", + "items": { + "type": "string" + } + }, + "pattern": { + "type": "string", + "description": "Pattern of a threat intelligence entity" + }, + "patternType": { + "type": "string", + "description": "Pattern type of a threat intelligence entity" + }, + "patternVersion": { + "type": "string", + "description": "Pattern version of a threat intelligence entity" + }, + "killChainPhases": { + "type": "array", + "description": "Kill chain phases", + "items": { + "$ref": "#/definitions/ThreatIntelligenceKillChainPhase" + }, + "x-ms-identifiers": [] + }, + "parsedPattern": { + "type": "array", + "description": "Parsed patterns", + "items": { + "$ref": "#/definitions/ThreatIntelligenceParsedPattern" + }, + "x-ms-identifiers": [] + }, + "externalId": { + "type": "string", + "description": "External ID of threat intelligence entity" + }, + "createdByRef": { + "type": "string", + "description": "Created by reference of threat intelligence entity" + }, + "defanged": { + "type": "boolean", + "description": "Is threat intelligence entity defanged" + }, + "externalLastUpdatedTimeUtc": { + "type": "string", + "description": "External last updated time in UTC" + }, + "externalReferences": { + "type": "array", + "description": "External References", + "items": { + "$ref": "#/definitions/ThreatIntelligenceExternalReference" + }, + "x-ms-identifiers": [] + }, + "granularMarkings": { + "type": "array", + "description": "Granular Markings", + "items": { + "$ref": "#/definitions/ThreatIntelligenceGranularMarkingModel" + }, + "x-ms-identifiers": [] + }, + "labels": { + "type": "array", + "description": "Labels of threat intelligence entity", + "items": { + "type": "string" + } + }, + "revoked": { + "type": "boolean", + "description": "Is threat intelligence entity revoked" + }, + "confidence": { + "type": "integer", + "format": "int32", + "description": "Confidence of threat intelligence entity" + }, + "objectMarkingRefs": { + "type": "array", + "description": "Threat intelligence entity object marking references", + "items": { + "type": "string" + } + }, + "language": { + "type": "string", + "description": "Language of threat intelligence entity" + }, + "threatTypes": { + "type": "array", + "description": "Threat types", + "items": { + "type": "string" + } + }, + "validFrom": { + "type": "string", + "description": "Valid from" + }, + "validUntil": { + "type": "string", + "description": "Valid until" + }, + "created": { + "type": "string", + "description": "Created by" + }, + "modified": { + "type": "string", + "description": "Modified by" + }, + "extensions": { + "type": "object", + "description": "Extensions map", + "additionalProperties": {} + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "ThreatIntelligenceInformation": { + "type": "object", + "description": "Threat intelligence information object.", + "properties": { + "kind": { + "$ref": "#/definitions/ThreatIntelligenceResourceInnerKind", + "description": "Metadata used by portal/tooling/etc to render different UX experiences for resources of the same type; e.g. ApiApps are a kind of Microsoft.Web/sites type. If supported, the resource provider must validate and persist this value." + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "discriminator": "kind", + "required": [ + "kind" + ], + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "ThreatIntelligenceInformationList": { + "type": "object", + "description": "List of all the threat intelligence information objects.", + "properties": { + "value": { + "type": "array", + "description": "The ThreatIntelligenceInformation items on this page", + "items": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "ThreatIntelligenceKillChainPhase": { + "type": "object", + "description": "Describes threat kill chain phase entity", + "properties": { + "killChainName": { + "type": "string", + "description": "Kill chainName name" + }, + "phaseName": { + "type": "string", + "description": "Phase name" + } + } + }, + "ThreatIntelligenceMain": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the ThreatIntelligenceMain", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "readOnly": true + } + }, + "required": [ + "name" + ] + }, + "ThreatIntelligenceMetric": { + "type": "object", + "description": "Describes threat intelligence metric", + "properties": { + "lastUpdatedTimeUtc": { + "type": "string", + "description": "Last updated indicator metric" + }, + "threatTypeMetrics": { + "type": "array", + "description": "Threat type metrics", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "x-ms-identifiers": [] + }, + "patternTypeMetrics": { + "type": "array", + "description": "Pattern type metrics", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "x-ms-identifiers": [] + }, + "sourceMetrics": { + "type": "array", + "description": "Source metrics", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "x-ms-identifiers": [] + } + } + }, + "ThreatIntelligenceMetricEntity": { + "type": "object", + "description": "Describes threat intelligence metric entity", + "properties": { + "metricName": { + "type": "string", + "description": "Metric name" + }, + "metricValue": { + "type": "integer", + "format": "int32", + "description": "Metric value" + } + } + }, + "ThreatIntelligenceMetrics": { + "type": "object", + "description": "Threat intelligence metrics.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceMetric", + "description": "Threat intelligence metrics." + } + } + }, + "ThreatIntelligenceMetricsList": { + "type": "object", + "description": "List of all the threat intelligence metric fields (type/threat type/source).", + "properties": { + "value": { + "type": "array", + "description": "Array of threat intelligence metric fields (type/threat type/source).", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetrics" + }, + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ] + }, + "ThreatIntelligenceParsedPattern": { + "type": "object", + "description": "Describes parsed pattern entity", + "properties": { + "patternTypeKey": { + "type": "string", + "description": "Pattern type key" + }, + "patternTypeValues": { + "type": "array", + "description": "Pattern type keys", + "items": { + "$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue" + }, + "x-ms-identifiers": [] + } + } + }, + "ThreatIntelligenceParsedPatternTypeValue": { + "type": "object", + "description": "Describes threat kill chain phase entity", + "properties": { + "valueType": { + "type": "string", + "description": "Type of the value" + }, + "value": { + "type": "string", + "description": "Value of parsed pattern" + } + } + }, + "ThreatIntelligenceResourceInnerKind": { + "type": "string", + "description": "The kind of the threat intelligence entity", + "enum": [ + "indicator" + ], + "x-ms-enum": { + "name": "ThreatIntelligenceResourceInnerKind", + "modelAsString": true, + "values": [ + { + "name": "indicator", + "value": "indicator", + "description": "Entity represents threat intelligence indicator in the system." + } + ] + } + }, + "ThreatIntelligenceSortingCriteria": { + "type": "object", + "description": "List of available columns for sorting", + "properties": { + "itemKey": { + "type": "string", + "description": "Column name" + }, + "sortOrder": { + "$ref": "#/definitions/ThreatIntelligenceSortingOrder", + "description": "Sorting order (ascending/descending/unsorted)." + } + } + }, + "ThreatIntelligenceSortingOrder": { + "type": "string", + "description": "Sorting order (ascending/descending/unsorted).", + "enum": [ + "unsorted", + "ascending", + "descending" + ], + "x-ms-enum": { + "name": "ThreatIntelligenceSortingOrder", + "modelAsString": true, + "values": [ + { + "name": "unsorted", + "value": "unsorted", + "description": "unsorted" + }, + { + "name": "ascending", + "value": "ascending", + "description": "ascending" + }, + { + "name": "descending", + "value": "descending", + "description": "descending" + } + ] + } + }, + "TriggerOperator": { + "type": "string", + "description": "The operation against the threshold that triggers alert rule.", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "x-ms-enum": { + "name": "TriggerOperator", + "modelAsString": false, + "values": [ + { + "name": "GreaterThan", + "value": "GreaterThan", + "description": "GreaterThan" + }, + { + "name": "LessThan", + "value": "LessThan", + "description": "LessThan" + }, + { + "name": "Equal", + "value": "Equal", + "description": "Equal" + }, + { + "name": "NotEqual", + "value": "NotEqual", + "description": "NotEqual" + } + ] + } + }, + "TriggersOn": { + "type": "string", + "enum": [ + "Incidents", + "Alerts" + ], + "x-ms-enum": { + "name": "TriggersOn", + "modelAsString": true, + "values": [ + { + "name": "Incidents", + "value": "Incidents", + "description": "Trigger on Incidents" + }, + { + "name": "Alerts", + "value": "Alerts", + "description": "Trigger on Alerts" + } + ] + } + }, + "TriggersWhen": { + "type": "string", + "enum": [ + "Created", + "Updated" + ], + "x-ms-enum": { + "name": "TriggersWhen", + "modelAsString": true, + "values": [ + { + "name": "Created", + "value": "Created", + "description": "Trigger on created objects" + }, + { + "name": "Updated", + "value": "Updated", + "description": "Trigger on updated objects" + } + ] + } + }, + "UrlEntity": { + "type": "object", + "description": "Represents a url entity.", + "properties": { + "properties": { + "$ref": "#/definitions/UrlEntityProperties", + "description": "Url entity properties", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "x-ms-discriminator-value": "Url" + }, + "UrlEntityProperties": { + "type": "object", + "description": "Url entity property bag.", + "properties": { + "url": { + "type": "string", + "description": "A full URL the entity points to", + "readOnly": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ] + }, + "UserInfo": { + "type": "object", + "description": "User information that made some action", + "properties": { + "email": { + "type": "string", + "description": "The email of the user.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The name of the user.", + "readOnly": true + }, + "objectId": { + "$ref": "#/definitions/Azure.Core.uuid", + "description": "The object id of the user.", + "x-nullable": true + } + } + }, + "Version": { + "type": "string", + "description": "The version of the source control.", + "enum": [ + "V1", + "V2" + ], + "x-ms-enum": { + "name": "Version", + "modelAsString": true, + "values": [ + { + "name": "V1", + "value": "V1", + "description": "V1" + }, + { + "name": "V2", + "value": "V2", + "description": "V2" + } + ] + } + }, + "Warning": { + "type": "object", + "description": "Warning response structure.", + "properties": { + "warning": { + "$ref": "#/definitions/WarningBody", + "description": "Warning data.", + "readOnly": true + } + } + }, + "WarningBody": { + "type": "object", + "description": "Warning details.", + "properties": { + "code": { + "$ref": "#/definitions/WarningCode", + "description": "An identifier for the warning. Codes are invariant and are intended to be consumed programmatically.", + "readOnly": true + }, + "message": { + "type": "string", + "description": "A message describing the warning, intended to be suitable for display in a user interface.", + "readOnly": true + }, + "details": { + "type": "array", + "items": { + "$ref": "#/definitions/WarningBody" + }, + "readOnly": true, + "x-ms-identifiers": [] + } + } + }, + "WarningCode": { + "type": "string", + "description": "The type of repository.", + "enum": [ + "SourceControlWarning_DeleteServicePrincipal", + "SourceControlWarning_DeletePipelineFromAzureDevOps", + "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "SourceControlWarning_DeleteRoleAssignment", + "SourceControl_DeletedWithWarnings" + ], + "x-ms-enum": { + "name": "WarningCode", + "modelAsString": true, + "values": [ + { + "name": "SourceControlWarning_DeleteServicePrincipal", + "value": "SourceControlWarning_DeleteServicePrincipal", + "description": "SourceControlWarning_DeleteServicePrincipal" + }, + { + "name": "SourceControlWarning_DeletePipelineFromAzureDevOps", + "value": "SourceControlWarning_DeletePipelineFromAzureDevOps", + "description": "SourceControlWarning_DeletePipelineFromAzureDevOps" + }, + { + "name": "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "value": "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "description": "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub" + }, + { + "name": "SourceControlWarning_DeleteRoleAssignment", + "value": "SourceControlWarning_DeleteRoleAssignment", + "description": "SourceControlWarning_DeleteRoleAssignment" + }, + { + "name": "SourceControl_DeletedWithWarnings", + "value": "SourceControl_DeletedWithWarnings", + "description": "SourceControl_DeletedWithWarnings" + } + ] + } + }, + "Watchlist": { + "type": "object", + "description": "Represents a Watchlist in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistProperties", + "description": "Watchlist properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "WatchlistItem": { + "type": "object", + "description": "Represents a Watchlist Item in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistItemProperties", + "description": "Watchlist Item properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "WatchlistItemList": { + "type": "object", + "description": "List all the watchlist items.", + "properties": { + "value": { + "type": "array", + "description": "The WatchlistItem items on this page", + "items": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "WatchlistItemProperties": { + "type": "object", + "description": "Describes watchlist item properties", + "properties": { + "watchlistItemType": { + "type": "string", + "description": "The type of the watchlist item" + }, + "watchlistItemId": { + "type": "string", + "description": "The id (a Guid) of the watchlist item" + }, + "tenantId": { + "type": "string", + "description": "The tenantId to which the watchlist item belongs to" + }, + "isDeleted": { + "type": "boolean", + "description": "A flag that indicates if the watchlist item is deleted or not" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time the watchlist item was created" + }, + "updated": { + "type": "string", + "format": "date-time", + "description": "The last time the watchlist item was updated" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist item" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist item" + }, + "itemsKeyValue": { + "description": "key-value pairs for a watchlist item" + }, + "entityMapping": { + "description": "key-value pairs for a watchlist item entity mapping" + } + }, + "required": [ + "itemsKeyValue" + ] + }, + "WatchlistList": { + "type": "object", + "description": "List all the watchlists.", + "properties": { + "value": { + "type": "array", + "description": "The Watchlist items on this page", + "items": { + "$ref": "#/definitions/Watchlist" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "WatchlistProperties": { + "type": "object", + "description": "Describes watchlist properties", + "properties": { + "watchlistId": { + "type": "string", + "description": "The id (a Guid) of the watchlist" + }, + "displayName": { + "type": "string", + "description": "The display name of the watchlist" + }, + "provider": { + "type": "string", + "description": "The provider of the watchlist" + }, + "source": { + "type": "string", + "description": "The filename of the watchlist, called 'source'" + }, + "sourceType": { + "$ref": "#/definitions/SourceType", + "description": "The sourceType of the watchlist" + }, + "created": { + "type": "string", + "format": "date-time", + "description": "The time the watchlist was created" + }, + "updated": { + "type": "string", + "format": "date-time", + "description": "The last time the watchlist was updated" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist" + }, + "description": { + "type": "string", + "description": "A description of the watchlist" + }, + "watchlistType": { + "type": "string", + "description": "The type of the watchlist" + }, + "watchlistAlias": { + "type": "string", + "description": "The alias of the watchlist" + }, + "isDeleted": { + "type": "boolean", + "description": "A flag that indicates if the watchlist is deleted or not" + }, + "labels": { + "type": "array", + "description": "List of labels relevant to this watchlist", + "items": { + "type": "string" + } + }, + "defaultDuration": { + "type": "string", + "format": "duration", + "description": "The default duration of a watchlist (in ISO 8601 duration format)" + }, + "tenantId": { + "type": "string", + "description": "The tenantId where the watchlist belongs to" + }, + "numberOfLinesToSkip": { + "type": "integer", + "format": "int32", + "description": "The number of lines in a csv/tsv content to skip before the header" + }, + "rawContent": { + "type": "string", + "description": "The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint" + }, + "itemsSearchKey": { + "type": "string", + "description": "The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address." + }, + "contentType": { + "type": "string", + "description": "The content type of the raw content. Example : text/csv or text/tsv" + }, + "uploadStatus": { + "type": "string", + "description": "The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted" + }, + "provisioningState": { + "$ref": "#/definitions/WatchlistProvisioningState", + "description": "Describes provisioning state", + "readOnly": true + } + }, + "required": [ + "displayName", + "provider", + "itemsSearchKey" + ] + }, + "WatchlistProvisioningState": { + "type": "string", + "description": "The provisioning state of the watchlist", + "enum": [ + "New", + "InProgress", + "Uploading", + "Deleting", + "Succeeded", + "Failed", + "Canceled" + ], + "x-ms-enum": { + "name": "WatchlistProvisioningState", + "modelAsString": true, + "values": [ + { + "name": "New", + "value": "New", + "description": "New" + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "InProgress" + }, + { + "name": "Uploading", + "value": "Uploading", + "description": "Uploading" + }, + { + "name": "Deleting", + "value": "Deleting", + "description": "Deleting" + }, + { + "name": "Succeeded", + "value": "Succeeded", + "description": "Succeeded" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + }, + { + "name": "Canceled", + "value": "Canceled", + "description": "Canceled" + } + ] + } + }, + "Webhook": { + "type": "object", + "description": "Detail about the webhook object.", + "properties": { + "webhookId": { + "type": "string", + "description": "Unique identifier for the webhook.", + "readOnly": true + }, + "webhookUrl": { + "type": "string", + "description": "URL that gets invoked by the webhook.", + "readOnly": true + }, + "webhookSecretUpdateTime": { + "type": "string", + "format": "date-time", + "description": "Time when the webhook secret was updated.", + "readOnly": true + }, + "rotateWebhookSecret": { + "type": "boolean", + "description": "A flag to instruct the backend service to rotate webhook secret." + } + } + }, + "WorkloadIdentityFederation": { + "type": "object", + "description": "Workload Identity Federation metadata.", + "properties": { + "id": { + "type": "string", + "description": "Id of Workload Identity Federation.", + "readOnly": true + }, + "tenantId": { + "type": "string", + "description": "Tenant id of Workload Identity Federation.", + "readOnly": true + }, + "appId": { + "type": "string", + "description": "App id of Workload Identity Federation.", + "readOnly": true + }, + "subject": { + "type": "string", + "description": "Subject of Workload Identity Federation.", + "readOnly": true + }, + "issuer": { + "type": "string", + "description": "Issuer of Workload Identity Federation.", + "readOnly": true + } + } + }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "type": "string", + "description": "Name of the author. Company or person." + }, + "email": { + "type": "string", + "description": "Email of author contact" + }, + "link": { + "type": "string", + "description": "Link for author/vendor page" + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "type": "array", + "description": "domain for the solution content item", + "items": { + "type": "string" + } + }, + "verticals": { + "type": "array", + "description": "Industry verticals for the solution content item", + "items": { + "type": "string" + } + } + } + }, + "metadataDependencies": { + "type": "object", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "properties": { + "contentId": { + "type": "string", + "description": "Id of the content item we depend on" + }, + "kind": { + "$ref": "#/definitions/Kind", + "description": "Type of the content item we depend on" + }, + "version": { + "type": "string", + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required." + }, + "name": { + "type": "string", + "description": "Name of the content item" + }, + "operator": { + "$ref": "#/definitions/MetadataDependencyOperator", + "description": "Operator used for list of dependencies in criteria array." + }, + "criteria": { + "type": "array", + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "items": { + "$ref": "#/definitions/metadataDependencies" + }, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, + "metadataPatch": { + "type": "object", + "description": "Metadata patch request body.", + "properties": { + "properties": { + "$ref": "#/definitions/metadataPropertiesPatch", + "description": "Metadata patch request body", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ] + }, + "metadataProperties": { + "type": "object", + "description": "Metadata property bag.", + "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a template, both will have the same contentId." + }, + "parentId": { + "type": "string", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "type": "string", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the solution content item" + }, + "providers": { + "type": "array", + "description": "Providers for the solution content item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date of solution content item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date of solution content item" + }, + "customVersion": { + "type": "string", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "type": "string", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the solution template" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "previewImages": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts", + "items": { + "type": "string" + } + }, + "previewImagesDark": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "items": { + "type": "string" + } + } + }, + "required": [ + "parentId", + "kind" + ] + }, + "metadataPropertiesPatch": { + "type": "object", + "description": "Metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required", + "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a template, both will have the same contentId." + }, + "parentId": { + "type": "string", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "type": "string", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the solution content item" + }, + "providers": { + "type": "array", + "description": "Providers for the solution content item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date of solution content item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date of solution content item" + }, + "customVersion": { + "type": "string", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "type": "string", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the solution template" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "previewImages": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts", + "items": { + "type": "string" + } + }, + "previewImagesDark": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "items": { + "type": "string" + } + } + } + }, + "metadataSource": { + "type": "object", + "description": "The original source of the content item, where it comes from.", + "properties": { + "kind": { + "$ref": "#/definitions/SourceKind", + "description": "Source type of the content" + }, + "name": { + "type": "string", + "description": "Name of the content source. The repo name, solution name, LA workspace name etc." + }, + "sourceId": { + "type": "string", + "description": "ID of the content source. The solution ID, workspace ID, etc" + } + }, + "required": [ + "kind" + ] + }, + "metadataSupport": { + "type": "object", + "description": "Support information for the content item.", + "properties": { + "tier": { + "$ref": "#/definitions/SupportTier", + "description": "Type of support for content item" + }, + "name": { + "type": "string", + "description": "Name of the support contact. Company or person." + }, + "email": { + "type": "string", + "description": "Email of support contact" + }, + "link": { + "type": "string", + "description": "Link for support help, like to support page to open a ticket etc." + } + }, + "required": [ + "tier" + ] + }, + "packageBaseProperties": { + "type": "object", + "description": "Describes package properties", + "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/PackageKind", + "description": "The package kind" + }, + "contentSchemaVersion": { + "type": "string", + "description": "The version of the content schema." + }, + "isNew": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this is a newly published package." + }, + "isPreview": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this package is in preview." + }, + "isFeatured": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this package is among the featured list." + }, + "isDeprecated": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this template is deprecated" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, + "description": { + "type": "string", + "description": "The description of the package" + }, + "publisherDisplayName": { + "type": "string", + "description": "The publisher display name of the package" + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "The source of the package" + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The author of the package" + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "The support tier of the package" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "The support tier of the package" + }, + "providers": { + "type": "array", + "description": "Providers for the package item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date package item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date for the package item" + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "The categories of the package" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the content metadata" + } + } + }, + "packageList": { + "type": "object", + "description": "List available packages.", + "properties": { + "value": { + "type": "array", + "description": "The PackageModel items on this page", + "items": { + "$ref": "#/definitions/packageModel" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "packageModel": { + "type": "object", + "description": "Represents a Package in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/packageProperties", + "description": "package properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "packageProperties": { + "type": "object", + "description": "Describes package properties", + "allOf": [ + { + "$ref": "#/definitions/packageBaseProperties" + } + ] + }, + "productPackageAdditionalProperties": { + "type": "object", + "description": "product package additional properties", + "properties": { + "installedVersion": { + "type": "string", + "description": "The version of the installed package, null or absent means not installed." + }, + "metadataResourceId": { + "type": "string", + "format": "arm-id", + "description": "The metadata resource id." + }, + "packagedContent": { + "description": "The json of the ARM template to deploy. Expandable." + } + } + }, + "productPackageList": { + "type": "object", + "description": "List available packages.", + "properties": { + "value": { + "type": "array", + "description": "The ProductPackageModel items on this page", + "items": { + "$ref": "#/definitions/productPackageModel" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "productPackageModel": { + "type": "object", + "description": "Represents a Package in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/productPackageProperties", + "description": "package properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "productPackageProperties": { + "type": "object", + "description": "Describes package properties", + "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/PackageKind", + "description": "The package kind" + }, + "contentSchemaVersion": { + "type": "string", + "description": "The version of the content schema." + }, + "isNew": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this is a newly published package." + }, + "isPreview": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this package is in preview." + }, + "isFeatured": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this package is among the featured list." + }, + "isDeprecated": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this template is deprecated" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, + "description": { + "type": "string", + "description": "The description of the package" + }, + "publisherDisplayName": { + "type": "string", + "description": "The publisher display name of the package" + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "The source of the package" + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The author of the package" + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "The support tier of the package" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "The support tier of the package" + }, + "providers": { + "type": "array", + "description": "Providers for the package item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date package item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date for the package item" + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "The categories of the package" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "installedVersion": { + "type": "string", + "description": "The version of the installed package, null or absent means not installed." + }, + "metadataResourceId": { + "type": "string", + "format": "arm-id", + "description": "The metadata resource id." + }, + "packagedContent": { + "description": "The json of the ARM template to deploy. Expandable." + } + } + }, + "productTemplateAdditionalProperties": { + "type": "object", + "description": "additional properties of product template.", + "properties": { + "packagedContent": { + "description": "The json of the ARM template to deploy" + } + } + }, + "productTemplateList": { + "type": "object", + "description": "List of all the template.", + "properties": { + "value": { + "type": "array", + "description": "The ProductTemplateModel items on this page", + "items": { + "$ref": "#/definitions/productTemplateModel" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "productTemplateModel": { + "type": "object", + "description": "Template resource definition.", + "properties": { + "properties": { + "$ref": "#/definitions/productTemplateProperties", + "description": "template properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "productTemplateProperties": { + "type": "object", + "description": "Template property bag.", + "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/Kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "type": "array", + "description": "Providers for the content item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date content item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date for the content item" + }, + "customVersion": { + "type": "string", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "type": "string", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "previewImages": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts", + "items": { + "type": "string" + } + }, + "previewImagesDark": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "items": { + "type": "string" + } + }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "#/definitions/PackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "type": "string", + "description": "the name of the package contains this template" + }, + "isDeprecated": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this template is deprecated", + "readOnly": true + }, + "packagedContent": { + "description": "The json of the ARM template to deploy" + } + } + }, + "templateAdditionalProperties": { + "type": "object", + "description": "additional properties of product template.", + "properties": { + "mainTemplate": { + "description": "The JSON of the ARM template to deploy active content. Expandable." + }, + "dependantTemplates": { + "type": "array", + "description": "Dependant templates. Expandable.", + "items": { + "$ref": "#/definitions/templateProperties" + }, + "readOnly": true, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, + "templateList": { + "type": "object", + "description": "List of all the template.", + "properties": { + "value": { + "type": "array", + "description": "The TemplateModel items on this page", + "items": { + "$ref": "#/definitions/templateModel" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "templateModel": { + "type": "object", + "description": "Template resource definition.", + "properties": { + "properties": { + "$ref": "#/definitions/templateProperties", + "description": "template properties", + "x-ms-client-flatten": true + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "templateProperties": { + "type": "object", + "description": "Template property bag.", + "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/Kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "type": "array", + "description": "Providers for the content item", + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "type": "string", + "format": "date", + "description": "first publish date content item" + }, + "lastPublishDate": { + "type": "string", + "format": "date", + "description": "last publish date for the content item" + }, + "customVersion": { + "type": "string", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "type": "string", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "type": "string", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "type": "array", + "description": "the tactics the resource covers", + "items": { + "type": "string" + } + }, + "threatAnalysisTechniques": { + "type": "array", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "items": { + "type": "string" + } + }, + "previewImages": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts", + "items": { + "type": "string" + } + }, + "previewImagesDark": { + "type": "array", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "items": { + "type": "string" + } + }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "#/definitions/PackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "type": "string", + "description": "the name of the package contains this template" + }, + "isDeprecated": { + "$ref": "#/definitions/Flag", + "description": "Flag indicates if this template is deprecated", + "readOnly": true + }, + "mainTemplate": { + "description": "The JSON of the ARM template to deploy active content. Expandable." + }, + "dependantTemplates": { + "type": "array", + "description": "Dependant templates. Expandable.", + "items": { + "$ref": "#/definitions/templateProperties" + }, + "readOnly": true, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, + "threatIntelligence": { + "type": "object", + "description": "ThreatIntelligence property bag.", + "properties": { + "confidence": { + "type": "number", + "format": "double", + "description": "Confidence (must be between 0 and 1)", + "readOnly": true + }, + "providerName": { + "type": "string", + "description": "Name of the provider from whom this Threat Intelligence information was received", + "readOnly": true + }, + "reportLink": { + "type": "string", + "description": "Report link", + "readOnly": true + }, + "threatDescription": { + "type": "string", + "description": "Threat description (free text)", + "readOnly": true + }, + "threatName": { + "type": "string", + "description": "Threat name (e.g. \"Jedobot malware\")", + "readOnly": true + }, + "threatType": { + "type": "string", + "description": "Threat type (e.g. \"Botnet\")", + "readOnly": true + } + } + } + }, + "parameters": {} +} From a39610deb19ec232497a5cc106700007346089a7 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Wed, 3 Jun 2026 14:48:16 +0300 Subject: [PATCH 08/38] Switch stable/2025-09-01 to single openapi.json; delete split files and common/ --- .../SecurityInsights/readme.md | 18 +- .../stable/2025-09-01/AlertRules.json | 1879 -------------- .../stable/2025-09-01/AutomationRules.json | 1555 ----------- .../stable/2025-09-01/Bookmarks.json | 355 --- .../stable/2025-09-01/ContentPackages.json | 319 --- .../2025-09-01/ContentProductPackages.json | 235 -- .../2025-09-01/ContentProductTemplates.json | 226 -- .../stable/2025-09-01/ContentTemplates.json | 353 --- .../stable/2025-09-01/DataConnectors.json | 1882 -------------- .../stable/2025-09-01/Incidents.json | 1677 ------------ .../stable/2025-09-01/Metadata.json | 774 ------ .../stable/2025-09-01/OnboardingStates.json | 284 -- .../SecurityMLAnalyticsSettings.json | 444 ---- .../stable/2025-09-01/SourceControls.json | 1041 -------- .../stable/2025-09-01/ThreatIntelligence.json | 1097 -------- .../stable/2025-09-01/Watchlists.json | 793 ------ .../stable/2025-09-01/common/1.0/types.json | 231 -- .../stable/2025-09-01/common/2.0/types.json | 189 -- .../stable/2025-09-01/common/AlertTypes.json | 70 - .../2025-09-01/common/ContentCommonTypes.json | 666 ----- .../stable/2025-09-01/common/EntityTypes.json | 2287 ----------------- .../2025-09-01/common/IncidentTypes.json | 246 -- .../2025-09-01/dataConnectorDefinitions.json | 706 ----- .../stable/2025-09-01/operations.json | 139 - 24 files changed, 1 insertion(+), 17465 deletions(-) delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/AlertRules.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/AutomationRules.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Bookmarks.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentPackages.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentProductPackages.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentProductTemplates.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentTemplates.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/DataConnectors.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Incidents.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Metadata.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/OnboardingStates.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/SecurityMLAnalyticsSettings.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/SourceControls.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ThreatIntelligence.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Watchlists.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/2.0/types.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/AlertTypes.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/ContentCommonTypes.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/EntityTypes.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/IncidentTypes.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/dataConnectorDefinitions.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/operations.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/readme.md b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/readme.md index 1c823d4b97d7..3eb356fd902b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/readme.md +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/readme.md @@ -38,23 +38,7 @@ These settings apply only when `--tag=package-2025-09-01` is specified on the co ```yaml $(tag) == 'package-2025-09-01' input-file: - - stable/2025-09-01/AlertRules.json - - stable/2025-09-01/AutomationRules.json - - stable/2025-09-01/Bookmarks.json - - stable/2025-09-01/ContentPackages.json - - stable/2025-09-01/ContentProductPackages.json - - stable/2025-09-01/ContentProductTemplates.json - - stable/2025-09-01/ContentTemplates.json - - stable/2025-09-01/dataConnectorDefinitions.json - - stable/2025-09-01/DataConnectors.json - - stable/2025-09-01/Incidents.json - - stable/2025-09-01/Metadata.json - - stable/2025-09-01/OnboardingStates.json - - stable/2025-09-01/operations.json - - stable/2025-09-01/SecurityMLAnalyticsSettings.json - - stable/2025-09-01/SourceControls.json - - stable/2025-09-01/ThreatIntelligence.json - - stable/2025-09-01/Watchlists.json + - stable/2025-09-01/openapi.json suppressions: - code: AvoidAdditionalProperties from: dataConnectors.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/AlertRules.json deleted file mode 100644 index 7d75dcc49ebf..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/AlertRules.json +++ /dev/null @@ -1,1879 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { - "get": { - "x-ms-examples": { - "Get all alert rules.": { - "$ref": "./examples/alertRules/GetAllAlertRules.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Gets all alert rules.", - "operationId": "AlertRules_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/AlertRulesList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { - "get": { - "x-ms-examples": { - "Get a Scheduled alert rule.": { - "$ref": "./examples/alertRules/GetScheduledAlertRule.json" - }, - "Get a Fusion alert rule.": { - "$ref": "./examples/alertRules/GetFusionAlertRule.json" - }, - "Get a MicrosoftSecurityIncidentCreation rule.": { - "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Gets the alert rule.", - "operationId": "AlertRules_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/AlertRule" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates a Scheduled alert rule.": { - "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" - }, - "Creates or updates a Fusion alert rule.": { - "$ref": "./examples/alertRules/CreateFusionAlertRule.json" - }, - "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { - "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Creates or updates the alert rule.", - "operationId": "AlertRules_CreateOrUpdate", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - }, - { - "$ref": "#/parameters/AlertRule" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/AlertRule" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/AlertRule" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete an alert rule.": { - "$ref": "./examples/alertRules/DeleteAlertRule.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Delete the alert rule.", - "operationId": "AlertRules_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { - "get": { - "x-ms-examples": { - "Get all actions of alert rule.": { - "$ref": "./examples/actions/GetAllActionsByAlertRule.json" - } - }, - "tags": [ - "Actions" - ], - "description": "Gets all actions of alert rule.", - "operationId": "Actions_ListByAlertRule", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/ActionsList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { - "get": { - "x-ms-examples": { - "Get an action of alert rule.": { - "$ref": "./examples/actions/GetActionOfAlertRuleById.json" - } - }, - "tags": [ - "Actions" - ], - "description": "Gets the action of alert rule.", - "operationId": "Actions_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - }, - { - "$ref": "#/parameters/ActionId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/ActionResponse" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates an action of alert rule.": { - "$ref": "./examples/actions/CreateActionOfAlertRule.json" - } - }, - "tags": [ - "Actions" - ], - "description": "Creates or updates the action of alert rule.", - "operationId": "Actions_CreateOrUpdate", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - }, - { - "$ref": "#/parameters/ActionId" - }, - { - "$ref": "#/parameters/Action" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/ActionResponse" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/ActionResponse" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete an action of alert rule.": { - "$ref": "./examples/actions/DeleteActionOfAlertRule.json" - } - }, - "tags": [ - "Actions" - ], - "description": "Delete the action of alert rule.", - "operationId": "Actions_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - }, - { - "$ref": "#/parameters/ActionId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { - "get": { - "x-ms-examples": { - "Get all alert rule templates.": { - "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" - } - }, - "tags": [ - "Alert Rule Templates" - ], - "description": "Gets all alert rule templates.", - "operationId": "AlertRuleTemplates_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/AlertRuleTemplatesList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { - "get": { - "x-ms-examples": { - "Get alert rule template by Id.": { - "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" - } - }, - "tags": [ - "Alert Rule Templates" - ], - "description": "Gets the alert rule template.", - "operationId": "AlertRuleTemplates_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/AlertRuleTemplateId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/AlertRuleTemplate" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "ActionsList": { - "description": "List all the actions.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of actions.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of actions.", - "items": { - "$ref": "#/definitions/ActionResponse" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "ActionRequest": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Action for alert rule.", - "properties": { - "properties": { - "$ref": "#/definitions/ActionRequestProperties", - "description": "Action properties for put request", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "ActionRequestProperties": { - "allOf": [ - { - "$ref": "#/definitions/ActionPropertiesBase" - } - ], - "description": "Action property bag.", - "properties": { - "triggerUri": { - "description": "Logic App Callback URL for this specific workflow.", - "type": "string", - "x-ms-secret": true - } - }, - "required": [ - "triggerUri" - ], - "type": "object" - }, - "ActionResponse": { - "allOf": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/Resource" - } - ], - "description": "Action for alert rule.", - "properties": { - "etag": { - "description": "ETag of the action.", - "type": "string" - }, - "properties": { - "$ref": "#/definitions/ActionResponseProperties", - "description": "Action properties for get request", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "ActionResponseProperties": { - "allOf": [ - { - "$ref": "#/definitions/ActionPropertiesBase" - } - ], - "description": "Action property bag.", - "properties": { - "workflowId": { - "description": "The name of the logic app's workflow.", - "type": "string" - } - }, - "type": "object" - }, - "ActionPropertiesBase": { - "description": "Action property bag base.", - "properties": { - "logicAppResourceId": { - "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.", - "type": "string" - } - }, - "required": [ - "logicAppResourceId" - ], - "type": "object" - }, - "AlertRule": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Alert rule.", - "discriminator": "kind", - "required": [ - "kind" - ], - "properties": { - "kind": { - "$ref": "#/definitions/AlertRuleKindEnum", - "description": "The alert rule kind" - } - }, - "type": "object" - }, - "AlertRuleKindEnum": { - "description": "The kind of the alert rule", - "enum": [ - "Scheduled", - "MicrosoftSecurityIncidentCreation", - "Fusion" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AlertRuleKind", - "values": [ - { - "value": "Scheduled" - }, - { - "value": "MicrosoftSecurityIncidentCreation" - }, - { - "value": "Fusion" - } - ] - } - }, - "AlertRuleTemplate": { - "allOf": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/Resource" - } - ], - "description": "Alert rule template.", - "discriminator": "kind", - "required": [ - "kind" - ], - "properties": { - "kind": { - "$ref": "#/definitions/AlertRuleKindEnum", - "description": "The alert rule kind", - "type": "string" - } - }, - "type": "object" - }, - "AlertRuleTemplateDataSource": { - "description": "alert rule template data sources", - "properties": { - "connectorId": { - "description": "The connector id that provides the following data types", - "type": "string" - }, - "dataTypes": { - "description": "The data types used by the alert rule template", - "items": { - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "AlertRuleTemplatePropertiesBase": { - "description": "Base alert rule template property bag.", - "properties": { - "alertRulesCreatedByTemplateCount": { - "description": "The number of alert rules that were created by this template", - "format": "int32", - "type": "integer" - }, - "createdDateUTC": { - "description": "The time that this alert rule template has been added.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "description": { - "description": "The description of the alert rule template.", - "type": "string" - }, - "displayName": { - "description": "The display name for alert rule template.", - "type": "string" - }, - "lastUpdatedDateUTC": { - "description": "The last time that this alert rule template has been updated.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "requiredDataConnectors": { - "description": "The required data sources for this template", - "items": { - "$ref": "#/definitions/AlertRuleTemplateDataSource" - }, - "type": "array", - "x-ms-identifiers": [ - "connectorId" - ] - }, - "status": { - "$ref": "#/definitions/AlertRuleTemplateStatus", - "description": "The alert rule template status." - } - }, - "type": "object" - }, - "AlertRuleTemplateStatus": { - "description": "The alert rule template status.", - "enum": [ - "Installed", - "Available", - "NotAvailable" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "TemplateStatus", - "values": [ - { - "description": "Alert rule template installed. and can not use more then once", - "value": "Installed" - }, - { - "description": "Alert rule template is available.", - "value": "Available" - }, - { - "description": "Alert rule template is not available", - "value": "NotAvailable" - } - ] - } - }, - "AlertRuleTriggerOperator": { - "description": "The operation against the threshold that triggers alert rule.", - "enum": [ - "GreaterThan", - "LessThan", - "Equal", - "NotEqual" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": false, - "name": "TriggerOperator" - } - }, - "AlertRulesList": { - "description": "List all the alert rules.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of alert rules.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of alert rules.", - "items": { - "$ref": "#/definitions/AlertRule" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "AlertRuleTemplatesList": { - "description": "List all the alert rule templates.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of alert rule templates.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of alert rule templates.", - "items": { - "$ref": "#/definitions/AlertRuleTemplate" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "FusionAlertRule": { - "allOf": [ - { - "$ref": "#/definitions/AlertRule" - } - ], - "description": "Represents Fusion alert rule.", - "properties": { - "properties": { - "$ref": "#/definitions/FusionAlertRuleProperties", - "description": "Fusion alert rule properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Fusion" - }, - "FusionAlertRuleProperties": { - "description": "Fusion alert rule base property bag.", - "properties": { - "alertRuleTemplateName": { - "description": "The Name of the alert rule template used to create this rule.", - "type": "string" - }, - "description": { - "description": "The description of the alert rule.", - "readOnly": true, - "type": "string" - }, - "displayName": { - "description": "The display name for alerts created by this alert rule.", - "readOnly": true, - "type": "string" - }, - "enabled": { - "description": "Determines whether this alert rule is enabled or disabled.", - "type": "boolean" - }, - "lastModifiedUtc": { - "description": "The last time that this alert has been modified.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "severity": { - "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", - "description": "The severity for alerts created by this alert rule.", - "readOnly": true - }, - "tactics": { - "description": "The tactics of the alert rule", - "items": { - "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "techniques": { - "description": "The techniques of the alert rule", - "items": { - "type": "string" - }, - "readOnly": true, - "type": "array" - } - }, - "required": [ - "alertRuleTemplateName", - "enabled" - ], - "type": "object" - }, - "FusionAlertRuleTemplate": { - "allOf": [ - { - "$ref": "#/definitions/AlertRuleTemplate" - } - ], - "description": "Represents Fusion alert rule template.", - "properties": { - "properties": { - "$ref": "#/definitions/FusionAlertRuleTemplateProperties", - "description": "Fusion alert rule template properties", - "required": [ - "displayName", - "description", - "status", - "severity", - "alertRulesCreatedByTemplateCount" - ], - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Fusion" - }, - "FusionAlertRuleTemplateProperties": { - "description": "Represents Fusion alert rule template properties", - "properties": { - "alertRulesCreatedByTemplateCount": { - "description": "The number of alert rules that were created by this template", - "format": "int32", - "type": "integer" - }, - "createdDateUTC": { - "description": "The time that this alert rule template has been added.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "lastUpdatedDateUTC": { - "description": "The time that this alert rule template was last updated.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "description": { - "description": "The description of the alert rule template.", - "type": "string" - }, - "displayName": { - "description": "The display name for alert rule template.", - "type": "string" - }, - "requiredDataConnectors": { - "description": "The required data connectors for this template", - "items": { - "$ref": "#/definitions/AlertRuleTemplateDataSource" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "status": { - "$ref": "#/definitions/AlertRuleTemplateStatus", - "description": "The alert rule template status.", - "type": "string" - }, - "severity": { - "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", - "description": "The severity for alerts created by this alert rule." - }, - "tactics": { - "description": "The tactics of the alert rule template", - "items": { - "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "techniques": { - "description": "The techniques of the alert rule template", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "MicrosoftSecurityIncidentCreationAlertRule": { - "allOf": [ - { - "$ref": "#/definitions/AlertRule" - } - ], - "description": "Represents MicrosoftSecurityIncidentCreation rule.", - "properties": { - "properties": { - "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", - "description": "MicrosoftSecurityIncidentCreation rule properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" - }, - "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { - "description": "MicrosoftSecurityIncidentCreation rule common property bag.", - "properties": { - "displayNamesFilter": { - "description": "the alerts' displayNames on which the cases will be generated", - "items": { - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "displayNamesExcludeFilter": { - "description": "the alerts' displayNames on which the cases will not be generated", - "items": { - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "productFilter": { - "$ref": "#/definitions/MicrosoftSecurityProductName", - "description": "The alerts' productName on which the cases will be generated" - }, - "severitiesFilter": { - "description": "the alerts' severities on which the cases will be generated", - "items": { - "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "required": [ - "productFilter" - ], - "type": "object" - }, - "MicrosoftSecurityIncidentCreationAlertRuleProperties": { - "allOf": [ - { - "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" - } - ], - "description": "MicrosoftSecurityIncidentCreation rule property bag.", - "properties": { - "alertRuleTemplateName": { - "description": "The Name of the alert rule template used to create this rule.", - "type": "string" - }, - "description": { - "description": "The description of the alert rule.", - "type": "string" - }, - "displayName": { - "description": "The display name for alerts created by this alert rule.", - "type": "string" - }, - "enabled": { - "description": "Determines whether this alert rule is enabled or disabled.", - "type": "boolean" - }, - "lastModifiedUtc": { - "description": "The last time that this alert has been modified.", - "format": "date-time", - "readOnly": true, - "type": "string" - } - }, - "required": [ - "displayName", - "enabled", - "productFilter" - ], - "type": "object" - }, - "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { - "allOf": [ - { - "$ref": "#/definitions/AlertRuleTemplate" - } - ], - "description": "Represents MicrosoftSecurityIncidentCreation rule template.", - "properties": { - "properties": { - "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", - "description": "MicrosoftSecurityIncidentCreation rule template properties", - "required": [ - "displayName", - "description", - "createdDateUTC", - "status", - "alertRulesCreatedByTemplateCount", - "productFilter" - ], - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" - }, - "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": { - "allOf": [ - { - "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" - } - ], - "description": "MicrosoftSecurityIncidentCreation rule template properties", - "properties": { - "displayNamesFilter": { - "description": "the alerts' displayNames on which the cases will be generated", - "items": { - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "displayNamesExcludeFilter": { - "description": "the alerts' displayNames on which the cases will not be generated", - "items": { - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "productFilter": { - "$ref": "#/definitions/MicrosoftSecurityProductName", - "description": "The alerts' productName on which the cases will be generated" - }, - "severitiesFilter": { - "description": "the alerts' severities on which the cases will be generated", - "items": { - "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "MicrosoftSecurityProductName": { - "description": "The alerts' productName on which the cases will be generated", - "enum": [ - "Microsoft Cloud App Security", - "Azure Security Center", - "Azure Advanced Threat Protection", - "Azure Active Directory Identity Protection", - "Azure Security Center for IoT" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "MicrosoftSecurityProductName" - } - }, - "ScheduledAlertRule": { - "allOf": [ - { - "$ref": "#/definitions/AlertRule" - } - ], - "description": "Represents scheduled alert rule.", - "properties": { - "properties": { - "$ref": "#/definitions/ScheduledAlertRuleProperties", - "description": "Scheduled alert rule properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Scheduled" - }, - "ScheduledAlertRuleCommonProperties": { - "description": "Scheduled alert rule template property bag.", - "properties": { - "query": { - "description": "The query that creates alerts for this rule.", - "type": "string" - }, - "queryFrequency": { - "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", - "format": "duration", - "type": "string" - }, - "queryPeriod": { - "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", - "format": "duration", - "type": "string" - }, - "severity": { - "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", - "description": "The severity for alerts created by this alert rule." - }, - "triggerOperator": { - "$ref": "#/definitions/AlertRuleTriggerOperator", - "description": "The operation against the threshold that triggers alert rule." - }, - "triggerThreshold": { - "description": "The threshold triggers this alert rule.", - "format": "int32", - "type": "integer" - }, - "eventGroupingSettings": { - "$ref": "#/definitions/EventGroupingSettings", - "description": "The event grouping settings." - }, - "customDetails": { - "description": "Dictionary of string key-value pairs of columns to be attached to the alert", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "entityMappings": { - "$ref": "#/definitions/EntityMappings", - "description": "Array of the entity mappings of the alert rule" - }, - "alertDetailsOverride": { - "type": "object", - "$ref": "#/definitions/AlertDetailsOverride", - "description": "The alert details override settings" - } - }, - "type": "object" - }, - "EventGroupingSettings": { - "description": "Event grouping settings property bag.", - "properties": { - "aggregationKind": { - "$ref": "#/definitions/EventGroupingAggregationKind" - } - }, - "type": "object" - }, - "EventGroupingAggregationKind": { - "description": "The event grouping aggregation kinds", - "enum": [ - "SingleAlert", - "AlertPerResult" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "EventGroupingAggregationKind" - } - }, - "EntityMappings": { - "description": "List of entity mappings of the alert rule", - "type": "array", - "items": { - "$ref": "#/definitions/EntityMapping" - }, - "x-ms-identifiers": [] - }, - "EntityMapping": { - "description": "Single entity mapping for the alert rule", - "properties": { - "entityType": { - "$ref": "#/definitions/EntityMappingType" - }, - "fieldMappings": { - "description": "array of field mappings for the given entity mapping", - "type": "array", - "items": { - "$ref": "#/definitions/FieldMapping" - }, - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "FieldMapping": { - "description": "A single field mapping of the mapped entity", - "properties": { - "identifier": { - "description": "the V3 identifier of the entity", - "type": "string" - }, - "columnName": { - "description": "the column name to be mapped to the identifier", - "type": "string" - } - }, - "type": "object" - }, - "AlertDetailsOverride": { - "description": "Settings for how to dynamically override alert static details", - "properties": { - "alertDisplayNameFormat": { - "description": "the format containing columns name(s) to override the alert name", - "type": "string" - }, - "alertDescriptionFormat": { - "description": "the format containing columns name(s) to override the alert description", - "type": "string" - }, - "alertTacticsColumnName": { - "description": "the column name to take the alert tactics from", - "type": "string" - }, - "alertSeverityColumnName": { - "description": "the column name to take the alert severity from", - "type": "string" - }, - "alertDynamicProperties": { - "description": "List of additional dynamic properties to override", - "type": "array", - "items": { - "$ref": "#/definitions/AlertPropertyMapping" - }, - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "AlertPropertyMapping": { - "description": "A single alert property mapping to override", - "properties": { - "alertProperty": { - "$ref": "#/definitions/AlertProperty" - }, - "value": { - "description": "the column name to use to override this property", - "type": "string" - } - }, - "type": "object" - }, - "IncidentConfiguration": { - "description": "Incident Configuration property bag.", - "properties": { - "createIncident": { - "description": "Create incidents from alerts triggered by this analytics rule", - "type": "boolean" - }, - "groupingConfiguration": { - "$ref": "#/definitions/GroupingConfiguration", - "description": "Set how the alerts that are triggered by this analytics rule, are grouped into incidents" - } - }, - "type": "object", - "required": [ - "createIncident" - ] - }, - "GroupingConfiguration": { - "description": "Grouping configuration property bag.", - "properties": { - "enabled": { - "description": "Grouping enabled", - "type": "boolean" - }, - "reopenClosedIncident": { - "description": "Re-open closed matching incidents", - "type": "boolean" - }, - "lookbackDuration": { - "description": "Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)", - "format": "duration", - "type": "string" - }, - "matchingMethod": { - "description": "Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.", - "enum": [ - "AllEntities", - "AnyAlert", - "Selected" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "MatchingMethod", - "values": [ - { - "description": "Grouping alerts into a single incident if all the entities match", - "value": "AllEntities" - }, - { - "description": "Grouping any alerts triggered by this rule into a single incident", - "value": "AnyAlert" - }, - { - "description": "Grouping alerts into a single incident if the selected entities, custom details and alert details match", - "value": "Selected" - } - ] - } - }, - "groupByEntities": { - "description": "A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.", - "items": { - "$ref": "#/definitions/EntityMappingType" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "groupByAlertDetails": { - "description": "A list of alert details to group by (when matchingMethod is Selected)", - "items": { - "description": "Alert detail", - "enum": [ - "DisplayName", - "Severity" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AlertDetail", - "values": [ - { - "description": "Alert display name", - "value": "DisplayName" - }, - { - "description": "Alert severity", - "value": "Severity" - } - ] - } - }, - "type": "array", - "x-ms-identifiers": [] - }, - "groupByCustomDetails": { - "description": "A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.", - "items": { - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object", - "required": [ - "enabled", - "reopenClosedIncident", - "lookbackDuration", - "matchingMethod" - ] - }, - "ScheduledAlertRuleProperties": { - "allOf": [ - { - "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" - } - ], - "description": "Scheduled alert rule base property bag.", - "properties": { - "alertRuleTemplateName": { - "description": "The Name of the alert rule template used to create this rule.", - "type": "string" - }, - "templateVersion": { - "description": "The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2>", - "type": "string" - }, - "description": { - "description": "The description of the alert rule.", - "type": "string" - }, - "displayName": { - "description": "The display name for alerts created by this alert rule.", - "type": "string" - }, - "enabled": { - "description": "Determines whether this alert rule is enabled or disabled.", - "type": "boolean" - }, - "lastModifiedUtc": { - "description": "The last time that this alert rule has been modified.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "suppressionDuration": { - "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", - "format": "duration", - "type": "string" - }, - "suppressionEnabled": { - "description": "Determines whether the suppression for this alert rule is enabled or disabled.", - "type": "boolean" - }, - "tactics": { - "description": "The tactics of the alert rule", - "items": { - "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "techniques": { - "description": "The techniques of the alert rule", - "items": { - "type": "string" - }, - "type": "array" - }, - "incidentConfiguration": { - "$ref": "#/definitions/IncidentConfiguration", - "description": "The settings of the incidents that created from alerts triggered by this analytics rule" - } - }, - "required": [ - "displayName", - "enabled", - "severity", - "query", - "queryFrequency", - "queryPeriod", - "triggerOperator", - "triggerThreshold", - "suppressionEnabled", - "suppressionDuration" - ], - "type": "object" - }, - "ScheduledAlertRuleTemplateProperties": { - "description": "Scheduled alert rule template properties", - "properties": { - "alertRulesCreatedByTemplateCount": { - "description": "The number of alert rules that were created by this template", - "format": "int32", - "type": "integer" - }, - "createdDateUTC": { - "description": "The time that this alert rule template has been added.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "lastUpdatedDateUTC": { - "description": "The time that this alert rule template was last updated.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "description": { - "description": "The description of the alert rule template.", - "type": "string" - }, - "displayName": { - "description": "The display name for alert rule template.", - "type": "string" - }, - "requiredDataConnectors": { - "description": "The required data connectors for this template", - "items": { - "$ref": "#/definitions/AlertRuleTemplateDataSource" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "status": { - "$ref": "#/definitions/AlertRuleTemplateStatus", - "description": "The alert rule template status.", - "type": "string" - }, - "query": { - "description": "The query that creates alerts for this rule.", - "type": "string" - }, - "queryFrequency": { - "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", - "format": "duration", - "type": "string" - }, - "queryPeriod": { - "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", - "format": "duration", - "type": "string" - }, - "severity": { - "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", - "description": "The severity for alerts created by this alert rule." - }, - "triggerOperator": { - "$ref": "#/definitions/AlertRuleTriggerOperator", - "description": "The operation against the threshold that triggers alert rule." - }, - "triggerThreshold": { - "description": "The threshold triggers this alert rule.", - "format": "int32", - "type": "integer" - }, - "tactics": { - "description": "The tactics of the alert rule template", - "items": { - "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "techniques": { - "description": "The techniques of the alert rule template", - "items": { - "type": "string" - }, - "type": "array" - }, - "version": { - "description": "The version of this template - in format , where all are numbers. For example <1.0.2>.", - "type": "string" - }, - "eventGroupingSettings": { - "$ref": "#/definitions/EventGroupingSettings", - "description": "The event grouping settings." - }, - "customDetails": { - "description": "Dictionary of string key-value pairs of columns to be attached to the alert", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "entityMappings": { - "$ref": "#/definitions/EntityMappings", - "description": "Array of the entity mappings of the alert rule" - }, - "alertDetailsOverride": { - "type": "object", - "$ref": "#/definitions/AlertDetailsOverride", - "description": "The alert details override settings" - } - }, - "type": "object" - }, - "ScheduledAlertRuleTemplate": { - "allOf": [ - { - "$ref": "#/definitions/AlertRuleTemplate" - } - ], - "description": "Represents scheduled alert rule template.", - "properties": { - "properties": { - "$ref": "#/definitions/ScheduledAlertRuleTemplateProperties", - "description": "Scheduled alert rule template properties", - "required": [ - "displayName", - "description", - "status", - "alertRulesCreatedByTemplateCount", - "severity", - "query", - "queryFrequency", - "queryPeriod", - "triggerOperator", - "triggerThreshold", - "version" - ], - "type": "object", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Scheduled" - }, - "EntityMappingType": { - "description": "The V3 type of the mapped entity", - "enum": [ - "Account", - "Host", - "IP", - "Malware", - "File", - "Process", - "CloudApplication", - "DNS", - "AzureResource", - "FileHash", - "RegistryKey", - "RegistryValue", - "SecurityGroup", - "URL", - "Mailbox", - "MailCluster", - "MailMessage", - "SubmissionMail" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "EntityMappingType", - "values": [ - { - "description": "User account entity type", - "value": "Account" - }, - { - "description": "Host entity type", - "value": "Host" - }, - { - "description": "IP address entity type", - "value": "IP" - }, - { - "description": "Malware entity type", - "value": "Malware" - }, - { - "description": "System file entity type", - "value": "File" - }, - { - "description": "Process entity type", - "value": "Process" - }, - { - "description": "Cloud app entity type", - "value": "CloudApplication" - }, - { - "description": "DNS entity type", - "value": "DNS" - }, - { - "description": "Azure resource entity type", - "value": "AzureResource" - }, - { - "description": "File-hash entity type", - "value": "FileHash" - }, - { - "description": "Registry key entity type", - "value": "RegistryKey" - }, - { - "description": "Registry value entity type", - "value": "RegistryValue" - }, - { - "description": "Security group entity type", - "value": "SecurityGroup" - }, - { - "description": "URL entity type", - "value": "URL" - }, - { - "description": "Mailbox entity type", - "value": "Mailbox" - }, - { - "description": "Mail cluster entity type", - "value": "MailCluster" - }, - { - "description": "Mail message entity type", - "value": "MailMessage" - }, - { - "description": "Submission mail entity type", - "value": "SubmissionMail" - } - ] - } - }, - "AlertProperty": { - "description": "The V3 alert property", - "enum": [ - "AlertLink", - "ConfidenceLevel", - "ConfidenceScore", - "ExtendedLinks", - "ProductName", - "ProviderName", - "ProductComponentName", - "RemediationSteps", - "Techniques" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AlertProperty", - "values": [ - { - "description": "Alert's link", - "value": "AlertLink" - }, - { - "description": "Confidence level property", - "value": "ConfidenceLevel" - }, - { - "description": "Confidence score", - "value": "ConfidenceScore" - }, - { - "description": "Extended links to the alert", - "value": "ExtendedLinks" - }, - { - "description": "Product name alert property", - "value": "ProductName" - }, - { - "description": "Provider name alert property", - "value": "ProviderName" - }, - { - "description": "Product component name alert property", - "value": "ProductComponentName" - }, - { - "description": "Remediation steps alert property", - "value": "RemediationSteps" - }, - { - "description": "Techniques alert property", - "value": "Techniques" - } - ] - } - } - }, - "parameters": { - "Action": { - "description": "The action", - "in": "body", - "name": "action", - "required": true, - "schema": { - "$ref": "#/definitions/ActionRequest" - }, - "x-ms-parameter-location": "method" - }, - "ActionId": { - "description": "Action ID", - "in": "path", - "name": "actionId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "AlertRule": { - "description": "The alert rule", - "in": "body", - "name": "alertRule", - "required": true, - "schema": { - "$ref": "#/definitions/AlertRule" - }, - "x-ms-parameter-location": "method" - }, - "AlertRuleTemplateId": { - "description": "Alert rule template ID", - "in": "path", - "name": "alertRuleTemplateId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "RuleId": { - "description": "Alert rule ID", - "in": "path", - "name": "ruleId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/AutomationRules.json deleted file mode 100644 index e90ee1c3dd4e..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/AutomationRules.json +++ /dev/null @@ -1,1555 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01", - "x-ms-code-generation-settings": { - "name": "SecurityInsights" - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { - "get": { - "tags": [ - "automationRules" - ], - "description": "Gets the automation rule.", - "operationId": "AutomationRules_Get", - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/AutomationRuleId" - } - ], - "responses": { - "200": { - "description": "Ok", - "schema": { - "$ref": "#/definitions/AutomationRule" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-examples": { - "AutomationRules_Get": { - "$ref": "./examples/automationRules/AutomationRules_Get.json" - } - } - }, - "put": { - "tags": [ - "automationRules" - ], - "description": "Creates or updates the automation rule.", - "operationId": "AutomationRules_CreateOrUpdate", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/AutomationRuleId" - }, - { - "in": "body", - "name": "automationRuleToUpsert", - "description": "The automation rule", - "schema": { - "$ref": "#/definitions/AutomationRule" - } - } - ], - "responses": { - "200": { - "description": "Ok", - "schema": { - "$ref": "#/definitions/AutomationRule" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/AutomationRule" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-examples": { - "AutomationRules_CreateOrUpdate": { - "$ref": "./examples/automationRules/AutomationRules_CreateOrUpdate.json" - } - } - }, - "delete": { - "tags": [ - "automationRules" - ], - "description": "Delete the automation rule.", - "operationId": "AutomationRules_Delete", - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/AutomationRuleId" - } - ], - "responses": { - "200": { - "description": "Ok", - "schema": { - "type": "object" - } - }, - "204": { - "description": "No Content", - "schema": { - "type": "object" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-examples": { - "AutomationRules_Delete": { - "$ref": "./examples/automationRules/AutomationRules_Delete.json" - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules": { - "get": { - "tags": [ - "automationRules" - ], - "description": "Gets all automation rules.", - "operationId": "AutomationRules_List", - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "Ok", - "schema": { - "$ref": "#/definitions/AutomationRulesList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - }, - "x-ms-examples": { - "AutomationRules_List": { - "$ref": "./examples/automationRules/AutomationRules_List.json" - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook": { - "post": { - "tags": [ - "manualTrigger" - ], - "description": "Triggers playbook on a specific entity.", - "operationId": "Entities_RunPlaybook", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "in": "path", - "name": "entityIdentifier", - "required": true, - "type": "string", - "description": "Entity ID" - }, - { - "in": "body", - "name": "requestBody", - "description": "Describes the request body for triggering a playbook on an entity.", - "schema": { - "$ref": "#/definitions/EntityManualTriggerRequestBody" - } - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-examples": { - "Entities_RunPlaybook": { - "$ref": "./examples/manualTrigger/Entities_RunPlaybook.json" - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook": { - "post": { - "tags": [ - "manualTrigger" - ], - "description": "Triggers playbook on a specific incident", - "operationId": "Incidents_RunPlaybook", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "in": "path", - "name": "incidentIdentifier", - "required": true, - "type": "string", - "description": "Incident ID" - }, - { - "in": "body", - "name": "requestBody", - "description": "Describes the request body for triggering a playbook on an incident.", - "schema": { - "$ref": "#/definitions/ManualTriggerRequestBody" - } - } - ], - "responses": { - "204": { - "description": "Success" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-examples": { - "Incidents_RunPlaybook": { - "$ref": "./examples/manualTrigger/Incidents_RunPlaybook.json" - } - } - } - } - }, - "definitions": { - "ActionType": { - "description": "The type of the automation rule action.", - "enum": [ - "ModifyProperties", - "RunPlaybook", - "AddIncidentTask" - ], - "type": "string", - "example": "ModifyProperties", - "x-ms-enum": { - "name": "ActionType", - "modelAsString": true, - "values": [ - { - "value": "ModifyProperties", - "description": "Modify an object's properties" - }, - { - "value": "RunPlaybook", - "description": "Run a playbook on an object" - }, - { - "value": "AddIncidentTask", - "description": "Add a task to an incident object" - } - ] - } - }, - "AddIncidentTaskActionProperties": { - "description": "Describes an automation rule action to add a task to an incident.", - "required": [ - "title" - ], - "type": "object", - "properties": { - "title": { - "description": "The title of the task.", - "type": "string" - }, - "description": { - "description": "The description of the task.", - "type": "string" - } - } - }, - "AutomationRule": { - "required": [ - "properties" - ], - "type": "object", - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "properties": { - "properties": { - "type": "object", - "$ref": "#/definitions/AutomationRuleProperties", - "x-ms-client-flatten": true - } - } - }, - "AutomationRuleAction": { - "description": "Describes an automation rule action.", - "required": [ - "actionType", - "order" - ], - "type": "object", - "properties": { - "order": { - "format": "int32", - "type": "integer" - }, - "actionType": { - "$ref": "#/definitions/ActionType" - } - }, - "discriminator": "actionType" - }, - "AutomationRuleAddIncidentTaskAction": { - "description": "Describes an automation rule action to add a task to an incident", - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/AutomationRuleAction" - } - ], - "properties": { - "actionConfiguration": { - "type": "object", - "$ref": "#/definitions/AddIncidentTaskActionProperties" - } - }, - "x-ms-discriminator-value": "AddIncidentTask", - "x-ms-client-flatten": true - }, - "AutomationRuleBooleanCondition": { - "description": "Describes an automation rule condition with boolean operators.", - "type": "object", - "properties": { - "operator": { - "$ref": "#/definitions/AutomationRuleBooleanConditionSupportedOperator" - }, - "innerConditions": { - "maxItems": 10, - "minItems": 2, - "type": "array", - "items": { - "$ref": "#/definitions/AutomationRuleCondition" - }, - "x-ms-identifiers": [] - } - } - }, - "AutomationRuleBooleanConditionSupportedOperator": { - "description": "Describes a boolean condition operator.", - "enum": [ - "And", - "Or" - ], - "type": "string", - "example": "And", - "x-ms-enum": { - "name": "AutomationRuleBooleanConditionSupportedOperator", - "modelAsString": true, - "values": [ - { - "value": "And", - "description": "Evaluates as true if all the item conditions are evaluated as true" - }, - { - "value": "Or", - "description": "Evaluates as true if at least one of the item conditions are evaluated as true" - } - ] - } - }, - "AutomationRuleCondition": { - "description": "Describes an automation rule condition.", - "required": [ - "conditionType" - ], - "type": "object", - "properties": { - "conditionType": { - "$ref": "#/definitions/ConditionType" - } - }, - "discriminator": "conditionType" - }, - "AutomationRuleModifyPropertiesAction": { - "description": "Describes an automation rule action to modify an object's properties", - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/AutomationRuleAction" - } - ], - "properties": { - "actionConfiguration": { - "type": "object", - "$ref": "#/definitions/IncidentPropertiesAction" - } - }, - "x-ms-discriminator-value": "ModifyProperties", - "x-ms-client-flatten": true - }, - "AutomationRuleProperties": { - "description": "Automation rule properties", - "required": [ - "actions", - "displayName", - "order", - "triggeringLogic" - ], - "type": "object", - "properties": { - "displayName": { - "description": "The display name of the automation rule.", - "maxLength": 500, - "type": "string" - }, - "order": { - "format": "int32", - "description": "The order of execution of the automation rule.", - "maximum": 1000, - "minimum": 1, - "type": "integer" - }, - "triggeringLogic": { - "$ref": "#/definitions/AutomationRuleTriggeringLogic" - }, - "actions": { - "description": "The actions to execute when the automation rule is triggered.", - "maxItems": 20, - "type": "array", - "items": { - "$ref": "#/definitions/AutomationRuleAction" - }, - "x-ms-identifiers": [] - }, - "lastModifiedTimeUtc": { - "format": "date-time", - "description": "The last time the automation rule was updated.", - "type": "string", - "readOnly": true - }, - "createdTimeUtc": { - "format": "date-time", - "description": "The time the automation rule was created.", - "type": "string", - "readOnly": true - }, - "lastModifiedBy": { - "readOnly": true, - "$ref": "./common/2.0/types.json#/definitions/ClientInfo" - }, - "createdBy": { - "readOnly": true, - "$ref": "./common/2.0/types.json#/definitions/ClientInfo" - } - } - }, - "AutomationRulePropertyArrayChangedConditionSupportedArrayType": { - "enum": [ - "Alerts", - "Labels", - "Tactics", - "Comments" - ], - "type": "string", - "example": "Alerts", - "x-ms-enum": { - "name": "AutomationRulePropertyArrayChangedConditionSupportedArrayType", - "modelAsString": true, - "values": [ - { - "value": "Alerts", - "description": "Evaluate the condition on the alerts" - }, - { - "value": "Labels", - "description": "Evaluate the condition on the labels" - }, - { - "value": "Tactics", - "description": "Evaluate the condition on the tactics" - }, - { - "value": "Comments", - "description": "Evaluate the condition on the comments" - } - ] - } - }, - "AutomationRulePropertyArrayChangedConditionSupportedChangeType": { - "enum": [ - "Added" - ], - "type": "string", - "example": "Added", - "x-ms-enum": { - "name": "AutomationRulePropertyArrayChangedConditionSupportedChangeType", - "modelAsString": true, - "values": [ - { - "value": "Added", - "description": "Evaluate the condition on items added to the array" - } - ] - } - }, - "AutomationRulePropertyArrayChangedValuesCondition": { - "type": "object", - "properties": { - "arrayType": { - "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedArrayType" - }, - "changeType": { - "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedChangeType" - } - } - }, - "AutomationRulePropertyArrayConditionSupportedArrayConditionType": { - "description": "Describes an array condition evaluation type.", - "enum": [ - "AnyItem", - "AllItems" - ], - "type": "string", - "example": "AnyItem", - "x-ms-enum": { - "name": "AutomationRulePropertyArrayConditionSupportedArrayConditionType", - "modelAsString": true, - "values": [ - { - "value": "AnyItem", - "description": "Evaluate the condition as true if any item fulfills it" - }, - { - "value": "AllItems", - "description": "Evaluate the condition as true if all the items fulfill it" - } - ] - } - }, - "AutomationRulePropertyArrayConditionSupportedArrayType": { - "description": "Describes an array condition evaluated array type.", - "enum": [ - "CustomDetails", - "CustomDetailValues" - ], - "type": "string", - "example": "CustomDetails", - "x-ms-enum": { - "name": "AutomationRulePropertyArrayConditionSupportedArrayType", - "modelAsString": true, - "values": [ - { - "value": "CustomDetails", - "description": "Evaluate the condition on the custom detail keys" - }, - { - "value": "CustomDetailValues", - "description": "Evaluate the condition on a custom detail's values" - } - ] - } - }, - "AutomationRulePropertyArrayValuesCondition": { - "description": "Describes an automation rule condition on array properties.", - "type": "object", - "properties": { - "arrayType": { - "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayType" - }, - "arrayConditionType": { - "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayConditionType" - }, - "itemConditions": { - "maxItems": 10, - "type": "array", - "items": { - "$ref": "#/definitions/AutomationRuleCondition" - }, - "x-ms-identifiers": [] - } - } - }, - "AutomationRulePropertyChangedConditionSupportedChangedType": { - "enum": [ - "ChangedFrom", - "ChangedTo" - ], - "type": "string", - "example": "ChangedFrom", - "x-ms-enum": { - "name": "AutomationRulePropertyChangedConditionSupportedChangedType", - "modelAsString": true, - "values": [ - { - "value": "ChangedFrom", - "description": "Evaluate the condition on the previous value of the property" - }, - { - "value": "ChangedTo", - "description": "Evaluate the condition on the updated value of the property" - } - ] - } - }, - "AutomationRulePropertyChangedConditionSupportedPropertyType": { - "enum": [ - "IncidentSeverity", - "IncidentStatus", - "IncidentOwner" - ], - "type": "string", - "example": "IncidentSeverity", - "x-ms-enum": { - "name": "AutomationRulePropertyChangedConditionSupportedPropertyType", - "modelAsString": true, - "values": [ - { - "value": "IncidentSeverity", - "description": "Evaluate the condition on the incident severity" - }, - { - "value": "IncidentStatus", - "description": "Evaluate the condition on the incident status" - }, - { - "value": "IncidentOwner", - "description": "Evaluate the condition on the incident owner" - } - ] - } - }, - "AutomationRulePropertyConditionSupportedOperator": { - "enum": [ - "Equals", - "NotEquals", - "Contains", - "NotContains", - "StartsWith", - "NotStartsWith", - "EndsWith", - "NotEndsWith" - ], - "type": "string", - "example": "Equals", - "x-ms-enum": { - "name": "AutomationRulePropertyConditionSupportedOperator", - "modelAsString": true, - "values": [ - { - "value": "Equals", - "description": "Evaluates if the property equals at least one of the condition values" - }, - { - "value": "NotEquals", - "description": "Evaluates if the property does not equal any of the condition values" - }, - { - "value": "Contains", - "description": "Evaluates if the property contains at least one of the condition values" - }, - { - "value": "NotContains", - "description": "Evaluates if the property does not contain any of the condition values" - }, - { - "value": "StartsWith", - "description": "Evaluates if the property starts with any of the condition values" - }, - { - "value": "NotStartsWith", - "description": "Evaluates if the property does not start with any of the condition values" - }, - { - "value": "EndsWith", - "description": "Evaluates if the property ends with any of the condition values" - }, - { - "value": "NotEndsWith", - "description": "Evaluates if the property does not end with any of the condition values" - } - ] - } - }, - "AutomationRulePropertyConditionSupportedProperty": { - "description": "The property to evaluate in an automation rule property condition.", - "enum": [ - "IncidentTitle", - "IncidentDescription", - "IncidentSeverity", - "IncidentStatus", - "IncidentRelatedAnalyticRuleIds", - "IncidentTactics", - "IncidentLabel", - "IncidentProviderName", - "IncidentUpdatedBySource", - "IncidentCustomDetailsKey", - "IncidentCustomDetailsValue", - "AccountAadTenantId", - "AccountAadUserId", - "AccountName", - "AccountNTDomain", - "AccountPUID", - "AccountSid", - "AccountObjectGuid", - "AccountUPNSuffix", - "AlertProductNames", - "AlertAnalyticRuleIds", - "AzureResourceResourceId", - "AzureResourceSubscriptionId", - "CloudApplicationAppId", - "CloudApplicationAppName", - "DNSDomainName", - "FileDirectory", - "FileName", - "FileHashValue", - "HostAzureID", - "HostName", - "HostNetBiosName", - "HostNTDomain", - "HostOSVersion", - "IoTDeviceId", - "IoTDeviceName", - "IoTDeviceType", - "IoTDeviceVendor", - "IoTDeviceModel", - "IoTDeviceOperatingSystem", - "IPAddress", - "MailboxDisplayName", - "MailboxPrimaryAddress", - "MailboxUPN", - "MailMessageDeliveryAction", - "MailMessageDeliveryLocation", - "MailMessageRecipient", - "MailMessageSenderIP", - "MailMessageSubject", - "MailMessageP1Sender", - "MailMessageP2Sender", - "MalwareCategory", - "MalwareName", - "ProcessCommandLine", - "ProcessId", - "RegistryKey", - "RegistryValueData", - "Url" - ], - "type": "string", - "example": "IncidentTitle", - "x-ms-enum": { - "name": "AutomationRulePropertyConditionSupportedProperty", - "modelAsString": true, - "values": [ - { - "value": "IncidentTitle", - "description": "The title of the incident" - }, - { - "value": "IncidentDescription", - "description": "The description of the incident" - }, - { - "value": "IncidentSeverity", - "description": "The severity of the incident" - }, - { - "value": "IncidentStatus", - "description": "The status of the incident" - }, - { - "value": "IncidentRelatedAnalyticRuleIds", - "description": "The related Analytic rule ids of the incident" - }, - { - "value": "IncidentTactics", - "description": "The tactics of the incident" - }, - { - "value": "IncidentLabel", - "description": "The labels of the incident" - }, - { - "value": "IncidentProviderName", - "description": "The provider name of the incident" - }, - { - "value": "IncidentUpdatedBySource", - "description": "The update source of the incident" - }, - { - "value": "IncidentCustomDetailsKey", - "description": "The incident custom detail key" - }, - { - "value": "IncidentCustomDetailsValue", - "description": "The incident custom detail value" - }, - { - "value": "AccountAadTenantId", - "description": "The account Azure Active Directory tenant id" - }, - { - "value": "AccountAadUserId", - "description": "The account Azure Active Directory user id" - }, - { - "value": "AccountName", - "description": "The account name" - }, - { - "value": "AccountNTDomain", - "description": "The account NetBIOS domain name" - }, - { - "value": "AccountPUID", - "description": "The account Azure Active Directory Passport User ID" - }, - { - "value": "AccountSid", - "description": "The account security identifier" - }, - { - "value": "AccountObjectGuid", - "description": "The account unique identifier" - }, - { - "value": "AccountUPNSuffix", - "description": "The account user principal name suffix" - }, - { - "value": "AlertProductNames", - "description": "The name of the product of the alert" - }, - { - "value": "AlertAnalyticRuleIds", - "description": "The analytic rule ids of the alert" - }, - { - "value": "AzureResourceResourceId", - "description": "The Azure resource id" - }, - { - "value": "AzureResourceSubscriptionId", - "description": "The Azure resource subscription id" - }, - { - "value": "CloudApplicationAppId", - "description": "The cloud application identifier" - }, - { - "value": "CloudApplicationAppName", - "description": "The cloud application name" - }, - { - "value": "DNSDomainName", - "description": "The dns record domain name" - }, - { - "value": "FileDirectory", - "description": "The file directory full path" - }, - { - "value": "FileName", - "description": "The file name without path" - }, - { - "value": "FileHashValue", - "description": "The file hash value" - }, - { - "value": "HostAzureID", - "description": "The host Azure resource id" - }, - { - "value": "HostName", - "description": "The host name without domain" - }, - { - "value": "HostNetBiosName", - "description": "The host NetBIOS name" - }, - { - "value": "HostNTDomain", - "description": "The host NT domain" - }, - { - "value": "HostOSVersion", - "description": "The host operating system" - }, - { - "value": "IoTDeviceId", - "description": "\"The IoT device id" - }, - { - "value": "IoTDeviceName", - "description": "The IoT device name" - }, - { - "value": "IoTDeviceType", - "description": "The IoT device type" - }, - { - "value": "IoTDeviceVendor", - "description": "The IoT device vendor" - }, - { - "value": "IoTDeviceModel", - "description": "The IoT device model" - }, - { - "value": "IoTDeviceOperatingSystem", - "description": "The IoT device operating system" - }, - { - "value": "IPAddress", - "description": "The IP address" - }, - { - "value": "MailboxDisplayName", - "description": "The mailbox display name" - }, - { - "value": "MailboxPrimaryAddress", - "description": "The mailbox primary address" - }, - { - "value": "MailboxUPN", - "description": "The mailbox user principal name" - }, - { - "value": "MailMessageDeliveryAction", - "description": "The mail message delivery action" - }, - { - "value": "MailMessageDeliveryLocation", - "description": "The mail message delivery location" - }, - { - "value": "MailMessageRecipient", - "description": "The mail message recipient" - }, - { - "value": "MailMessageSenderIP", - "description": "The mail message sender IP address" - }, - { - "value": "MailMessageSubject", - "description": "The mail message subject" - }, - { - "value": "MailMessageP1Sender", - "description": "The mail message P1 sender" - }, - { - "value": "MailMessageP2Sender", - "description": "The mail message P2 sender" - }, - { - "value": "MalwareCategory", - "description": "The malware category" - }, - { - "value": "MalwareName", - "description": "The malware name" - }, - { - "value": "ProcessCommandLine", - "description": "The process execution command line" - }, - { - "value": "ProcessId", - "description": "The process id" - }, - { - "value": "RegistryKey", - "description": "The registry key path" - }, - { - "value": "RegistryValueData", - "description": "The registry key value in string formatted representation" - }, - { - "value": "Url", - "description": "The url" - } - ] - } - }, - "AutomationRulePropertyValuesChangedCondition": { - "type": "object", - "properties": { - "propertyName": { - "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedPropertyType" - }, - "changeType": { - "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedChangedType" - }, - "operator": { - "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" - }, - "propertyValues": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "AutomationRulePropertyValuesCondition": { - "type": "object", - "properties": { - "propertyName": { - "$ref": "#/definitions/AutomationRulePropertyConditionSupportedProperty" - }, - "operator": { - "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" - }, - "propertyValues": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "AutomationRuleRunPlaybookAction": { - "description": "Describes an automation rule action to run a playbook", - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/AutomationRuleAction" - } - ], - "properties": { - "actionConfiguration": { - "type": "object", - "$ref": "#/definitions/PlaybookActionProperties" - } - }, - "x-ms-discriminator-value": "RunPlaybook", - "x-ms-client-flatten": true - }, - "AutomationRuleTriggeringLogic": { - "description": "Describes automation rule triggering logic.", - "required": [ - "isEnabled", - "triggersOn", - "triggersWhen" - ], - "type": "object", - "properties": { - "isEnabled": { - "description": "Determines whether the automation rule is enabled or disabled.", - "type": "boolean" - }, - "expirationTimeUtc": { - "format": "date-time", - "description": "Determines when the automation rule should automatically expire and be disabled.", - "type": "string" - }, - "triggersOn": { - "$ref": "#/definitions/triggersOn" - }, - "triggersWhen": { - "$ref": "#/definitions/triggersWhen" - }, - "conditions": { - "description": "The conditions to evaluate to determine if the automation rule should be triggered on a given object.", - "maxItems": 50, - "type": "array", - "items": { - "$ref": "#/definitions/AutomationRuleCondition" - }, - "x-ms-identifiers": [ - "conditionType" - ] - } - } - }, - "AutomationRulesList": { - "type": "object", - "properties": { - "value": { - "type": "array", - "items": { - "$ref": "#/definitions/AutomationRule" - } - }, - "nextLink": { - "type": "string" - } - } - }, - "BooleanConditionProperties": { - "description": "Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions", - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/AutomationRuleCondition" - } - ], - "properties": { - "conditionProperties": { - "type": "object", - "$ref": "#/definitions/AutomationRuleBooleanCondition" - } - }, - "x-ms-discriminator-value": "Boolean", - "x-ms-client-flatten": true - }, - "ConditionType": { - "enum": [ - "Property", - "PropertyArray", - "PropertyChanged", - "PropertyArrayChanged", - "Boolean" - ], - "type": "string", - "example": "Property", - "x-ms-enum": { - "name": "ConditionType", - "modelAsString": true, - "values": [ - { - "value": "Property", - "description": "Evaluate an object property value" - }, - { - "value": "PropertyArray", - "description": "Evaluate an object array property value" - }, - { - "value": "PropertyChanged", - "description": "Evaluate an object property changed value" - }, - { - "value": "PropertyArrayChanged", - "description": "Evaluate an object array property changed value" - }, - { - "value": "Boolean", - "description": "Apply a boolean operator (e.g AND, OR) to conditions" - } - ] - } - }, - "EntityManualTriggerRequestBody": { - "description": "Describes the request body for triggering a playbook on an entity.", - "required": [ - "logicAppsResourceId" - ], - "type": "object", - "properties": { - "incidentArmId": { - "description": "The incident id to associate the entity with.", - "type": "string", - "format": "arm-id", - "x-ms-arm-id-details": { - "allowedResources": [ - { - "scopes": [ - "Extension" - ], - "type": "Microsoft.SecurityInsights/incidents" - } - ] - } - }, - "tenantId": { - "format": "uuid", - "description": "The tenant id of the playbook resource.", - "type": "string" - }, - "logicAppsResourceId": { - "description": "The resource id of the playbook resource.", - "type": "string", - "format": "arm-id", - "x-ms-arm-id-details": { - "allowedResources": [ - { - "type": "Microsoft.Logic/workflows" - }, - { - "type": "Microsoft.Web/sites" - } - ] - } - } - } - }, - "IncidentPropertiesAction": { - "type": "object", - "properties": { - "severity": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" - }, - "status": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum" - }, - "classification": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum" - }, - "classificationReason": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" - }, - "classificationComment": { - "description": "Describes the reason the incident was closed.", - "type": "string" - }, - "owner": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo" - }, - "labels": { - "description": "List of labels to add to the incident.", - "type": "array", - "x-ms-identifiers": [ - "labelName" - ], - "items": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" - } - } - } - }, - "ManualTriggerRequestBody": { - "description": "Describes the request body for triggering a playbook on an incident.", - "required": [ - "logicAppsResourceId" - ], - "type": "object", - "properties": { - "tenantId": { - "format": "uuid", - "description": "The tenant id of the playbook resource.", - "type": "string" - }, - "logicAppsResourceId": { - "description": "The resource id of the playbook resource.", - "type": "string", - "format": "arm-id", - "x-ms-arm-id-details": { - "allowedResources": [ - { - "type": "Microsoft.Logic/workflows" - }, - { - "type": "Microsoft.Web/sites" - } - ] - } - } - } - }, - "PlaybookActionProperties": { - "required": [ - "logicAppResourceId" - ], - "type": "object", - "properties": { - "logicAppResourceId": { - "description": "The resource id of the playbook resource.", - "type": "string", - "format": "arm-id", - "x-ms-arm-id-details": { - "allowedResources": [ - { - "type": "Microsoft.Logic/workflows" - }, - { - "type": "Microsoft.Web/sites" - } - ] - } - }, - "tenantId": { - "format": "uuid", - "description": "The tenant id of the playbook resource.", - "type": "string" - } - } - }, - "PropertyArrayChangedConditionProperties": { - "description": "Describes an automation rule condition that evaluates an array property's value change", - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/AutomationRuleCondition" - } - ], - "properties": { - "conditionProperties": { - "type": "object", - "$ref": "#/definitions/AutomationRulePropertyArrayChangedValuesCondition" - } - }, - "x-ms-discriminator-value": "PropertyArrayChanged", - "x-ms-client-flatten": true - }, - "PropertyArrayConditionProperties": { - "description": "Describes an automation rule condition that evaluates an array property's value", - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/AutomationRuleCondition" - } - ], - "properties": { - "conditionProperties": { - "type": "object", - "$ref": "#/definitions/AutomationRulePropertyArrayValuesCondition" - } - }, - "x-ms-discriminator-value": "PropertyArray", - "x-ms-client-flatten": true - }, - "PropertyChangedConditionProperties": { - "description": "Describes an automation rule condition that evaluates a property's value change", - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/AutomationRuleCondition" - } - ], - "properties": { - "conditionProperties": { - "type": "object", - "$ref": "#/definitions/AutomationRulePropertyValuesChangedCondition" - } - }, - "x-ms-discriminator-value": "PropertyChanged", - "x-ms-client-flatten": true - }, - "PropertyConditionProperties": { - "description": "Describes an automation rule condition that evaluates a property's value", - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/AutomationRuleCondition" - } - ], - "properties": { - "conditionProperties": { - "type": "object", - "$ref": "#/definitions/AutomationRulePropertyValuesCondition" - } - }, - "x-ms-discriminator-value": "Property", - "x-ms-client-flatten": true - }, - "triggersOn": { - "enum": [ - "Incidents", - "Alerts" - ], - "type": "string", - "example": "Incidents", - "x-ms-enum": { - "name": "triggersOn", - "modelAsString": true, - "values": [ - { - "value": "Incidents", - "description": "Trigger on Incidents" - }, - { - "value": "Alerts", - "description": "Trigger on Alerts" - } - ] - } - }, - "triggersWhen": { - "enum": [ - "Created", - "Updated" - ], - "type": "string", - "example": "Created", - "x-ms-enum": { - "name": "triggersWhen", - "modelAsString": true, - "values": [ - { - "value": "Created", - "description": "Trigger on created objects" - }, - { - "value": "Updated", - "description": "Trigger on updated objects" - } - ] - } - } - }, - "parameters": { - "AutomationRule": { - "name": "automationRule", - "description": "The automation rule", - "required": true, - "in": "body", - "x-ms-parameter-location": "method", - "schema": { - "$ref": "#/definitions/AutomationRule" - } - }, - "AutomationRuleId": { - "in": "path", - "name": "automationRuleId", - "description": "Automation rule ID", - "required": true, - "x-ms-parameter-location": "method", - "type": "string" - } - }, - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "flow": "implicit", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "scopes": { - "user_impersonation": "impersonate your user account" - }, - "description": "Azure Active Directory OAuth2 Flow" - } - }, - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "host": "management.azure.com", - "schemes": [ - "https" - ], - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ] -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Bookmarks.json deleted file mode 100644 index d93b03cf4583..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Bookmarks.json +++ /dev/null @@ -1,355 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { - "get": { - "x-ms-examples": { - "Get all bookmarks.": { - "$ref": "./examples/bookmarks/GetBookmarks.json" - } - }, - "tags": [ - "Bookmarks" - ], - "description": "Gets all bookmarks.", - "operationId": "Bookmarks_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/BookmarkList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}": { - "get": { - "x-ms-examples": { - "Get a bookmark.": { - "$ref": "./examples/bookmarks/GetBookmarkById.json" - } - }, - "tags": [ - "Bookmarks" - ], - "description": "Gets a bookmark.", - "operationId": "Bookmarks_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/BookmarkId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/Bookmark" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates a bookmark.": { - "$ref": "./examples/bookmarks/CreateBookmark.json" - } - }, - "tags": [ - "Bookmarks" - ], - "description": "Creates or updates the bookmark.", - "operationId": "Bookmarks_CreateOrUpdate", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/BookmarkId" - }, - { - "$ref": "#/parameters/Bookmark" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/Bookmark" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/Bookmark" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete a bookmark.": { - "$ref": "./examples/bookmarks/DeleteBookmark.json" - } - }, - "tags": [ - "Bookmarks" - ], - "description": "Delete the bookmark.", - "operationId": "Bookmarks_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/BookmarkId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "Bookmark": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Represents a bookmark in Azure Security Insights.", - "properties": { - "properties": { - "$ref": "#/definitions/BookmarkProperties", - "description": "Bookmark properties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "BookmarkList": { - "description": "List all the bookmarks.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of cases.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of bookmarks.", - "items": { - "$ref": "#/definitions/Bookmark" - }, - "type": "array" - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "BookmarkProperties": { - "description": "Describes bookmark properties", - "properties": { - "created": { - "description": "The time the bookmark was created", - "format": "date-time", - "type": "string" - }, - "createdBy": { - "$ref": "./common/2.0/types.json#/definitions/UserInfo", - "description": "Describes a user that created the bookmark", - "type": "object" - }, - "displayName": { - "description": "The display name of the bookmark", - "type": "string" - }, - "labels": { - "description": "List of labels relevant to this bookmark", - "items": { - "$ref": "./common/2.0/types.json#/definitions/Label" - }, - "type": "array" - }, - "notes": { - "description": "The notes of the bookmark", - "type": "string" - }, - "query": { - "description": "The query of the bookmark.", - "type": "string" - }, - "queryResult": { - "description": "The query result of the bookmark.", - "type": "string" - }, - "updated": { - "description": "The last time the bookmark was updated", - "format": "date-time", - "type": "string" - }, - "updatedBy": { - "$ref": "./common/2.0/types.json#/definitions/UserInfo", - "description": "Describes a user that updated the bookmark", - "type": "object" - }, - "eventTime": { - "description": "The bookmark event time", - "format": "date-time", - "type": "string" - }, - "queryStartTime": { - "description": "The start time for the query", - "format": "date-time", - "type": "string" - }, - "queryEndTime": { - "description": "The end time for the query", - "format": "date-time", - "type": "string" - }, - "incidentInfo": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentInfo", - "description": "Describes an incident that relates to bookmark", - "type": "object" - } - }, - "required": [ - "displayName", - "query" - ], - "type": "object" - } - }, - "parameters": { - "Bookmark": { - "description": "The bookmark", - "in": "body", - "name": "bookmark", - "required": true, - "schema": { - "$ref": "#/definitions/Bookmark" - }, - "x-ms-parameter-location": "method" - }, - "BookmarkId": { - "description": "Bookmark ID", - "in": "path", - "name": "bookmarkId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentPackages.json deleted file mode 100644 index 0b28f05876ca..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentPackages.json +++ /dev/null @@ -1,319 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages": { - "get": { - "x-ms-examples": { - "Get all available packages.": { - "$ref": "./examples/contentPackages/GetPackages.json" - } - }, - "tags": [ - "ContentPackages" - ], - "description": "Gets all installed packages.", - "operationId": "ContentPackages_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataFilter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataOrderBy" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSearch" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataCount" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataTop" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkip" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkipToken" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/packageList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}": { - "get": { - "x-ms-examples": { - "Get installed packages by id.": { - "$ref": "./examples/contentPackages/GetPackageById.json" - } - }, - "tags": [ - "ContentPackages" - ], - "description": "Gets an installed packages by its id.", - "operationId": "ContentPackages_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/PackageIdParameter" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/packageModel" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Install a package to the workspace.": { - "$ref": "./examples/contentPackages/InstallPackage.json" - } - }, - "tags": [ - "ContentPackages" - ], - "description": "Install a package to the workspace.", - "operationId": "ContentPackage_Install", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/PackageIdParameter" - }, - { - "$ref": "#/parameters/PackageInstallationProperties" - } - ], - "responses": { - "200": { - "description": "OK, a package is updated.", - "schema": { - "$ref": "#/definitions/packageModel" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/packageModel" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Uninstall a package from the workspace.": { - "$ref": "./examples/contentPackages/UninstallPackage.json" - } - }, - "tags": [ - "ContentPackages" - ], - "description": "Uninstall a package from the workspace.", - "operationId": "ContentPackage_Uninstall", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/PackageIdParameter" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "packageList": { - "description": "List available packages.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of packages.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of packages.", - "items": { - "$ref": "#/definitions/packageModel" - }, - "type": "array" - } - }, - "required": [ - "value" - ], - "type": "object" - }, - "packageModel": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Represents a Package in Azure Security Insights.", - "properties": { - "properties": { - "description": "package properties", - "$ref": "#/definitions/packageProperties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "packageProperties": { - "description": "Describes package properties", - "allOf": [ - { - "$ref": "./common/ContentCommonTypes.json#/definitions/packageBaseProperties" - } - ], - "required": [ - "contentId", - "contentProductId", - "contentKind", - "version", - "displayName" - ], - "type": "object" - } - }, - "parameters": { - "PackageIdParameter": { - "description": "package Id", - "in": "path", - "name": "packageId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "PackageInstallationProperties": { - "description": "Package installation properties", - "in": "body", - "name": "packageInstallationProperties", - "required": true, - "schema": { - "$ref": "#/definitions/packageModel" - }, - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentProductPackages.json deleted file mode 100644 index 74a88f8a06ed..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentProductPackages.json +++ /dev/null @@ -1,235 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages": { - "get": { - "x-ms-examples": { - "Get all available packages.": { - "$ref": "./examples/contentPackages/GetProductPackages.json" - } - }, - "tags": [ - "ContentProductPackages" - ], - "description": "Gets all packages from the catalog.\nExpandable properties:\n- properties/installed\n- properties/packagedContent", - "operationId": "ProductPackages_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataFilter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataOrderBy" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataTop" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkipToken" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSearch" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/productPackageList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}": { - "get": { - "x-ms-examples": { - "Get a package.": { - "$ref": "./examples/contentPackages/GetProductPackageById.json" - } - }, - "tags": [ - "ContentProductPackages" - ], - "description": "Gets a package by its identifier from the catalog.", - "operationId": "ProductPackage_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/PackageIdParameter" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/productPackageModel" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "productPackageList": { - "description": "List available packages.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of packages.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of packages.", - "items": { - "$ref": "#/definitions/productPackageModel" - }, - "type": "array" - } - }, - "required": [ - "value" - ], - "type": "object" - }, - "productPackageModel": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Represents a Package in Azure Security Insights.", - "properties": { - "properties": { - "description": "package properties", - "$ref": "#/definitions/productPackageProperties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "productPackageProperties": { - "description": "Describes package properties", - "allOf": [ - { - "$ref": "./common/ContentCommonTypes.json#/definitions/packageBaseProperties", - "description": "The content id of the package" - }, - { - "$ref": "#/definitions/productPackageAdditionalProperties", - "description": "The package kind" - } - ], - "required": [ - "contentId", - "contentKind", - "version", - "displayName" - ], - "type": "object" - }, - "productPackageAdditionalProperties": { - "description": "product package additional properties", - "properties": { - "installedVersion": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", - "description": "The version of the installed package, null or absent means not installed." - }, - "metadataResourceId": { - "description": "The metadata resource id.", - "type": "string", - "format": "arm-id" - }, - "packagedContent": { - "$ref": "#/definitions/packagedContent", - "description": "The json of the ARM template to deploy. Expandable." - } - }, - "type": "object" - }, - "packagedContent": { - "type": "object", - "description": "The json of the ARM template to deploy" - } - }, - "parameters": { - "PackageIdParameter": { - "description": "package Id", - "in": "path", - "name": "packageId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentProductTemplates.json deleted file mode 100644 index 64bd560553d6..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentProductTemplates.json +++ /dev/null @@ -1,226 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates": { - "get": { - "x-ms-examples": { - "Get all installed templates.": { - "$ref": "./examples/contentTemplates/GetProductTemplates.json" - } - }, - "tags": [ - "ContentProductTemplates" - ], - "description": "Gets all templates in the catalog.", - "operationId": "ProductTemplates_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataFilter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataOrderBy" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSearch" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataCount" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataTop" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkip" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkipToken" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/productTemplateList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}": { - "get": { - "x-ms-examples": { - "Get a template.": { - "$ref": "./examples/contentTemplates/GetProductTemplateById.json" - } - }, - "tags": [ - "ContentProductTemplates" - ], - "description": "Gets a template by its identifier.", - "operationId": "ProductTemplate_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/templateIdParameter" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/productTemplateModel" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "productTemplateList": { - "description": "List of all the template.", - "type": "object", - "properties": { - "value": { - "description": "Array of templates.", - "items": { - "$ref": "#/definitions/productTemplateModel" - }, - "type": "array" - }, - "nextLink": { - "description": "URL to fetch the next page of template.", - "readOnly": true, - "type": "string" - } - }, - "required": [ - "value" - ] - }, - "productTemplateModel": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Template resource definition.", - "properties": { - "properties": { - "description": "template properties", - "$ref": "#/definitions/productTemplateProperties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "productTemplateProperties": { - "allOf": [ - { - "$ref": "./common/ContentCommonTypes.json#/definitions/templateBaseProperties" - }, - { - "$ref": "#/definitions/productTemplateAdditionalProperties" - } - ], - "description": "Template property bag.", - "required": [ - "contentId", - "version", - "displayName", - "contentKind", - "source" - ] - }, - "productTemplateAdditionalProperties": { - "description": "additional properties of product template.", - "type": "object", - "properties": { - "packagedContent": { - "type": "object", - "description": "The json of the ARM template to deploy" - } - } - } - }, - "parameters": { - "templateIdParameter": { - "description": "template Id", - "in": "path", - "name": "templateId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentTemplates.json deleted file mode 100644 index f600c98f06ec..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ContentTemplates.json +++ /dev/null @@ -1,353 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates": { - "get": { - "x-ms-examples": { - "Get all installed templates.": { - "$ref": "./examples/contentTemplates/GetTemplates.json" - } - }, - "tags": [ - "ContentTemplates" - ], - "description": "Gets all installed templates.\nExpandable properties:\n- properties/mainTemplate\n- properties/dependantTemplates", - "operationId": "ContentTemplates_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataFilter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataOrderBy" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataExpand" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSearch" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataCount" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataTop" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkip" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkipToken" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/templateList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}": { - "put": { - "x-ms-examples": { - "Get a template.": { - "$ref": "./examples/contentTemplates/InstallTemplate.json" - } - }, - "tags": [ - "ContentTemplates" - ], - "description": "Install a template.", - "operationId": "ContentTemplate_Install", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/templateIdParameter" - }, - { - "$ref": "#/parameters/templateInstallationProperties" - } - ], - "responses": { - "200": { - "description": "OK, a template is updated.", - "schema": { - "$ref": "#/definitions/templateModel" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/templateModel" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "get": { - "x-ms-examples": { - "Get a template.": { - "$ref": "./examples/contentTemplates/GetTemplateById.json" - } - }, - "tags": [ - "ContentTemplates" - ], - "description": "Gets a template byt its identifier.\nExpandable properties:\n- properties/mainTemplate\n- properties/dependantTemplates", - "operationId": "ContentTemplate_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/templateIdParameter" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/templateModel" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete metadata.": { - "$ref": "./examples/contentTemplates/DeleteTemplate.json" - } - }, - "tags": [ - "ContentTemplates" - ], - "description": "Delete an installed template.", - "operationId": "ContentTemplate_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/templateIdParameter" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "templateList": { - "description": "List of all the template.", - "type": "object", - "properties": { - "value": { - "description": "Array of templates.", - "items": { - "$ref": "#/definitions/templateModel" - }, - "type": "array" - }, - "nextLink": { - "description": "URL to fetch the next page of template.", - "readOnly": true, - "type": "string" - } - }, - "required": [ - "value" - ] - }, - "templateModel": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Template resource definition.", - "properties": { - "properties": { - "description": "template properties", - "$ref": "#/definitions/templateProperties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "templateProperties": { - "allOf": [ - { - "$ref": "./common/ContentCommonTypes.json#/definitions/templateBaseProperties" - }, - { - "$ref": "#/definitions/templateAdditionalProperties" - } - ], - "description": "Template property bag.", - "required": [ - "contentId", - "version", - "displayName", - "contentKind", - "source", - "packageId", - "packageVersion", - "contentProductId" - ], - "type": "object" - }, - "templateAdditionalProperties": { - "description": "additional properties of product template.", - "type": "object", - "properties": { - "mainTemplate": { - "$ref": "#/definitions/mainTemplate", - "description": "The JSON of the ARM template to deploy active content. Expandable." - }, - "dependantTemplates": { - "type": "array", - "items": { - "$ref": "#/definitions/templateProperties" - }, - "description": "Dependant templates. Expandable.", - "readOnly": true, - "x-ms-identifiers": [ - "contentId" - ] - } - } - }, - "mainTemplate": { - "description": "The JSON of the ARM template to deploy active content", - "type": "object" - } - }, - "parameters": { - "templateIdParameter": { - "description": "template Id", - "in": "path", - "name": "templateId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "templateInstallationProperties": { - "description": "Template installation properties", - "in": "body", - "name": "templateInstallationProperties", - "required": true, - "schema": { - "$ref": "#/definitions/templateModel" - }, - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/DataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/DataConnectors.json deleted file mode 100644 index 6a53e8bd4ef7..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/DataConnectors.json +++ /dev/null @@ -1,1882 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { - "get": { - "x-ms-examples": { - "Get all data connectors.": { - "$ref": "./examples/dataConnectors/GetDataConnectors.json" - } - }, - "tags": [ - "Data Connectors" - ], - "description": "Gets all data connectors.", - "operationId": "DataConnectors_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/DataConnectorList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { - "get": { - "x-ms-examples": { - "Get an Office365 data connector.": { - "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" - }, - "Get a TI data connector.": { - "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" - }, - "Get a MCAS data connector.": { - "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" - }, - "Get a ASC data connector.": { - "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" - }, - "Get an AAD data connector.": { - "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" - }, - "Get an AwsCloudTrail data connector.": { - "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" - }, - "Get an AATP data connector.": { - "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" - }, - "Get a MDATP data connector": { - "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" - }, - "Get a RestApiPoller data connector": { - "$ref": "./examples/dataConnectors/GetRestApiPollerById.json" - }, - "Get a MicrosoftThreatIntelligence data connector": { - "$ref": "./examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json" - }, - "Get a PremiumMicrosoftDefenderForThreatIntelligence data connector": { - "$ref": "./examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json" - } - }, - "tags": [ - "Data Connectors" - ], - "description": "Gets a data connector.", - "operationId": "DataConnectors_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/DataConnectorId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/DataConnector" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-azure-resource": true, - "x-ms-examples": { - "Creates or updates an Office365 data connector.": { - "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" - }, - "Creates or updates an Threat Intelligence Platform data connector.": { - "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" - }, - "Creates or updates a MicrosoftThreatIntelligence data connector.": { - "$ref": "./examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json" - }, - "Creates or updates a PremiumMicrosoftDefenderForThreatIntelligence data connector.": { - "$ref": "./examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json" - } - }, - "tags": [ - "Data Connectors" - ], - "description": "Creates or updates the data connector.", - "operationId": "DataConnectors_CreateOrUpdate", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/DataConnectorId" - }, - { - "$ref": "#/parameters/DataConnector" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/DataConnector" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/DataConnector" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete an Office365 data connector.": { - "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" - }, - "Delete an MicrosoftThreatIntelligence data connector": { - "$ref": "./examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json" - }, - "Deletes a PremiumMicrosoftDefenderForThreatIntelligence data connector.": { - "$ref": "./examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json" - } - }, - "tags": [ - "Data Connectors" - ], - "description": "Delete the data connector.", - "operationId": "DataConnectors_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/DataConnectorId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "AADDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents Microsoft Entra ID data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/AADDataConnectorProperties", - "description": "Microsoft Entra ID data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "AzureActiveDirectory" - }, - "AADDataConnectorProperties": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorTenantId" - }, - { - "$ref": "#/definitions/DataConnectorWithAlertsProperties" - } - ], - "description": "Microsoft Entra ID data connector properties.", - "type": "object" - }, - "AATPDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/AATPDataConnectorProperties", - "description": "AATP (Azure Advanced Threat Protection) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "AzureAdvancedThreatProtection" - }, - "AATPDataConnectorProperties": { - "description": "AATP (Azure Advanced Threat Protection) data connector properties.", - "allOf": [ - { - "$ref": "#/definitions/DataConnectorTenantId" - }, - { - "$ref": "#/definitions/DataConnectorWithAlertsProperties" - } - ], - "type": "object" - }, - "ASCDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents ASC (Azure Security Center) data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/ASCDataConnectorProperties", - "description": "ASC (Azure Security Center) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "AzureSecurityCenter" - }, - "ASCDataConnectorProperties": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorWithAlertsProperties" - } - ], - "description": "ASC (Azure Security Center) data connector properties.", - "properties": { - "subscriptionId": { - "description": "The subscription id to connect to, and get the data from.", - "type": "string" - } - }, - "type": "object" - }, - "AlertsDataTypeOfDataConnector": { - "description": "Alerts data type for data connectors.", - "properties": { - "alerts": { - "$ref": "#/definitions/DataConnectorDataTypeCommon", - "description": "Alerts data type connection.", - "type": "object" - } - }, - "required": [ - "alerts" - ], - "type": "object" - }, - "AwsCloudTrailDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents Amazon Web Services CloudTrail data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", - "description": "Amazon Web Services CloudTrail data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" - }, - "AwsCloudTrailDataConnectorDataTypes": { - "description": "The available data types for Amazon Web Services CloudTrail data connector.", - "properties": { - "logs": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "Logs data type.", - "type": "object" - } - }, - "required": [ - "logs" - ], - "type": "object" - }, - "AwsCloudTrailDataConnectorProperties": { - "description": "Amazon Web Services CloudTrail data connector properties.", - "properties": { - "awsRoleArn": { - "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.", - "type": "string" - }, - "dataTypes": { - "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", - "description": "The available data types for the connector." - } - }, - "required": [ - "dataTypes" - ], - "type": "object" - }, - "RestApiPollerDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents Rest Api Poller data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/RestApiPollerDataConnectorProperties", - "description": "Rest Api Poller data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "RestApiPoller" - }, - "RestApiPollerDataConnectorProperties": { - "description": "Rest Api Poller data connector properties.", - "properties": { - "connectorDefinitionName": { - "description": "The connector definition name (the dataConnectorDefinition resource id).", - "type": "string" - }, - "auth": { - "description": "The a authentication model.", - "$ref": "#/definitions/CcpAuthConfig" - }, - "request": { - "description": "The request configuration.", - "$ref": "#/definitions/RestApiPollerRequestConfig" - }, - "dcrConfig": { - "description": "The DCR related properties.", - "$ref": "#/definitions/DCRConfiguration" - }, - "isActive": { - "description": "Indicates whether the connector is active or not.", - "type": "boolean" - }, - "dataType": { - "description": "The Log Analytics table destination.", - "type": "string" - }, - "response": { - "description": "The response configuration.", - "$ref": "#/definitions/CcpResponseConfig" - }, - "paging": { - "description": "The paging configuration.", - "$ref": "#/definitions/RestApiPollerRequestPagingConfig" - }, - "addOnAttributes": { - "description": "The add on attributes. The key name will become attribute name (a column) and the value will become the attribute value in the payload.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "type": "object", - "required": [ - "connectorDefinitionName", - "auth", - "request" - ] - }, - "RestApiPollerRequestConfig": { - "type": "object", - "description": "The request configuration.", - "properties": { - "apiEndpoint": { - "description": "The API endpoint.", - "type": "string" - }, - "rateLimitQPS": { - "description": "The Rate limit queries per second for the request..", - "type": "integer", - "x-nullable": true, - "format": "int32" - }, - "queryWindowInMin": { - "description": "The query window in minutes for the request.", - "type": "integer", - "x-nullable": true, - "format": "int32" - }, - "httpMethod": { - "description": "The HTTP method, default value GET.", - "enum": [ - "GET", - "POST", - "PUT", - "DELETE" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "httpMethodVerb" - } - }, - "queryTimeFormat": { - "description": "The query time format. A remote server can have a query to pull data from range 'start' to 'end'. This property indicate what is the expected time format the remote server know to parse.", - "example": "UnixTimestamp, UnixTimestampInMills, or more specific formats, for example: yyyy-MM-ddTHH:mm:ssZ", - "type": "string" - }, - "retryCount": { - "description": "The retry count.", - "type": "integer", - "x-nullable": true, - "format": "int32" - }, - "timeoutInSeconds": { - "description": "The timeout in seconds.", - "type": "integer", - "x-nullable": true, - "format": "int32" - }, - "isPostPayloadJson": { - "description": "Flag to indicate if HTTP POST payload is in JSON format (vs form-urlencoded).", - "type": "boolean", - "x-nullable": true - }, - "headers": { - "description": "The header for the request for the remote server.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "queryParameters": { - "description": "The HTTP query parameters to RESTful API.", - "type": "object", - "additionalProperties": {} - }, - "queryParametersTemplate": { - "description": "the query parameters template. Defines the query parameters template to use when passing query parameters in advanced scenarios.", - "type": "string" - }, - "startTimeAttributeName": { - "description": "The query parameter name which the remote server expect to start query. This property goes hand to hand with `endTimeAttributeName`.", - "type": "string" - }, - "endTimeAttributeName": { - "description": "The query parameter name which the remote server expect to end query. This property goes hand to hand with `startTimeAttributeName`", - "type": "string" - }, - "queryTimeIntervalAttributeName": { - "description": "The query parameter name which we need to send the server for query logs in time interval. Should be defined with `queryTimeIntervalPrepend` and `queryTimeIntervalDelimiter`", - "type": "string" - }, - "queryTimeIntervalPrepend": { - "description": "The string prepend to the value of the query parameter in `queryTimeIntervalAttributeName`.", - "type": "string" - }, - "queryTimeIntervalDelimiter": { - "description": "The delimiter string between 2 QueryTimeFormat in the query parameter `queryTimeIntervalAttributeName`.", - "type": "string" - } - }, - "required": [ - "apiEndpoint" - ] - }, - "RestApiPollerRequestPagingKind": { - "type": "string", - "enum": [ - "LinkHeader", - "NextPageToken", - "NextPageUrl", - "PersistentToken", - "PersistentLinkHeader", - "Offset", - "CountBasedPaging" - ], - "description": "Type of paging", - "x-ms-enum": { - "modelAsString": true, - "name": "RestApiPollerRequestPagingKind", - "values": [ - { - "value": "LinkHeader" - }, - { - "value": "NextPageToken" - }, - { - "value": "NextPageUrl" - }, - { - "value": "PersistentToken" - }, - { - "value": "PersistentLinkHeader" - }, - { - "value": "Offset" - }, - { - "value": "CountBasedPaging" - } - ] - } - }, - "RestApiPollerRequestPagingConfig": { - "description": "The request paging configuration.", - "type": "object", - "properties": { - "pagingType": { - "type": "string", - "$ref": "#/definitions/RestApiPollerRequestPagingKind", - "description": "Type of paging" - }, - "pageSize": { - "type": "integer", - "description": "Page size", - "format": "int32" - }, - "pageSizeParameterName": { - "type": "string", - "description": "Page size parameter name" - } - }, - "x-ms-discriminator": { - "propertyName": "pagingType", - "mapping": { - "LinkHeader": "#/components/schemas/RestApiPollerRequestPagingLinkHeaderConfig", - "NextPageToken": "#/components/schemas/RestApiPollerRequestPagingTokenConfig", - "NextPageUrl": "#/components/schemas/RestApiPollerRequestPagingNextPageUrlConfig", - "PersistentToken": "#/components/schemas/RestApiPollerRequestPagingTokenConfig", - "PersistentLinkHeader": "#/components/schemas/RestApiPollerRequestPagingLinkHeaderConfig", - "Offset": "#/components/schemas/RestApiPollerRequestPagingOffsetConfig", - "CountBasedPaging": "#/components/schemas/RestApiPollerRequestPagingCountBaseConfig" - } - }, - "required": [ - "pagingType" - ] - }, - "RestApiPollerRequestPagingLinkHeaderConfig": { - "description": "The request paging configuration for LinkHeader and PersistentLinkHeader paging type parameters.", - "allOf": [ - { - "$ref": "#/definitions/RestApiPollerRequestPagingConfig" - } - ], - "type": "object", - "properties": { - "linkHeaderTokenJsonPath": { - "type": "string", - "description": "JSON path of link header token in HTTP response payload" - }, - "linkHeaderRelLinkName": { - "type": "string", - "description": "Rel link name from the link header" - } - } - }, - "RestApiPollerRequestPagingTokenConfig": { - "allOf": [ - { - "$ref": "#/definitions/RestApiPollerRequestPagingConfig" - } - ], - "description": "The request paging configuration for NextPageToken and PersistentToken paging type parameters.", - "type": "object", - "properties": { - "nextPageTokenJsonPath": { - "type": "string", - "description": "JSON path of next page token in HTTP response payload" - }, - "hasNextFlagJsonPath": { - "type": "string", - "description": "JSON path of flag in HTTP response payload to indicate more pages" - }, - "nextPageTokenResponseHeader": { - "type": "string", - "description": "HTTP response header name of next page token" - }, - "nextPageParaName": { - "type": "string", - "description": "Next page parameter name in HTTP request" - }, - "nextPageRequestHeader": { - "type": "string", - "description": "Next page header name in the request" - } - } - }, - "RestApiPollerRequestPagingNextPageUrlConfig": { - "allOf": [ - { - "$ref": "#/definitions/RestApiPollerRequestPagingConfig" - } - ], - "description": "The request paging configuration for NextPageUrl paging type parameters.", - "type": "object", - "properties": { - "nextPageUrl": { - "type": "string", - "description": "Next page URL" - }, - "nextPageUrlQueryParameters": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "Query parameters of next page URL" - }, - "nextPageUrlQueryParametersTemplate": { - "type": "string", - "description": "Paging query parameters in string template format" - }, - "nextPageParaName": { - "type": "string", - "description": "Next page parameter name in HTTP request" - }, - "nextPageRequestHeader": { - "type": "string", - "description": "Next page header name in the request" - }, - "hasNextFlagJsonPath": { - "type": "string", - "description": "JSON path of flag in HTTP response payload to indicate more pages" - } - } - }, - "RestApiPollerRequestPagingOffsetConfig": { - "allOf": [ - { - "$ref": "#/definitions/RestApiPollerRequestPagingConfig" - } - ], - "description": "The request paging configuration for Offset paging type parameters.", - "type": "object", - "properties": { - "offsetParaName": { - "type": "string", - "description": "Offset parameter name in HTTP request" - } - } - }, - "RestApiPollerRequestPagingCountBaseConfig": { - "allOf": [ - { - "$ref": "#/definitions/RestApiPollerRequestPagingConfig" - } - ], - "description": "The request paging configuration for Count base paging type parameters.", - "type": "object", - "properties": { - "zeroBasedIndexing": { - "type": "boolean", - "description": "Indicates whether the count is zero based" - }, - "pageCountJsonPath": { - "type": "string", - "description": "JSON path of page count in HTTP response payload" - }, - "pageNumberParaName": { - "type": "string", - "description": "Parameter name of page number in HTTP request" - }, - "pageNumberJsonPath": { - "type": "string", - "description": "JSON path of page number in HTTP response payload" - }, - "totalResultsJsonPath": { - "type": "string", - "description": "JSON path of total number of results in HTTP response payload" - } - } - }, - "DCRConfiguration": { - "description": "The configuration of the destination of the data.", - "properties": { - "dataCollectionEndpoint": { - "description": "Represents the data collection ingestion endpoint in log analytics.", - "type": "string" - }, - "dataCollectionRuleImmutableId": { - "description": "The data collection rule immutable id, the rule defines the transformation and data destination.", - "type": "string" - }, - "streamName": { - "description": "The stream we are sending the data to.", - "type": "string" - } - }, - "type": "object", - "required": [ - "dataCollectionEndpoint", - "dataCollectionRuleImmutableId", - "streamName" - ] - }, - "CcpAuthType": { - "type": "string", - "enum": [ - "Basic", - "APIKey", - "OAuth2", - "AWS", - "GCP", - "Session", - "JwtToken", - "GitHub", - "ServiceBus", - "Oracle", - "None" - ], - "description": "Type of paging", - "x-ms-enum": { - "modelAsString": true, - "name": "CcpAuthType", - "values": [ - { - "value": "Basic" - }, - { - "value": "APIKey" - }, - { - "value": "OAuth2" - }, - { - "value": "AWS" - }, - { - "value": "GCP" - }, - { - "value": "Session" - }, - { - "value": "JwtToken" - }, - { - "value": "GitHub" - }, - { - "value": "ServiceBus" - }, - { - "value": "Oracle" - }, - { - "value": "None" - } - ] - } - }, - "CcpAuthConfig": { - "description": "Base Model for API authentication.", - "properties": { - "type": { - "description": "The auth type", - "$ref": "#/definitions/CcpAuthType", - "type": "string" - } - }, - "type": "object", - "required": [ - "type" - ], - "discriminator": "type" - }, - "ApiKeyAuthModel": { - "description": "Model for authentication with the API Key. Will result in additional header on the request (default behavior) to the remote server: 'ApiKeyName: ApiKeyIdentifier ApiKey'. If 'IsApiKeyInPostPayload' is true it will send it in the body of the request and not the header.", - "example": "ApiKey = placeholderApiKey, ApiKeyName = 'Authorization', ApiKeyIdentifier = 'token', IsApiKeyInPostPayload = false. will result in a new header on the request: 'Authorization: token placeholderApiKey'", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "type": "object", - "properties": { - "apiKey": { - "type": "string", - "description": "API Key for the user secret key credential", - "x-secret": true - }, - "apiKeyName": { - "type": "string", - "description": "API Key name" - }, - "apiKeyIdentifier": { - "type": "string", - "description": "API Key Identifier" - }, - "isApiKeyInPostPayload": { - "type": "boolean", - "description": "Flag to indicate if API key is set in HTTP POST payload" - } - }, - "required": [ - "apiKey", - "apiKeyName" - ], - "x-ms-discriminator-value": "APIKey" - }, - "AWSAuthModel": { - "description": "Model for API authentication with AWS.", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "type": "object", - "properties": { - "roleArn": { - "type": "string", - "description": "AWS STS assume role ARN", - "example": "arn:aws:iam::123456789012:role/your-role-name" - }, - "externalId": { - "type": "string", - "description": "AWS STS assume role external ID. This is used to prevent the confused deputy problem: 'https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html'" - } - }, - "required": [ - "roleArn" - ], - "x-ms-discriminator-value": "AWS" - }, - "BasicAuthModel": { - "description": "Model for API authentication with basic flow - user name + password.", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "type": "object", - "properties": { - "userName": { - "type": "string", - "description": "The user name." - }, - "password": { - "type": "string", - "description": "The password", - "x-secret": true - } - }, - "required": [ - "userName", - "password" - ], - "x-ms-discriminator-value": "Basic" - }, - "GCPAuthModel": { - "description": "Model for API authentication for all GCP kind connectors.", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "type": "object", - "properties": { - "serviceAccountEmail": { - "type": "string", - "description": "GCP Service Account Email" - }, - "projectNumber": { - "type": "string", - "description": "GCP Project Number" - }, - "workloadIdentityProviderId": { - "type": "string", - "description": "GCP Workload Identity Provider ID" - } - }, - "required": [ - "serviceAccountEmail", - "projectNumber", - "workloadIdentityProviderId" - ], - "x-ms-discriminator-value": "GCP" - }, - "GenericBlobSbsAuthModel": { - "description": "Model for API authentication for working with service bus or storage account.", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "type": "object", - "properties": { - "credentialsConfig": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "Credentials for service bus namespace, keyvault uri for access key" - }, - "storageAccountCredentialsConfig": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "Credentials for storage account, keyvault uri for access key" - } - }, - "x-ms-discriminator-value": "ServiceBus" - }, - "GitHubAuthModel": { - "description": "Model for API authentication for GitHub. For this authentication first we need to approve the Router app (Microsoft Security DevOps) to access the GitHub account, Then we only need the InstallationId to get the access token from https://api.github.com/app/installations/{installId}/access_tokens.", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "type": "object", - "properties": { - "installationId": { - "type": "string", - "description": "The GitHubApp auth installation id." - } - }, - "x-ms-discriminator-value": "GitHub" - }, - "NoneAuthModel": { - "description": "Model for API authentication with no authentication method - public API.", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "type": "object", - "x-ms-discriminator-value": "None" - }, - "JwtAuthModel": { - "description": "Model for API authentication with JWT. Simple exchange between user name + password to access token.", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "properties": { - "tokenEndpoint": { - "type": "string", - "description": "Token endpoint to request JWT" - }, - "userName": { - "description": "The user name. If user name and password sent in header request we only need to populate the `value` property with the user name (Same as basic auth). If user name and password sent in body request we need to specify the `Key` and `Value`.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "password": { - "description": "The password", - "type": "object", - "additionalProperties": { - "type": "string" - }, - "x-secret": true - }, - "queryParameters": { - "description": "The custom query parameter we want to add once we send request to token endpoint.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "headers": { - "description": "The custom headers we want to add once we send request to token endpoint.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "isCredentialsInHeaders": { - "type": "boolean", - "x-nullable": true, - "description": "Flag indicating whether we want to send the user name and password to token endpoint in the headers." - }, - "isJsonRequest": { - "type": "boolean", - "x-nullable": true, - "default": false, - "description": "Flag indicating whether the body request is JSON (header Content-Type = application/json), meaning its a Form URL encoded request (header Content-Type = application/x-www-form-urlencoded)." - }, - "requestTimeoutInSeconds": { - "type": "integer", - "format": "int32", - "default": 100, - "maximum": 180, - "description": "Request timeout in seconds." - } - }, - "type": "object", - "x-ms-discriminator-value": "JwtToken", - "required": [ - "tokenEndpoint", - "userName", - "password" - ] - }, - "OAuthModel": { - "description": "Model for API authentication with OAuth2.", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "properties": { - "authorizationCode": { - "type": "string", - "description": "The user's authorization code.", - "x-secret": true - }, - "clientSecret": { - "type": "string", - "description": "The Application (client) secret that the OAuth provider assigned to your app.", - "x-secret": true - }, - "clientId": { - "type": "string", - "description": "The Application (client) ID that the OAuth provider assigned to your app." - }, - "isCredentialsInHeaders": { - "type": "boolean", - "x-nullable": true, - "default": false, - "description": "Indicating whether we want to send the clientId and clientSecret to token endpoint in the headers." - }, - "scope": { - "type": "string", - "description": "The Application (client) Scope that the OAuth provider assigned to your app." - }, - "redirectUri": { - "type": "string", - "format": "uri", - "description": "The Application redirect url that the user config in the OAuth provider." - }, - "grantType": { - "type": "string", - "description": "The grant type, usually will be 'authorization code'." - }, - "tokenEndpoint": { - "type": "string", - "description": "The token endpoint. Defines the OAuth2 refresh token." - }, - "tokenEndpointHeaders": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "The token endpoint headers." - }, - "tokenEndpointQueryParameters": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "The token endpoint query parameters." - }, - "authorizationEndpoint": { - "type": "string", - "description": "The authorization endpoint." - }, - "authorizationEndpointHeaders": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "The authorization endpoint headers." - }, - "authorizationEndpointQueryParameters": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "The authorization endpoint query parameters." - }, - "isJwtBearerFlow": { - "type": "boolean", - "description": "A value indicating whether it's a JWT flow." - }, - "accessTokenPrepend": { - "type": "string", - "description": "Access token prepend. Default is 'Bearer'." - } - }, - "required": [ - "clientSecret", - "clientId", - "grantType", - "tokenEndpoint" - ], - "type": "object", - "x-ms-discriminator-value": "OAuth2" - }, - "OracleAuthModel": { - "description": "Model for API authentication for Oracle.", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "properties": { - "tenantId": { - "type": "string", - "description": "Oracle tenant ID" - }, - "userId": { - "type": "string", - "description": "Oracle user ID" - }, - "publicFingerprint": { - "type": "string", - "description": "Public Fingerprint" - }, - "pemFile": { - "type": "string", - "description": "Content of the PRM file" - } - }, - "type": "object", - "required": [ - "tenantId", - "userId", - "publicFingerprint", - "pemFile" - ], - "x-ms-discriminator-value": "Oracle" - }, - "SessionAuthModel": { - "description": "Model for API authentication with session cookie.", - "allOf": [ - { - "$ref": "#/definitions/CcpAuthConfig" - } - ], - "properties": { - "userName": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "The user name attribute key value." - }, - "password": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "The password attribute name.", - "x-secret": true - }, - "queryParameters": { - "type": "object", - "additionalProperties": {}, - "description": "Query parameters to session service endpoint." - }, - "isPostPayloadJson": { - "type": "boolean", - "x-nullable": true, - "description": "Indicating whether API key is set in HTTP POST payload." - }, - "headers": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "HTTP request headers to session service endpoint." - }, - "sessionTimeoutInMinutes": { - "type": "integer", - "format": "int32", - "x-nullable": true, - "description": "Session timeout in minutes." - }, - "sessionIdName": { - "type": "string", - "description": "Session id attribute name from HTTP response header." - }, - "sessionLoginRequestUri": { - "type": "string", - "description": "HTTP request URL to session service endpoint." - } - }, - "type": "object", - "required": [ - "userName", - "password" - ], - "x-ms-discriminator-value": "Session" - }, - "CcpResponseConfig": { - "description": "A custom response configuration for a rule.", - "properties": { - "eventsJsonPaths": { - "description": "The json paths, '$' char is the json root.", - "example": "'$', '$.someProperty'", - "type": "array", - "items": { - "type": "string" - } - }, - "successStatusJsonPath": { - "description": "The value where the status message/code should appear in the response.", - "type": "string" - }, - "successStatusValue": { - "description": "The status value.", - "type": "string", - "x-nullable": true - }, - "isGzipCompressed": { - "description": "The value indicating whether the remote server support Gzip and we should expect Gzip response.", - "type": "boolean" - }, - "compressionAlgo": { - "description": "The compression algorithm. For Example: 'gzip', 'multi-gzip', 'deflate'.", - "type": "string", - "default": "gzip" - }, - "format": { - "description": "The response format. possible values are json,csv,xml", - "type": "string", - "default": "json" - }, - "csvDelimiter": { - "description": "The csv delimiter, in case the response format is CSV.", - "type": "string" - }, - "hasCsvBoundary": { - "description": "The value indicating whether the response has CSV boundary in case the response in CSV format.", - "type": "boolean", - "x-nullable": true - }, - "hasCsvHeader": { - "description": "The value indicating whether the response has headers in case the response in CSV format.", - "type": "boolean", - "x-nullable": true - }, - "convertChildPropertiesToArray": { - "description": "The value indicating whether the response isn't an array of events / logs. By setting this flag to true it means the remote server will response with an object which each property has as a value an array of events / logs.", - "type": "boolean", - "x-nullable": true - }, - "csvEscape": { - "description": "The character used to escape characters in CSV.", - "type": "string", - "x-nullable": true, - "default": "\"", - "minLength": 1, - "maxLength": 1 - } - }, - "type": "object", - "required": [ - "eventsJsonPaths" - ] - }, - "DataConnector": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Data connector.", - "discriminator": "kind", - "required": [ - "kind" - ], - "properties": { - "kind": { - "$ref": "#/definitions/DataConnectorKind", - "description": "The data connector kind", - "type": "string" - } - }, - "type": "object" - }, - "DataConnectorKind": { - "description": "The kind of the data connector", - "enum": [ - "AzureActiveDirectory", - "AzureSecurityCenter", - "MicrosoftCloudAppSecurity", - "ThreatIntelligence", - "MicrosoftThreatIntelligence", - "PremiumMicrosoftDefenderForThreatIntelligence", - "Office365", - "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", - "MicrosoftDefenderAdvancedThreatProtection", - "RestApiPoller" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "DataConnectorKind", - "values": [ - { - "value": "AzureActiveDirectory" - }, - { - "value": "AzureSecurityCenter" - }, - { - "value": "MicrosoftCloudAppSecurity" - }, - { - "value": "ThreatIntelligence" - }, - { - "value": "MicrosoftThreatIntelligence" - }, - { - "value": "PremiumMicrosoftDefenderForThreatIntelligence" - }, - { - "value": "Office365" - }, - { - "value": "AmazonWebServicesCloudTrail" - }, - { - "value": "AzureAdvancedThreatProtection" - }, - { - "value": "MicrosoftDefenderAdvancedThreatProtection" - }, - { - "value": "RestApiPoller" - } - ] - } - }, - "DataConnectorList": { - "description": "List all the data connectors.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of data connectors.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of data connectors.", - "items": { - "$ref": "#/definitions/DataConnector" - }, - "type": "array" - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "DataConnectorDataTypeCommon": { - "description": "Common field for data type in data connectors.", - "properties": { - "state": { - "description": "Describe whether this data type connection is enabled or not.", - "enum": [ - "Enabled", - "Disabled" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "DataTypeState" - } - } - }, - "required": [ - "state" - ], - "type": "object" - }, - "DataConnectorTenantId": { - "description": "Properties data connector on tenant level.", - "properties": { - "tenantId": { - "description": "The tenant id to connect to, and get the data from.", - "type": "string" - } - }, - "required": [ - "tenantId" - ], - "type": "object" - }, - "DataConnectorWithAlertsProperties": { - "description": "Data connector properties.", - "properties": { - "dataTypes": { - "$ref": "#/definitions/AlertsDataTypeOfDataConnector", - "description": "The available data types for the connector." - } - }, - "type": "object" - }, - "MCASDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/MCASDataConnectorProperties", - "description": "MCAS (Microsoft Cloud App Security) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" - }, - "MCASDataConnectorDataTypes": { - "allOf": [ - { - "$ref": "#/definitions/AlertsDataTypeOfDataConnector" - } - ], - "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", - "properties": { - "discoveryLogs": { - "$ref": "#/definitions/DataConnectorDataTypeCommon", - "description": "Discovery log data type connection." - } - }, - "type": "object" - }, - "MCASDataConnectorProperties": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorTenantId" - } - ], - "description": "MCAS (Microsoft Cloud App Security) data connector properties.", - "properties": { - "dataTypes": { - "$ref": "#/definitions/MCASDataConnectorDataTypes", - "description": "The available data types for the connector." - } - }, - "required": [ - "dataTypes" - ], - "type": "object" - }, - "MDATPDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/MDATPDataConnectorProperties", - "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" - }, - "MDATPDataConnectorProperties": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorTenantId" - }, - { - "$ref": "#/definitions/DataConnectorWithAlertsProperties" - } - ], - "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", - "type": "object" - }, - "TIDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents threat intelligence data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/TIDataConnectorProperties", - "description": "TI (Threat Intelligence) data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "ThreatIntelligence" - }, - "TIDataConnectorDataTypes": { - "description": "The available data types for TI (Threat Intelligence) data connector.", - "properties": { - "indicators": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "Data type for indicators connection.", - "type": "object" - } - }, - "required": [ - "indicators" - ], - "type": "object" - }, - "TIDataConnectorProperties": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorTenantId" - } - ], - "description": "TI (Threat Intelligence) data connector properties.", - "properties": { - "tipLookbackPeriod": { - "description": "The lookback period for the feed to be imported.", - "format": "date-time", - "type": "string", - "x-nullable": true - }, - "dataTypes": { - "$ref": "#/definitions/TIDataConnectorDataTypes", - "description": "The available data types for the connector." - } - }, - "required": [ - "dataTypes" - ], - "type": "object" - }, - "MSTIDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents Microsoft Threat Intelligence data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/MSTIDataConnectorProperties", - "description": "Microsoft Threat Intelligence data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MicrosoftThreatIntelligence" - }, - "MSTIDataConnectorDataTypes": { - "description": "The available data types for Microsoft Threat Intelligence data connector.", - "properties": { - "microsoftEmergingThreatFeed": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "properties": { - "lookbackPeriod": { - "description": "The lookback period for the feed to be imported. The date-time to begin importing the feed from, for example: 2024-01-01T00:00:00.000Z.", - "format": "date-time", - "type": "string" - } - }, - "description": "Data type for Microsoft Threat Intelligence data connector.", - "type": "object", - "required": [ - "lookbackPeriod" - ] - } - }, - "type": "object", - "required": [ - "microsoftEmergingThreatFeed" - ] - }, - "MSTIDataConnectorProperties": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorTenantId" - } - ], - "description": "Microsoft Threat Intelligence data connector properties.", - "properties": { - "dataTypes": { - "$ref": "#/definitions/MSTIDataConnectorDataTypes", - "description": "The available data types for the connector." - } - }, - "required": [ - "dataTypes" - ], - "type": "object" - }, - "PremiumMicrosoftDefenderForThreatIntelligence": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents Microsoft Defender for Threat Intelligence Premium data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/PremiumMdtiDataConnectorProperties", - "description": "Microsoft Defender for Threat Intelligence Premium data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "PremiumMicrosoftDefenderForThreatIntelligence" - }, - "PremiumMdtiDataConnectorDataTypes": { - "description": "The available data types for Microsoft Defender for Threat Intelligence Premium data connector.", - "properties": { - "connector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "Data type for Microsoft Defender for Threat Intelligence Premium data connector.", - "type": "object" - } - }, - "type": "object", - "required": [ - "connector" - ] - }, - "PremiumMdtiDataConnectorProperties": { - "description": "Microsoft Defender for Threat Intelligence Premium data connector properties.", - "allOf": [ - { - "$ref": "#/definitions/DataConnectorTenantId" - } - ], - "properties": { - "lookbackPeriod": { - "description": "The lookback period for the feed to be imported. The date-time to begin importing the feed from, for example: 2024-01-01T00:00:00.000Z.", - "format": "date-time", - "type": "string" - }, - "requiredSKUsPresent": { - "description": "The flag to indicate whether the tenant has the premium SKU required to access this connector.", - "type": "boolean" - }, - "dataTypes": { - "$ref": "#/definitions/PremiumMdtiDataConnectorDataTypes", - "description": "The available data types for the connector." - } - }, - "required": [ - "dataTypes", - "lookbackPeriod" - ], - "type": "object" - }, - "OfficeDataConnector": { - "allOf": [ - { - "$ref": "#/definitions/DataConnector" - } - ], - "description": "Represents office data connector.", - "properties": { - "properties": { - "$ref": "#/definitions/OfficeDataConnectorProperties", - "description": "Office data connector properties.", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Office365" - }, - "OfficeDataConnectorDataTypes": { - "description": "The available data types for office data connector.", - "properties": { - "exchange": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "Exchange data type connection.", - "type": "object" - }, - "sharePoint": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "SharePoint data type connection.", - "type": "object" - }, - "teams": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDataTypeCommon" - } - ], - "description": "Teams data type connection.", - "type": "object" - } - }, - "required": [ - "exchange", - "sharePoint", - "teams" - ], - "type": "object" - }, - "OfficeDataConnectorProperties": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorTenantId" - } - ], - "description": "Office data connector properties.", - "properties": { - "dataTypes": { - "$ref": "#/definitions/OfficeDataConnectorDataTypes", - "description": "The available data types for the connector." - } - }, - "required": [ - "dataTypes" - ], - "type": "object" - } - }, - "parameters": { - "DataConnector": { - "description": "The data connector", - "in": "body", - "name": "dataConnector", - "required": true, - "schema": { - "$ref": "#/definitions/DataConnector" - }, - "x-ms-parameter-location": "method" - }, - "DataConnectorId": { - "description": "Connector ID", - "in": "path", - "name": "dataConnectorId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Incidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Incidents.json deleted file mode 100644 index f015fc2206e6..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Incidents.json +++ /dev/null @@ -1,1677 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { - "get": { - "x-ms-examples": { - "Get all incidents.": { - "$ref": "./examples/incidents/GetIncidents.json" - } - }, - "tags": [ - "Incidents" - ], - "description": "Gets all incidents.", - "operationId": "Incidents_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataFilter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataOrderBy" - }, - { - "in": "query", - "name": "$top", - "description": "Returns only the first n results. Optional.", - "type": "integer", - "format": "int32", - "maximum": 1000, - "x-ms-parameter-location": "method" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkipToken" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/IncidentList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}": { - "get": { - "x-ms-examples": { - "Get an incident.": { - "$ref": "./examples/incidents/GetIncidentById.json" - } - }, - "tags": [ - "Incidents" - ], - "description": "Gets a given incident.", - "operationId": "Incidents_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/Incident" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates an incident.": { - "$ref": "./examples/incidents/CreateIncident.json" - } - }, - "tags": [ - "Incidents" - ], - "description": "Creates or updates an incident.", - "operationId": "Incidents_CreateOrUpdate", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "#/parameters/Incident" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/Incident" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/Incident" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete an incident.": { - "$ref": "./examples/incidents/DeleteIncident.json" - } - }, - "tags": [ - "Incidents" - ], - "description": "Deletes a given incident.", - "operationId": "Incidents_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts": { - "post": { - "x-ms-examples": { - "Get all incident alerts.": { - "$ref": "./examples/incidents/GetAllIncidentAlerts.json" - } - }, - "tags": [ - "IncidentAlerts" - ], - "description": "Gets all alerts for an incident.", - "operationId": "Incidents_ListAlerts", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/IncidentAlertList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks": { - "post": { - "x-ms-examples": { - "Get all incident bookmarks.": { - "$ref": "./examples/incidents/GetAllIncidentBookmarks.json" - } - }, - "tags": [ - "IncidentBookmarks" - ], - "description": "Gets all bookmarks for an incident.", - "operationId": "Incidents_ListBookmarks", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/IncidentBookmarkList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments": { - "get": { - "x-ms-examples": { - "Get all incident comments.": { - "$ref": "./examples/incidents/comments/GetAllIncidentComments.json" - } - }, - "tags": [ - "IncidentComments" - ], - "description": "Gets all comments for a given incident.", - "operationId": "IncidentComments_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataFilter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataOrderBy" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataTop" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkipToken" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/IncidentCommentList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-odata": "#/definitions/IncidentComment", - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}": { - "get": { - "x-ms-examples": { - "Get an incident comment.": { - "$ref": "./examples/incidents/comments/GetIncidentCommentById.json" - } - }, - "tags": [ - "IncidentComments" - ], - "description": "Gets a comment for a given incident.", - "operationId": "IncidentComments_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "#/parameters/IncidentCommentId" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/IncidentComment" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates an incident comment.": { - "$ref": "./examples/incidents/comments/CreateIncidentComment.json" - } - }, - "tags": [ - "IncidentComments" - ], - "description": "Creates or updates a comment for a given incident.", - "operationId": "IncidentComments_CreateOrUpdate", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "#/parameters/IncidentCommentId" - }, - { - "$ref": "#/parameters/IncidentComment" - } - ], - "responses": { - "200": { - "description": "Updated", - "schema": { - "$ref": "#/definitions/IncidentComment" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/IncidentComment" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete the incident comment.": { - "$ref": "./examples/incidents/comments/DeleteIncidentComment.json" - } - }, - "tags": [ - "IncidentComments" - ], - "description": "Deletes a comment for a given incident.", - "operationId": "IncidentComments_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "#/parameters/IncidentCommentId" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities": { - "post": { - "x-ms-examples": { - "Gets all incident related entities": { - "$ref": "./examples/incidents/GetAllIncidentEntities.json" - } - }, - "tags": [ - "IncidentEntities" - ], - "description": "Gets all entities for an incident.", - "operationId": "Incidents_ListEntities", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/IncidentEntitiesResponse" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations": { - "get": { - "x-ms-examples": { - "Get all incident relations.": { - "$ref": "./examples/incidents/relations/GetAllIncidentRelations.json" - } - }, - "tags": [ - "IncidentRelations" - ], - "description": "Gets all relations for a given incident.", - "operationId": "IncidentRelations_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataFilter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataOrderBy" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataTop" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkipToken" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/RelationList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-odata": "#/definitions/Relation", - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}": { - "get": { - "x-ms-examples": { - "Get an incident relation.": { - "$ref": "./examples/incidents/relations/GetIncidentRelationByName.json" - } - }, - "tags": [ - "IncidentRelations" - ], - "description": "Gets a relation for a given incident.", - "operationId": "IncidentRelations_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "#/parameters/RelationName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/Relation" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates an incident relation.": { - "$ref": "./examples/incidents/relations/CreateIncidentRelation.json" - } - }, - "tags": [ - "IncidentRelations" - ], - "description": "Creates or updates a relation for a given incident.", - "operationId": "IncidentRelations_CreateOrUpdate", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "#/parameters/RelationName" - }, - { - "$ref": "#/parameters/Relation" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/Relation" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/Relation" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete the incident relation.": { - "$ref": "./examples/incidents/relations/DeleteIncidentRelation.json" - } - }, - "tags": [ - "IncidentRelations" - ], - "description": "Deletes a relation for a given incident.", - "operationId": "IncidentRelations_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "#/parameters/RelationName" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks": { - "get": { - "tags": [ - "IncidentTasks" - ], - "description": "Gets all incident tasks.", - "operationId": "IncidentTasks_List", - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/IncidentTaskList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - }, - "x-ms-examples": { - "IncidentTasks_List": { - "$ref": "./examples/incidents/tasks/IncidentTasks_List.json" - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}": { - "get": { - "tags": [ - "IncidentTasks" - ], - "description": "Gets an incident task.", - "operationId": "IncidentTasks_Get", - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "#/parameters/IncidentTaskId" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/IncidentTask" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-examples": { - "IncidentTasks_Get": { - "$ref": "./examples/incidents/tasks/IncidentTasks_Get.json" - } - } - }, - "put": { - "tags": [ - "IncidentTasks" - ], - "description": "Creates or updates the incident task.", - "operationId": "IncidentTasks_CreateOrUpdate", - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "#/parameters/IncidentTaskId" - }, - { - "$ref": "#/parameters/IncidentTask" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/IncidentTask" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/IncidentTask" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-examples": { - "IncidentTasks_CreateOrUpdate": { - "$ref": "./examples/incidents/tasks/IncidentTasks_CreateOrUpdate.json" - } - } - }, - "delete": { - "tags": [ - "IncidentTasks" - ], - "description": "Delete the incident task.", - "operationId": "IncidentTasks_Delete", - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/IncidentId" - }, - { - "$ref": "#/parameters/IncidentTaskId" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-examples": { - "IncidentTasks_Delete": { - "$ref": "./examples/incidents/tasks/IncidentTasks_Delete.json" - } - } - } - } - }, - "definitions": { - "Relation": { - "type": "object", - "description": "Represents a relation between two resources", - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "properties": { - "properties": { - "$ref": "#/definitions/RelationProperties", - "description": "Relation properties", - "x-ms-client-flatten": true - } - } - }, - "RelationList": { - "description": "List of relations.", - "properties": { - "nextLink": { - "readOnly": true, - "description": "URL to fetch the next set of relations.", - "type": "string" - }, - "value": { - "description": "Array of relations.", - "type": "array", - "x-ms-identifiers": [], - "items": { - "$ref": "#/definitions/Relation" - } - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "RelationProperties": { - "description": "Relation property bag.", - "properties": { - "relatedResourceId": { - "description": "The resource ID of the related resource", - "type": "string" - }, - "relatedResourceName": { - "description": "The name of the related resource", - "readOnly": true, - "type": "string" - }, - "relatedResourceType": { - "description": "The resource type of the related resource", - "readOnly": true, - "type": "string" - }, - "relatedResourceKind": { - "description": "The resource kind of the related resource", - "readOnly": true, - "type": "string" - } - }, - "required": [ - "relatedResourceId" - ], - "type": "object" - }, - "Incident": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Represents an incident in Azure Security Insights.", - "properties": { - "properties": { - "$ref": "#/definitions/IncidentProperties", - "description": "Incident properties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "IncidentAdditionalData": { - "description": "Incident additional data property bag.", - "properties": { - "alertsCount": { - "description": "The number of alerts in the incident", - "format": "int32", - "readOnly": true, - "type": "integer" - }, - "bookmarksCount": { - "description": "The number of bookmarks in the incident", - "format": "int32", - "readOnly": true, - "type": "integer" - }, - "commentsCount": { - "description": "The number of comments in the incident", - "format": "int32", - "readOnly": true, - "type": "integer" - }, - "alertProductNames": { - "description": "List of product names of alerts in the incident", - "items": { - "description": "Alert product name", - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "tactics": { - "description": "The tactics associated with incident", - "items": { - "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "providerIncidentUrl": { - "description": "The provider incident url to the incident in Microsoft 365 Defender portal", - "type": "string", - "readOnly": true - } - }, - "type": "object" - }, - "IncidentAlertList": { - "description": "List of incident alerts.", - "properties": { - "value": { - "description": "Array of incident alerts.", - "type": "array", - "x-ms-identifiers": [], - "items": { - "$ref": "./common/EntityTypes.json#/definitions/SecurityAlert" - } - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "IncidentBookmarkList": { - "description": "List of incident bookmarks.", - "properties": { - "value": { - "description": "Array of incident bookmarks.", - "type": "array", - "x-ms-identifiers": [], - "items": { - "$ref": "./common/EntityTypes.json#/definitions/HuntingBookmark" - } - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "IncidentComment": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Represents an incident comment", - "properties": { - "properties": { - "$ref": "#/definitions/IncidentCommentProperties", - "description": "Incident comment properties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "IncidentCommentList": { - "description": "List of incident comments.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of comments.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of comments.", - "items": { - "$ref": "#/definitions/IncidentComment" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "IncidentCommentProperties": { - "description": "Incident comment property bag.", - "properties": { - "createdTimeUtc": { - "description": "The time the comment was created", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "lastModifiedTimeUtc": { - "description": "The time the comment was updated", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "message": { - "description": "The comment message", - "type": "string" - }, - "author": { - "$ref": "./common/2.0/types.json#/definitions/ClientInfo", - "description": "Describes the client that created the comment", - "readOnly": true, - "type": "object" - } - }, - "required": [ - "message" - ], - "type": "object" - }, - "IncidentEntitiesResponse": { - "description": "The incident related entities response.", - "type": "object", - "properties": { - "entities": { - "description": "Array of the incident related entities.", - "type": "array", - "x-ms-identifiers": [], - "items": { - "$ref": "./common/EntityTypes.json#/definitions/Entity" - } - }, - "metaData": { - "description": "The metadata from the incident related entities results.", - "type": "array", - "x-ms-identifiers": [], - "items": { - "$ref": "#/definitions/IncidentEntitiesResultsMetadata" - } - } - } - }, - "IncidentEntitiesResultsMetadata": { - "description": "Information of a specific aggregation in the incident related entities result.", - "properties": { - "count": { - "description": "Total number of aggregations of the given kind in the incident related entities result.", - "type": "integer", - "format": "int32" - }, - "entityKind": { - "$ref": "./common/EntityTypes.json#/definitions/EntityInnerKind", - "description": "The kind of the aggregated entity." - } - }, - "required": [ - "entityKind", - "count" - ], - "type": "object" - }, - "IncidentList": { - "description": "List all the incidents.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of incidents.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of incidents.", - "items": { - "$ref": "#/definitions/Incident" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "IncidentProperties": { - "description": "Describes incident properties", - "properties": { - "additionalData": { - "$ref": "#/definitions/IncidentAdditionalData", - "description": "Additional data on the incident", - "readOnly": true, - "type": "object" - }, - "classification": { - "description": "The reason the incident was closed", - "enum": [ - "Undetermined", - "TruePositive", - "BenignPositive", - "FalsePositive" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "IncidentClassification", - "values": [ - { - "description": "Incident classification was undetermined", - "value": "Undetermined" - }, - { - "description": "Incident was true positive", - "value": "TruePositive" - }, - { - "description": "Incident was benign positive", - "value": "BenignPositive" - }, - { - "description": "Incident was false positive", - "value": "FalsePositive" - } - ] - } - }, - "classificationComment": { - "description": "Describes the reason the incident was closed", - "type": "string" - }, - "classificationReason": { - "description": "The classification reason the incident was closed with", - "enum": [ - "SuspiciousActivity", - "SuspiciousButExpected", - "IncorrectAlertLogic", - "InaccurateData" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "IncidentClassificationReason", - "values": [ - { - "description": "Classification reason was suspicious activity", - "value": "SuspiciousActivity" - }, - { - "description": "Classification reason was suspicious but expected", - "value": "SuspiciousButExpected" - }, - { - "description": "Classification reason was incorrect alert logic", - "value": "IncorrectAlertLogic" - }, - { - "description": "Classification reason was inaccurate data", - "value": "InaccurateData" - } - ] - } - }, - "createdTimeUtc": { - "description": "The time the incident was created", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "description": { - "description": "The description of the incident", - "type": "string" - }, - "firstActivityTimeUtc": { - "description": "The time of the first activity in the incident", - "format": "date-time", - "type": "string" - }, - "incidentUrl": { - "description": "The deep-link url to the incident in Azure portal", - "readOnly": true, - "type": "string" - }, - "providerName": { - "description": "The name of the source provider that generated the incident", - "type": "string", - "readOnly": true - }, - "providerIncidentId": { - "description": "The incident ID assigned by the incident provider", - "type": "string", - "readOnly": true - }, - "incidentNumber": { - "description": "A sequential number", - "format": "int32", - "readOnly": true, - "type": "integer" - }, - "labels": { - "description": "List of labels relevant to this incident", - "items": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "lastActivityTimeUtc": { - "description": "The time of the last activity in the incident", - "format": "date-time", - "type": "string" - }, - "lastModifiedTimeUtc": { - "description": "The last time the incident was updated", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "owner": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo", - "description": "Describes a user that the incident is assigned to", - "type": "object" - }, - "relatedAnalyticRuleIds": { - "description": "List of resource ids of Analytic rules related to the incident", - "items": { - "description": "Related Analytic rule resource id", - "type": "string", - "format": "arm-id", - "x-ms-arm-id-details": { - "allowedResources": [ - { - "scopes": [ - "Extension" - ], - "type": "Microsoft.SecurityInsights/alertRules" - } - ] - } - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "severity": { - "description": "The severity of the incident", - "type": "string", - "$ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" - }, - "status": { - "description": "The status of the incident", - "enum": [ - "New", - "Active", - "Closed" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "IncidentStatus", - "values": [ - { - "description": "An active incident which isn't being handled currently", - "value": "New" - }, - { - "description": "An active incident which is being handled", - "value": "Active" - }, - { - "description": "A non-active incident", - "value": "Closed" - } - ] - } - }, - "title": { - "description": "The title of the incident", - "type": "string" - } - }, - "required": [ - "title", - "severity", - "status" - ], - "type": "object" - }, - "IncidentTask": { - "description": "Describes incident task properties", - "required": [ - "properties" - ], - "type": "object", - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "properties": { - "properties": { - "type": "object", - "$ref": "#/definitions/IncidentTaskProperties", - "x-ms-client-flatten": true - } - } - }, - "IncidentTaskList": { - "description": "List of incident tasks", - "type": "object", - "properties": { - "value": { - "type": "array", - "items": { - "$ref": "#/definitions/IncidentTask" - } - }, - "nextLink": { - "type": "string" - } - } - }, - "IncidentTaskProperties": { - "description": "Describes the properties of an incident task", - "required": [ - "status", - "title" - ], - "type": "object", - "properties": { - "title": { - "description": "The title of the task", - "type": "string" - }, - "description": { - "description": "The description of the task", - "type": "string" - }, - "status": { - "$ref": "#/definitions/IncidentTaskStatus" - }, - "createdTimeUtc": { - "format": "date-time", - "description": "The time the task was created", - "type": "string", - "readOnly": true - }, - "lastModifiedTimeUtc": { - "format": "date-time", - "description": "The last time the task was updated", - "type": "string", - "readOnly": true - }, - "createdBy": { - "$ref": "./common/2.0/types.json#/definitions/ClientInfo" - }, - "lastModifiedBy": { - "$ref": "./common/2.0/types.json#/definitions/ClientInfo" - } - } - }, - "IncidentTaskStatus": { - "description": "The status of the task", - "enum": [ - "New", - "Completed" - ], - "type": "string", - "x-ms-enum": { - "name": "IncidentTaskStatus", - "modelAsString": true, - "values": [ - { - "value": "New", - "description": "A new task" - }, - { - "value": "Completed", - "description": "A completed task" - } - ] - } - } - }, - "parameters": { - "Incident": { - "description": "The incident", - "in": "body", - "name": "incident", - "required": true, - "schema": { - "$ref": "#/definitions/Incident" - }, - "x-ms-parameter-location": "method" - }, - "IncidentComment": { - "description": "The incident comment", - "in": "body", - "name": "incidentComment", - "required": true, - "schema": { - "$ref": "#/definitions/IncidentComment" - }, - "x-ms-parameter-location": "method" - }, - "IncidentCommentId": { - "description": "Incident comment ID", - "in": "path", - "name": "incidentCommentId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "IncidentId": { - "description": "Incident ID", - "in": "path", - "name": "incidentId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "Relation": { - "name": "relation", - "in": "body", - "description": "The relation model", - "required": true, - "schema": { - "$ref": "#/definitions/Relation" - }, - "x-ms-parameter-location": "method" - }, - "RelationName": { - "name": "relationName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[a-zA-Z0-9-]{3,63}$", - "minLength": 3, - "maxLength": 63, - "description": "Relation Name", - "x-ms-parameter-location": "method" - }, - "IncidentTask": { - "name": "incidentTask", - "description": "The incident task", - "required": true, - "in": "body", - "x-ms-parameter-location": "method", - "schema": { - "$ref": "#/definitions/IncidentTask" - } - }, - "IncidentTaskId": { - "in": "path", - "name": "incidentTaskId", - "description": "Incident task ID", - "required": true, - "x-ms-parameter-location": "method", - "type": "string" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Metadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Metadata.json deleted file mode 100644 index 8ad2dd0de4a6..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Metadata.json +++ /dev/null @@ -1,774 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata": { - "get": { - "x-ms-examples": { - "Get all metadata.": { - "$ref": "./examples/metadata/GetAllMetadata.json" - }, - "Get all metadata with OData filter/orderby/skip/top": { - "$ref": "./examples/metadata/GetAllMetadataOData.json" - } - }, - "tags": [ - "Metadata" - ], - "description": "List of all metadata", - "operationId": "Metadata_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataFilter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataOrderBy" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataTop" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkip" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/MetadataList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}": { - "get": { - "x-ms-examples": { - "Get single metadata by name": { - "$ref": "./examples/metadata/GetMetadata.json" - } - }, - "tags": [ - "Metadata" - ], - "description": "Get a Metadata.", - "operationId": "Metadata_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/MetadataName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/MetadataModel" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete metadata.": { - "$ref": "./examples/metadata/DeleteMetadata.json" - } - }, - "tags": [ - "Metadata" - ], - "description": "Delete a Metadata.", - "operationId": "Metadata_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/MetadataName" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Create/update full metadata.": { - "$ref": "./examples/metadata/PutMetadata.json" - }, - "Create/update minimal metadata.": { - "$ref": "./examples/metadata/PutMetadataMinimal.json" - } - }, - "tags": [ - "Metadata" - ], - "description": "Create a Metadata.", - "operationId": "Metadata_Create", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/MetadataName" - }, - { - "$ref": "#/parameters/Metadata" - } - ], - "responses": { - "200": { - "description": "OK, Operation successfully completed", - "schema": { - "$ref": "#/definitions/MetadataModel" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/MetadataModel" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "patch": { - "x-ms-examples": { - "Update metadata.": { - "$ref": "./examples/metadata/PatchMetadata.json" - } - }, - "tags": [ - "Metadata" - ], - "description": "Update an existing Metadata.", - "operationId": "Metadata_Update", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/MetadataName" - }, - { - "$ref": "#/parameters/MetadataPatch" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/MetadataModel" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "MetadataList": { - "description": "List of all the metadata.", - "type": "object", - "properties": { - "value": { - "description": "Array of metadata.", - "items": { - "$ref": "#/definitions/MetadataModel" - }, - "type": "array" - }, - "nextLink": { - "description": "URL to fetch the next page of metadata.", - "readOnly": true, - "type": "string" - } - }, - "required": [ - "value" - ] - }, - "MetadataModel": { - "type": "object", - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Metadata resource definition.", - "properties": { - "properties": { - "$ref": "#/definitions/metadataProperties", - "description": "Metadata properties", - "x-ms-client-flatten": true - } - } - }, - "metadataPatch": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Metadata patch request body.", - "type": "object", - "properties": { - "properties": { - "$ref": "#/definitions/metadataPropertiesPatch", - "description": "Metadata patch request body", - "x-ms-client-flatten": true - } - } - }, - "metadataContentId": { - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a template, both will have the same contentId.", - "type": "string" - }, - "metadataParentId": { - "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)", - "type": "string" - }, - "metadataVersion": { - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks", - "type": "string" - }, - "metadataKind": { - "type": "string", - "description": "The kind of content the metadata is for." - }, - "metadataSource": { - "description": "The original source of the content item, where it comes from.", - "type": "object", - "required": [ - "kind" - ], - "properties": { - "kind": { - "description": "Source type of the content", - "type": "string", - "enum": [ - "LocalWorkspace", - "Community", - "Solution", - "SourceRepository" - ], - "x-ms-enum": { - "modelAsString": true, - "name": "sourceKind", - "values": [ - { - "value": "LocalWorkspace" - }, - { - "value": "Community" - }, - { - "value": "Solution" - }, - { - "value": "SourceRepository" - } - ] - } - }, - "name": { - "description": "Name of the content source. The repo name, solution name, LA workspace name etc.", - "type": "string" - }, - "sourceId": { - "description": "ID of the content source. The solution ID, workspace ID, etc", - "type": "string" - } - } - }, - "metadataAuthor": { - "type": "object", - "description": "Publisher or creator of the content item.", - "properties": { - "name": { - "description": "Name of the author. Company or person.", - "type": "string" - }, - "email": { - "description": "Email of author contact", - "type": "string" - }, - "link": { - "description": "Link for author/vendor page", - "type": "string" - } - } - }, - "metadataSupport": { - "type": "object", - "description": "Support information for the content item.", - "required": [ - "tier" - ], - "properties": { - "tier": { - "description": "Type of support for content item", - "type": "string", - "enum": [ - "Microsoft", - "Partner", - "Community" - ], - "x-ms-enum": { - "modelAsString": true, - "name": "supportTier", - "values": [ - { - "value": "Microsoft" - }, - { - "value": "Partner" - }, - { - "value": "Community" - } - ] - } - }, - "name": { - "description": "Name of the support contact. Company or person.", - "type": "string" - }, - "email": { - "description": "Email of support contact", - "type": "string" - }, - "link": { - "description": "Link for support help, like to support page to open a ticket etc.", - "type": "string" - } - } - }, - "metadataCategories": { - "type": "object", - "description": "ies for the solution content item", - "properties": { - "domains": { - "description": "domain for the solution content item", - "type": "array", - "example": [ - "str1", - "str2", - "str3" - ], - "items": { - "type": "string" - } - }, - "verticals": { - "description": "Industry verticals for the solution content item", - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "str1", - "str2", - "str3" - ] - } - } - }, - "metadataProviders": { - "description": "Providers for the solution content item", - "type": "array", - "example": [ - "str1", - "str2", - "str3" - ], - "items": { - "type": "string" - } - }, - "firstPublishDate": { - "description": "first publish date of solution content item", - "type": "string", - "format": "date" - }, - "lastPublishDate": { - "description": "last publish date of solution content item", - "type": "string", - "format": "date" - }, - "metadataCustomVersion": { - "description": "The custom version of the content. A optional free text", - "type": "string" - }, - "metadataContentSchemaVersion": { - "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version", - "type": "string" - }, - "metadataIcon": { - "description": "the icon identifier. this id can later be fetched from the solution template", - "type": "string" - }, - "metadataThreatAnalysisTactics": { - "description": "the tactics the resource covers", - "type": "array", - "example": [ - "reconnaissance", - "exfiltration" - ], - "items": { - "type": "string" - } - }, - "metadataThreatAnalysisTechniques": { - "description": "the techniques the resource covers, these have to be aligned with the tactics being used", - "type": "array", - "example": [ - "T1548", - "T1548.001", - "T1134.003" - ], - "items": { - "type": "string" - } - }, - "metadataPreviewImages": { - "description": "preview image file names. These will be taken from the solution artifacts", - "type": "array", - "example": [ - "example.png", - "example2.jpeg" - ], - "items": { - "type": "string" - } - }, - "metadataPreviewImagesDark": { - "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", - "type": "array", - "example": [ - "example.png", - "example2.jpeg" - ], - "items": { - "type": "string" - } - }, - "metadataProperties": { - "description": "Metadata property bag.", - "required": [ - "parentId", - "kind" - ], - "type": "object", - "properties": { - "contentId": { - "$ref": "#/definitions/metadataContentId", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "parentId": { - "$ref": "#/definitions/metadataParentId", - "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" - }, - "version": { - "$ref": "#/definitions/metadataVersion", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "kind": { - "$ref": "#/definitions/metadataKind", - "description": "The kind of content the metadata is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, - "author": { - "$ref": "#/definitions/metadataAuthor", - "description": "The creator of the content item." - }, - "support": { - "$ref": "#/definitions/metadataSupport", - "description": "Support information for the metadata - type, name, contact information" - }, - "dependencies": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." - }, - "categories": { - "$ref": "#/definitions/metadataCategories", - "description": "Categories for the solution content item" - }, - "providers": { - "$ref": "#/definitions/metadataProviders", - "description": "Providers for the solution content item" - }, - "firstPublishDate": { - "$ref": "#/definitions/firstPublishDate", - "description": "first publish date solution content item" - }, - "lastPublishDate": { - "$ref": "#/definitions/lastPublishDate", - "description": "last publish date for the solution content item" - }, - "customVersion": { - "$ref": "#/definitions/metadataCustomVersion", - "description": "The custom version of the content. A optional free text" - }, - "contentSchemaVersion": { - "$ref": "#/definitions/metadataContentSchemaVersion", - "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" - }, - "icon": { - "$ref": "#/definitions/metadataIcon", - "description": "the icon identifier. this id can later be fetched from the solution template" - }, - "threatAnalysisTactics": { - "$ref": "#/definitions/metadataThreatAnalysisTactics", - "description": "the tactics the resource covers" - }, - "threatAnalysisTechniques": { - "$ref": "#/definitions/metadataThreatAnalysisTechniques", - "description": "the techniques the resource covers, these have to be aligned with the tactics being used" - }, - "previewImages": { - "$ref": "#/definitions/metadataPreviewImages", - "description": "preview image file names. These will be taken from the solution artifacts" - }, - "previewImagesDark": { - "$ref": "#/definitions/metadataPreviewImagesDark", - "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" - } - } - }, - "metadataPropertiesPatch": { - "description": "Metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required", - "type": "object", - "properties": { - "contentId": { - "$ref": "#/definitions/metadataContentId", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "parentId": { - "$ref": "#/definitions/metadataParentId", - "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" - }, - "version": { - "$ref": "#/definitions/metadataVersion", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "kind": { - "$ref": "#/definitions/metadataKind", - "description": "The kind of content the metadata is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, - "author": { - "$ref": "#/definitions/metadataAuthor", - "description": "The creator of the content item." - }, - "support": { - "$ref": "#/definitions/metadataSupport", - "description": "Support information for the metadata - type, name, contact information" - }, - "dependencies": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." - }, - "categories": { - "$ref": "#/definitions/metadataCategories", - "description": "Categories for the solution content item" - }, - "providers": { - "$ref": "#/definitions/metadataProviders", - "description": "Providers for the solution content item" - }, - "firstPublishDate": { - "$ref": "#/definitions/firstPublishDate", - "description": "first publish date solution content item" - }, - "lastPublishDate": { - "$ref": "#/definitions/lastPublishDate", - "description": "last publish date for the solution content item" - }, - "customVersion": { - "$ref": "#/definitions/metadataCustomVersion", - "description": "The custom version of the content. A optional free text" - }, - "contentSchemaVersion": { - "$ref": "#/definitions/metadataContentSchemaVersion", - "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" - }, - "icon": { - "$ref": "#/definitions/metadataIcon", - "description": "the icon identifier. this id can later be fetched from the solution template" - }, - "threatAnalysisTactics": { - "$ref": "#/definitions/metadataThreatAnalysisTactics", - "description": "the tactics the resource covers" - }, - "threatAnalysisTechniques": { - "$ref": "#/definitions/metadataThreatAnalysisTechniques", - "description": "the techniques the resource covers, these have to be aligned with the tactics being used" - }, - "previewImages": { - "$ref": "#/definitions/metadataPreviewImages", - "description": "preview image file names. These will be taken from the solution artifacts" - }, - "previewImagesDark": { - "$ref": "#/definitions/metadataPreviewImagesDark", - "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" - } - } - } - }, - "parameters": { - "Metadata": { - "description": "Metadata resource.", - "in": "body", - "name": "metadata", - "required": true, - "schema": { - "$ref": "#/definitions/MetadataModel" - }, - "x-ms-parameter-location": "method" - }, - "MetadataPatch": { - "description": "Partial metadata request.", - "in": "body", - "name": "metadataPatch", - "required": true, - "schema": { - "$ref": "#/definitions/metadataPatch" - }, - "x-ms-parameter-location": "method" - }, - "MetadataName": { - "description": "The Metadata name.", - "in": "path", - "name": "metadataName", - "required": true, - "pattern": "^\\S+$", - "type": "string", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/OnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/OnboardingStates.json deleted file mode 100644 index aa15fb8a5ab9..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/OnboardingStates.json +++ /dev/null @@ -1,284 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}": { - "get": { - "x-ms-examples": { - "Get Sentinel onboarding state": { - "$ref": "./examples/onboardingStates/GetSentinelOnboardingState.json" - } - }, - "tags": [ - "SentinelOnboardingStates" - ], - "description": "Get Sentinel onboarding state", - "operationId": "SentinelOnboardingStates_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/SentinelOnboardingStateName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/SentinelOnboardingState" - } - }, - "default": { - "description": "Error in getting the Sentinel onboarding state", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Create Sentinel onboarding state": { - "$ref": "./examples/onboardingStates/CreateSentinelOnboardingState.json" - } - }, - "tags": [ - "SentinelOnboardingStates" - ], - "description": "Create Sentinel onboarding state", - "operationId": "SentinelOnboardingStates_Create", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/SentinelOnboardingStateName" - }, - { - "$ref": "#/parameters/SentinelOnboardingStateParameter" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/SentinelOnboardingState" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/SentinelOnboardingState" - } - }, - "default": { - "description": "Error in creating the Sentinel onboarding state", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete Sentinel onboarding state": { - "$ref": "./examples/onboardingStates/DeleteSentinelOnboardingState.json" - } - }, - "tags": [ - "SentinelOnboardingStates" - ], - "description": "Delete Sentinel onboarding state", - "operationId": "SentinelOnboardingStates_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/SentinelOnboardingStateName" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error in deleting the Sentinel onboarding state", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates": { - "get": { - "x-ms-examples": { - "Get all Sentinel onboarding states": { - "$ref": "./examples/onboardingStates/GetAllSentinelOnboardingStates.json" - } - }, - "tags": [ - "SentinelOnboardingStates" - ], - "description": "Gets all Sentinel onboarding states", - "operationId": "SentinelOnboardingStates_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/SentinelOnboardingStatesList" - } - }, - "default": { - "description": "Error in listing the Sentinel onboarding states", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "SentinelOnboardingStateProperties": { - "description": "The Sentinel onboarding state properties", - "type": "object", - "properties": { - "customerManagedKey": { - "description": "Flag that indicates the status of the CMK setting", - "type": "boolean" - } - } - }, - "SentinelOnboardingState": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Sentinel onboarding state", - "properties": { - "properties": { - "$ref": "#/definitions/SentinelOnboardingStateProperties", - "description": "The Sentinel onboarding state object", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "SentinelOnboardingStatesList": { - "description": "List of the Sentinel onboarding states", - "properties": { - "value": { - "description": "Array of Sentinel onboarding states", - "items": { - "$ref": "#/definitions/SentinelOnboardingState" - }, - "type": "array" - } - }, - "type": "object", - "required": [ - "value" - ] - } - }, - "parameters": { - "SentinelOnboardingStateName": { - "description": "The Sentinel onboarding state name. Supports - default", - "in": "path", - "name": "sentinelOnboardingStateName", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "SentinelOnboardingStateParameter": { - "description": "The Sentinel onboarding state parameter", - "in": "body", - "name": "sentinelOnboardingStateParameter", - "required": false, - "schema": { - "$ref": "#/definitions/SentinelOnboardingState" - }, - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/SecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/SecurityMLAnalyticsSettings.json deleted file mode 100644 index 9acbbde8c845..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/SecurityMLAnalyticsSettings.json +++ /dev/null @@ -1,444 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings": { - "get": { - "x-ms-examples": { - "Get all Security ML Analytics Settings.": { - "$ref": "./examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json" - } - }, - "tags": [ - "Security ML Analytics Settings" - ], - "description": "Gets all Security ML Analytics Settings.", - "operationId": "SecurityMLAnalyticsSettings_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/SecurityMLAnalyticsSettingsList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}": { - "get": { - "x-ms-examples": { - "Get a Anomaly Security ML Analytics Settings.": { - "$ref": "./examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json" - } - }, - "tags": [ - "Security ML Analytics Settings" - ], - "description": "Gets the Security ML Analytics Settings.", - "operationId": "SecurityMLAnalyticsSettings_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/SettingsResourceName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/SecurityMLAnalyticsSetting" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates a Anomaly Security ML Analytics Settings.": { - "$ref": "./examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json" - } - }, - "tags": [ - "Security ML Analytics Settings" - ], - "description": "Creates or updates the Security ML Analytics Settings.", - "operationId": "SecurityMLAnalyticsSettings_CreateOrUpdate", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/SettingsResourceName" - }, - { - "$ref": "#/parameters/SecurityMLAnalyticsSetting" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/SecurityMLAnalyticsSetting" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/SecurityMLAnalyticsSetting" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete a Security ML Analytics Settings.": { - "$ref": "./examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json" - } - }, - "tags": [ - "Security ML Analytics Settings" - ], - "description": "Delete the Security ML Analytics Settings.", - "operationId": "SecurityMLAnalyticsSettings_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/SettingsResourceName" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "parameters": { - "SecurityMLAnalyticsSetting": { - "description": "The security ML Analytics setting", - "in": "body", - "name": "securityMLAnalyticsSetting", - "required": true, - "schema": { - "$ref": "#/definitions/SecurityMLAnalyticsSetting" - }, - "x-ms-parameter-location": "method" - }, - "SettingsResourceName": { - "description": "Security ML Analytics Settings resource name", - "in": "path", - "name": "settingsResourceName", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - } - }, - "definitions": { - "SecurityMLAnalyticsSetting": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Security ML Analytics Setting", - "properties": { - "kind": { - "$ref": "#/definitions/SecurityMLAnalyticsSettingsKindEnum", - "description": "The kind of security ML Analytics Settings" - } - }, - "discriminator": "kind", - "type": "object", - "required": [ - "kind" - ] - }, - "SecurityMLAnalyticsSettingsKindEnum": { - "description": "The kind of security ML analytics settings", - "enum": [ - "Anomaly" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "SecurityMLAnalyticsSettingsKind", - "values": [ - { - "value": "Anomaly" - } - ] - } - }, - "SecurityMLAnalyticsSettingsList": { - "description": "List all the SecurityMLAnalyticsSettings", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of SecurityMLAnalyticsSettings.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of SecurityMLAnalyticsSettings", - "items": { - "$ref": "#/definitions/SecurityMLAnalyticsSetting" - }, - "type": "array" - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "AnomalySecurityMLAnalyticsSettings": { - "allOf": [ - { - "$ref": "#/definitions/SecurityMLAnalyticsSetting" - } - ], - "description": "Represents Anomaly Security ML Analytics Settings", - "properties": { - "properties": { - "$ref": "#/definitions/AnomalySecurityMLAnalyticsSettingsProperties", - "description": "Anomaly Security ML Analytics Settings properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Anomaly" - }, - "AnomalySecurityMLAnalyticsSettingsProperties": { - "description": "AnomalySecurityMLAnalytics settings base property bag.", - "properties": { - "description": { - "description": "The description of the SecurityMLAnalyticsSettings.", - "type": "string" - }, - "displayName": { - "description": "The display name for settings created by this SecurityMLAnalyticsSettings.", - "type": "string" - }, - "enabled": { - "description": "Determines whether this settings is enabled or disabled.", - "type": "boolean" - }, - "lastModifiedUtc": { - "description": "The last time that this SecurityMLAnalyticsSettings has been modified.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "requiredDataConnectors": { - "description": "The required data sources for this SecurityMLAnalyticsSettings", - "items": { - "$ref": "#/definitions/SecurityMLAnalyticsSettingsDataSource" - }, - "x-ms-identifiers": [ - "connectorId" - ], - "type": "array" - }, - "tactics": { - "description": "The tactics of the SecurityMLAnalyticsSettings", - "items": { - "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" - }, - "type": "array" - }, - "techniques": { - "description": "The techniques of the SecurityMLAnalyticsSettings", - "items": { - "type": "string" - }, - "type": "array" - }, - "anomalyVersion": { - "description": "The anomaly version of the AnomalySecurityMLAnalyticsSettings.", - "type": "string" - }, - "customizableObservations": { - "description": "The customizable observations of the AnomalySecurityMLAnalyticsSettings.", - "type": "object" - }, - "frequency": { - "description": "The frequency that this SecurityMLAnalyticsSettings will be run.", - "format": "duration", - "type": "string" - }, - "settingsStatus": { - "$ref": "#/definitions/AnomalySecurityMLAnalyticsSettingsStatus", - "description": "The anomaly SecurityMLAnalyticsSettings status" - }, - "isDefaultSettings": { - "description": "Determines whether this anomaly security ml analytics settings is a default settings", - "type": "boolean" - }, - "anomalySettingsVersion": { - "description": "The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.", - "type": "integer", - "format": "int32" - }, - "settingsDefinitionId": { - "description": "The anomaly settings definition Id", - "format": "uuid", - "type": "string" - } - }, - "required": [ - "displayName", - "enabled", - "anomalyVersion", - "frequency", - "settingsStatus", - "isDefaultSettings" - ], - "type": "object" - }, - "SecurityMLAnalyticsSettingsDataSource": { - "description": "security ml analytics settings data sources", - "properties": { - "connectorId": { - "description": "The connector id that provides the following data types", - "type": "string" - }, - "dataTypes": { - "description": "The data types used by the security ml analytics settings", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "AnomalySecurityMLAnalyticsSettingsStatus": { - "description": "The anomaly SecurityMLAnalyticsSettings status", - "enum": [ - "Production", - "Flighting" - ], - "type": "string", - "x-ms-enum": { - "name": "SettingsStatus", - "modelAsString": true, - "values": [ - { - "description": "Anomaly settings status in Production mode", - "value": "Production" - }, - { - "description": "Anomaly settings status in Flighting mode", - "value": "Flighting" - } - ] - } - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/SourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/SourceControls.json deleted file mode 100644 index c2360cd10f1d..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/SourceControls.json +++ /dev/null @@ -1,1041 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories": { - "post": { - "x-ms-examples": { - "Get repository list.": { - "$ref": "./examples/repositories/GetRepositories.json" - } - }, - "tags": [ - "Repositories" - ], - "description": "Gets a list of repositories metadata.", - "operationId": "SourceControl_listRepositories", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RepositoryAccess" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/RepoList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols": { - "get": { - "x-ms-examples": { - "Get all source controls.": { - "$ref": "./examples/sourcecontrols/GetSourceControls.json" - } - }, - "tags": [ - "SourceControls" - ], - "description": "Gets all source controls, without source control items.", - "operationId": "SourceControls_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/SourceControlList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}": { - "get": { - "x-ms-examples": { - "Get a source control.": { - "$ref": "./examples/sourcecontrols/GetSourceControlById.json" - } - }, - "tags": [ - "SourceControls" - ], - "description": "Gets a source control byt its identifier.", - "operationId": "SourceControls_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/SourceControlIdParameter" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/SourceControl" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates a source control.": { - "$ref": "./examples/sourcecontrols/CreateSourceControl.json" - } - }, - "tags": [ - "SourceControls" - ], - "description": "Creates a source control.", - "operationId": "SourceControls_Create", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/SourceControlIdParameter" - }, - { - "$ref": "#/parameters/SourceControl" - } - ], - "responses": { - "200": { - "description": "Updated", - "schema": { - "$ref": "#/definitions/SourceControl" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/SourceControl" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete": { - "post": { - "x-ms-examples": { - "Delete a source control.": { - "$ref": "./examples/sourcecontrols/DeleteSourceControl.json" - } - }, - "tags": [ - "SourceControls" - ], - "description": "Delete a source control.", - "operationId": "SourceControls_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/SourceControlIdParameter" - }, - { - "$ref": "#/parameters/RepositoryAccess" - } - ], - "responses": { - "200": { - "description": "Source control deleted.", - "schema": { - "$ref": "#/definitions/Warning" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "RepoList": { - "description": "List all the source controls.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of repositories.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of repositories.", - "items": { - "$ref": "#/definitions/Repo" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "required": [ - "value" - ], - "type": "object" - }, - "Repo": { - "description": "Represents a repository.", - "properties": { - "url": { - "description": "The url to access the repository.", - "type": "string" - }, - "fullName": { - "description": "The name of the repository.", - "type": "string" - }, - "installationId": { - "description": "The installation id of the repository.", - "type": "integer", - "format": "int64" - }, - "branches": { - "description": "Array of branches.", - "items": { - "description": "name of branch.", - "type": "string" - }, - "type": "array" - } - }, - "x-ms-azure-resource": false, - "type": "object" - }, - "SourceControlList": { - "description": "List all the source controls.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of source controls.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of source controls.", - "items": { - "$ref": "#/definitions/SourceControl" - }, - "type": "array" - } - }, - "required": [ - "value" - ], - "type": "object" - }, - "SourceControl": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Represents a SourceControl in Azure Security Insights.", - "required": [ - "properties" - ], - "properties": { - "properties": { - "description": "source control properties", - "$ref": "#/definitions/SourceControlProperties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "SourceControlProperties": { - "description": "Describes source control properties", - "properties": { - "id": { - "description": "The id (a Guid) of the source control", - "type": "string", - "readOnly": true - }, - "version": { - "$ref": "#/definitions/Version", - "description": "The version number associated with the source control", - "type": "string" - }, - "displayName": { - "description": "The display name of the source control", - "type": "string" - }, - "description": { - "description": "A description of the source control", - "type": "string" - }, - "repoType": { - "$ref": "#/definitions/RepoType", - "description": "The repository type of the source control", - "type": "string" - }, - "contentTypes": { - "description": "Array of source control content types.", - "items": { - "$ref": "#/definitions/ContentType" - }, - "type": "array" - }, - "repository": { - "description": "Repository metadata.", - "$ref": "#/definitions/Repository" - }, - "servicePrincipal": { - "description": "Service principal metadata.", - "$ref": "#/definitions/ServicePrincipal" - }, - "workloadIdentityFederation": { - "description": "Workload Identity metadata.", - "$ref": "#/definitions/WorkloadIdentityFederation", - "readOnly": true - }, - "repositoryAccess": { - "description": "Repository access credentials. This is write-only object and it never returns back to a user.", - "x-ms-mutability": [ - "create", - "update" - ], - "$ref": "#/definitions/RepositoryAccess" - }, - "repositoryResourceInfo": { - "description": "Information regarding the resources created in user's repository.", - "$ref": "#/definitions/RepositoryResourceInfo" - }, - "lastDeploymentInfo": { - "description": "Information regarding the latest deployment for the source control.", - "$ref": "#/definitions/DeploymentInfo" - }, - "pullRequest": { - "description": "Information regarding the pull request of the source control.", - "$ref": "#/definitions/PullRequest" - } - }, - "required": [ - "displayName", - "repoType", - "contentTypes", - "repository" - ], - "type": "object" - }, - "RepositoryAccess": { - "type": "object", - "description": "Credentials to access repository.", - "required": [ - "kind" - ], - "properties": { - "kind": { - "description": "The kind of repository access credentials", - "$ref": "#/definitions/RepositoryAccessKind" - }, - "code": { - "x-ms-secret": true, - "type": "string", - "description": "OAuth Code. Required when `kind` is `OAuth`" - }, - "state": { - "x-ms-secret": true, - "type": "string", - "description": "OAuth State. Required when `kind` is `OAuth`" - }, - "clientId": { - "type": "string", - "description": "OAuth ClientId. Required when `kind` is `OAuth`" - }, - "token": { - "x-ms-secret": true, - "type": "string", - "description": "Personal Access Token. Required when `kind` is `PAT`" - }, - "installationId": { - "type": "string", - "description": "Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only." - } - } - }, - "RepositoryAccessObject": { - "description": "Credentials to access repository.", - "type": "object", - "required": [ - "repositoryAccess" - ], - "properties": { - "repositoryAccess": { - "description": "RepositoryAccess properties", - "$ref": "#/definitions/RepositoryAccess", - "x-ms-client-flatten": true - } - } - }, - "RepositoryAccessProperties": { - "description": "Credentials to access repository.", - "type": "object", - "required": [ - "properties" - ], - "properties": { - "properties": { - "description": "RepositoryAccess properties", - "$ref": "#/definitions/RepositoryAccessObject", - "x-ms-client-flatten": true - } - } - }, - "Repository": { - "type": "object", - "required": [ - "url", - "branch" - ], - "description": "metadata of a repository.", - "properties": { - "url": { - "description": "Url of repository.", - "type": "string" - }, - "branch": { - "description": "Branch name of repository.", - "type": "string" - }, - "displayUrl": { - "description": "Display url of repository.", - "type": "string" - }, - "deploymentLogsUrl": { - "description": "Url to access repository action logs.", - "type": "string", - "readOnly": true - } - } - }, - "ServicePrincipal": { - "type": "object", - "description": "Service principal metadata.", - "properties": { - "id": { - "description": "Id of service principal.", - "type": "string", - "readOnly": true - }, - "tenantId": { - "description": "Tenant id of service principal.", - "type": "string", - "readOnly": true - }, - "appId": { - "description": "App id of service principal.", - "type": "string", - "readOnly": true - }, - "credentialsExpireOn": { - "format": "date-time", - "description": "Expiration time of service principal credentials.", - "type": "string" - } - } - }, - "WorkloadIdentityFederation": { - "type": "object", - "description": "Workload Identity Federation metadata.", - "properties": { - "id": { - "description": "Id of Workload Identity Federation.", - "type": "string", - "readOnly": true - }, - "tenantId": { - "description": "Tenant id of Workload Identity Federation.", - "type": "string", - "readOnly": true - }, - "appId": { - "description": "App id of Workload Identity Federation.", - "type": "string", - "readOnly": true - }, - "subject": { - "description": "Subject of Workload Identity Federation.", - "type": "string", - "readOnly": true - }, - "issuer": { - "description": "Issuer of Workload Identity Federation.", - "type": "string", - "readOnly": true - } - } - }, - "RepositoryResourceInfo": { - "type": "object", - "description": "Resources created in user's repository for the source-control.", - "properties": { - "webhook": { - "type": "object", - "description": "The webhook object created for the source-control.", - "$ref": "#/definitions/Webhook" - }, - "gitHubResourceInfo": { - "type": "object", - "description": "Resources created in GitHub for this source-control.", - "$ref": "#/definitions/GitHubResourceInfo" - }, - "azureDevOpsResourceInfo": { - "type": "object", - "description": "Resources created in Azure DevOps for this source-control.", - "$ref": "#/definitions/AzureDevOpsResourceInfo" - } - } - }, - "Webhook": { - "description": "Detail about the webhook object.", - "type": "object", - "properties": { - "webhookId": { - "description": "Unique identifier for the webhook.", - "type": "string", - "readOnly": true - }, - "webhookUrl": { - "description": "URL that gets invoked by the webhook.", - "type": "string", - "readOnly": true - }, - "webhookSecretUpdateTime": { - "format": "date-time", - "description": "Time when the webhook secret was updated.", - "type": "string", - "readOnly": true - }, - "rotateWebhookSecret": { - "description": "A flag to instruct the backend service to rotate webhook secret.", - "type": "boolean" - } - } - }, - "GitHubResourceInfo": { - "readOnly": true, - "description": "Resources created in GitHub repository.", - "type": "object", - "properties": { - "appInstallationId": { - "description": "GitHub application installation id.", - "type": "string" - } - } - }, - "AzureDevOpsResourceInfo": { - "readOnly": true, - "description": "Resources created in Azure DevOps repository.", - "type": "object", - "properties": { - "pipelineId": { - "description": "Id of the pipeline created for the source-control.", - "type": "string" - }, - "serviceConnectionId": { - "description": "Id of the service-connection created for the source-control.", - "type": "string" - } - } - }, - "DeploymentInfo": { - "readOnly": true, - "description": "Information regarding a deployment.", - "type": "object", - "properties": { - "deploymentFetchStatus": { - "$ref": "#/definitions/DeploymentFetchStatus", - "description": "Status while fetching the last deployment.", - "type": "string" - }, - "deployment": { - "$ref": "#/definitions/Deployment", - "description": "Deployment information.", - "type": "object" - }, - "message": { - "description": "Additional details about the deployment that can be shown to the user.", - "type": "string" - } - } - }, - "Deployment": { - "description": "Description about a deployment.", - "type": "object", - "properties": { - "deploymentId": { - "description": "Deployment identifier.", - "type": "string" - }, - "deploymentState": { - "$ref": "#/definitions/DeploymentState", - "description": "Current status of the deployment.", - "type": "string" - }, - "deploymentResult": { - "$ref": "#/definitions/DeploymentResult", - "description": "The outcome of the deployment.", - "type": "string" - }, - "deploymentTime": { - "format": "date-time", - "description": "The time when the deployment finished.", - "type": "string" - }, - "deploymentLogsUrl": { - "description": "Url to access repository action logs.", - "type": "string" - } - } - }, - "ContentType": { - "description": "The content type of a source control path.", - "enum": [ - "AnalyticsRule", - "AutomationRule", - "HuntingQuery", - "Parser", - "Playbook", - "Workbook" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "ContentType", - "values": [ - { - "value": "AnalyticsRule" - }, - { - "value": "AutomationRule" - }, - { - "value": "HuntingQuery" - }, - { - "value": "Parser" - }, - { - "value": "Playbook" - }, - { - "value": "Workbook" - } - ] - } - }, - "RepoType": { - "description": "The type of repository.", - "enum": [ - "Github", - "AzureDevOps" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "RepoType", - "values": [ - { - "value": "Github" - }, - { - "value": "AzureDevOps" - } - ] - } - }, - "RepositoryAccessKind": { - "description": "The kind of repository access credentials", - "enum": [ - "OAuth", - "PAT", - "App" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "RepositoryAccessKind", - "values": [ - { - "value": "OAuth" - }, - { - "value": "PAT" - }, - { - "value": "App" - } - ] - } - }, - "Version": { - "readOnly": true, - "description": "The version of the source control.", - "enum": [ - "V1", - "V2" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "Version", - "values": [ - { - "value": "V1" - }, - { - "value": "V2" - } - ] - } - }, - "DeploymentFetchStatus": { - "description": "Status while trying to fetch the deployment information.", - "enum": [ - "Success", - "Unauthorized", - "NotFound" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "DeploymentFetchStatus", - "values": [ - { - "value": "Success" - }, - { - "value": "Unauthorized" - }, - { - "value": "NotFound" - } - ] - } - }, - "DeploymentState": { - "description": "The current state of the deployment.", - "enum": [ - "In_Progress", - "Completed", - "Queued", - "Canceling" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "DeploymentState", - "values": [ - { - "value": "In_Progress" - }, - { - "value": "Completed" - }, - { - "value": "Queued" - }, - { - "value": "Canceling" - } - ] - } - }, - "DeploymentResult": { - "description": "Status while trying to fetch the deployment information.", - "enum": [ - "Success", - "Canceled", - "Failed" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "DeploymentResult", - "values": [ - { - "value": "Success" - }, - { - "value": "Canceled" - }, - { - "value": "Failed" - } - ] - } - }, - "PullRequest": { - "readOnly": true, - "description": "Information regarding pull request for protected branches.", - "type": "object", - "properties": { - "url": { - "description": "URL of pull request", - "type": "string", - "readOnly": true - }, - "state": { - "$ref": "#/definitions/PullRequestState", - "description": "State of the pull request", - "type": "object", - "readOnly": true - } - } - }, - "PullRequestState": { - "description": "Status of the pull request.", - "enum": [ - "Open", - "Closed" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "state", - "values": [ - { - "value": "Open" - }, - { - "value": "Closed" - } - ] - } - }, - "Warning": { - "description": "Warning response structure.", - "properties": { - "warning": { - "$ref": "#/definitions/WarningBody", - "description": "Warning data." - } - }, - "type": "object" - }, - "WarningBody": { - "readOnly": true, - "description": "Warning details.", - "properties": { - "code": { - "description": "An identifier for the warning. Codes are invariant and are intended to be consumed programmatically.", - "readOnly": true, - "type": "object", - "$ref": "#/definitions/WarningCode" - }, - "message": { - "description": "A message describing the warning, intended to be suitable for display in a user interface.", - "readOnly": true, - "type": "string" - }, - "details": { - "readOnly": true, - "type": "array", - "items": { - "$ref": "#/definitions/WarningBody" - }, - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "WarningCode": { - "readOnly": true, - "description": "The type of repository.", - "enum": [ - "SourceControlWarning_DeleteServicePrincipal", - "SourceControlWarning_DeletePipelineFromAzureDevOps", - "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", - "SourceControlWarning_DeleteRoleAssignment", - "SourceControl_DeletedWithWarnings" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "WarningCode", - "values": [ - { - "value": "SourceControlWarning_DeleteServicePrincipal" - }, - { - "value": "SourceControlWarning_DeletePipelineFromAzureDevOps" - }, - { - "value": "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub" - }, - { - "value": "SourceControlWarning_DeleteRoleAssignment" - }, - { - "value": "SourceControl_DeletedWithWarnings" - } - ] - } - } - }, - "parameters": { - "RepoTypeParameter": { - "description": "The repo type.", - "in": "body", - "name": "repoType", - "required": true, - "schema": { - "$ref": "#/definitions/RepoType" - }, - "x-ms-parameter-location": "method" - }, - "SourceControlIdParameter": { - "description": "Source control Id", - "in": "path", - "name": "sourceControlId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "SourceControl": { - "description": "The SourceControl", - "in": "body", - "name": "sourceControl", - "required": true, - "schema": { - "$ref": "#/definitions/SourceControl" - }, - "x-ms-parameter-location": "method" - }, - "RepositoryAccess": { - "description": "The repository access credentials.", - "in": "body", - "name": "repositoryAccess", - "required": true, - "schema": { - "required": [ - "repositoryAccess" - ], - "$ref": "#/definitions/RepositoryAccessProperties" - }, - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ThreatIntelligence.json deleted file mode 100644 index 4aaa70fe6ecc..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/ThreatIntelligence.json +++ /dev/null @@ -1,1097 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": { - "post": { - "x-ms-examples": { - "Create a new Threat Intelligence": { - "$ref": "./examples/threatintelligence/CreateThreatIntelligence.json" - } - }, - "tags": [ - "ThreatIntelligence" - ], - "description": "Create a new threat intelligence indicator.", - "operationId": "ThreatIntelligenceIndicator_CreateIndicator", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceProperties" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/ThreatIntelligenceInformation" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/ThreatIntelligenceInformation" - } - }, - "default": { - "description": "Error response describing why the operation failed to create indicators.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators": { - "get": { - "x-ms-examples": { - "Get all threat intelligence indicators": { - "$ref": "./examples/threatintelligence/GetThreatIntelligence.json" - } - }, - "tags": [ - "ThreatIntelligence" - ], - "description": "Get all threat intelligence indicators.", - "operationId": "ThreatIntelligenceIndicators_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataFilter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataTop" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkipToken" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataOrderBy" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/ThreatIntelligenceInformationList" - } - }, - "default": { - "description": "Error response describing why the operation failed to get indicators.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}": { - "get": { - "x-ms-examples": { - "View a threat intelligence indicator by name": { - "$ref": "./examples/threatintelligence/GetThreatIntelligenceById.json" - } - }, - "tags": [ - "ThreatIntelligence" - ], - "description": "View a threat intelligence indicator by name.", - "operationId": "ThreatIntelligenceIndicator_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/ThreatIntelligenceInformation" - } - }, - "default": { - "description": "Error response describing why the operation failed to view an indicator.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Update a threat Intelligence indicator": { - "$ref": "./examples/threatintelligence/UpdateThreatIntelligence.json" - } - }, - "tags": [ - "ThreatIntelligence" - ], - "description": "Update a threat Intelligence indicator.", - "operationId": "ThreatIntelligenceIndicator_Create", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceProperties" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/ThreatIntelligenceInformation" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/ThreatIntelligenceInformation" - } - }, - "default": { - "description": "Error response describing why the operation failed to update an indicator.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete a threat intelligence indicator": { - "$ref": "./examples/threatintelligence/DeleteThreatIntelligence.json" - } - }, - "tags": [ - "ThreatIntelligence" - ], - "description": "Delete a threat intelligence indicator.", - "operationId": "ThreatIntelligenceIndicator_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceName" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed to delete an indicator.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators": { - "post": { - "x-ms-examples": { - "Query threat intelligence indicators as per filtering criteria": { - "$ref": "./examples/threatintelligence/QueryThreatIntelligence.json" - } - }, - "tags": [ - "ThreatIntelligence" - ], - "description": "Query threat intelligence indicators as per filtering criteria.", - "operationId": "ThreatIntelligenceIndicator_QueryIndicators", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceFilteringCriteria" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/ThreatIntelligenceInformationList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics": { - "get": { - "x-ms-examples": { - "Get threat intelligence indicators metrics.": { - "$ref": "./examples/threatintelligence/CollectThreatIntelligenceMetrics.json" - } - }, - "tags": [ - "ThreatIntelligence" - ], - "description": "Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).", - "operationId": "ThreatIntelligenceIndicatorMetrics_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/ThreatIntelligenceMetricsList" - } - }, - "default": { - "description": "Error response describing why the operation failed to get metrics.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags": { - "post": { - "x-ms-examples": { - "Append tags to a threat intelligence indicator": { - "$ref": "./examples/threatintelligence/AppendTagsThreatIntelligence.json" - } - }, - "tags": [ - "ThreatIntelligence" - ], - "description": "Append tags to a threat intelligence indicator.", - "operationId": "ThreatIntelligenceIndicator_AppendTags", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceAppendTags" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "default": { - "description": "Error response describing why the operation failed to append tags.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags": { - "post": { - "x-ms-examples": { - "Replace tags to a Threat Intelligence": { - "$ref": "./examples/threatintelligence/ReplaceTagsThreatIntelligence.json" - } - }, - "tags": [ - "ThreatIntelligence" - ], - "description": "Replace tags added to a threat intelligence indicator.", - "operationId": "ThreatIntelligenceIndicator_ReplaceTags", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceReplaceTags" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/ThreatIntelligenceInformation" - } - }, - "default": { - "description": "Error response describing why the operation failed to replace tags.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "ThreatIntelligenceInformation": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Threat intelligence information object.", - "properties": { - "kind": { - "$ref": "#/definitions/ThreatIntelligenceResourceInnerKind", - "description": "The kind of the entity." - } - }, - "discriminator": "kind", - "type": "object", - "required": [ - "kind" - ] - }, - "ThreatIntelligenceInformationList": { - "description": "List of all the threat intelligence information objects.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of information objects.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of threat intelligence information objects.", - "items": { - "$ref": "#/definitions/ThreatIntelligenceInformation" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "ThreatIntelligenceIndicatorModel": { - "allOf": [ - { - "$ref": "#/definitions/ThreatIntelligenceInformation" - } - ], - "description": "Threat intelligence indicator entity.", - "properties": { - "properties": { - "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties", - "description": "Threat Intelligence Entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "indicator" - }, - "ThreatIntelligenceResourceInnerKind": { - "description": "The kind of the threat intelligence entity", - "enum": [ - "indicator" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "ThreatIntelligenceResourceInnerKind", - "values": [ - { - "description": "Entity represents threat intelligence indicator in the system.", - "value": "indicator" - } - ] - } - }, - "ThreatIntelligenceIndicatorProperties": { - "allOf": [ - { - "$ref": "./common/EntityTypes.json#/definitions/EntityCommonProperties" - } - ], - "description": "Describes threat intelligence entity properties", - "properties": { - "threatIntelligenceTags": { - "description": "List of tags", - "items": { - "description": "tag", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "lastUpdatedTimeUtc": { - "description": "Last updated time in UTC", - "type": "string" - }, - "source": { - "description": "Source of a threat intelligence entity", - "type": "string" - }, - "displayName": { - "description": "Display name of a threat intelligence entity", - "type": "string" - }, - "description": { - "description": "Description of a threat intelligence entity", - "type": "string" - }, - "indicatorTypes": { - "description": "Indicator types of threat intelligence entities", - "items": { - "description": "Indicator type of a threat intelligence entity", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "pattern": { - "description": "Pattern of a threat intelligence entity", - "type": "string" - }, - "patternType": { - "description": "Pattern type of a threat intelligence entity", - "type": "string" - }, - "patternVersion": { - "description": "Pattern version of a threat intelligence entity", - "type": "string" - }, - "killChainPhases": { - "description": "Kill chain phases", - "items": { - "description": "Kill chain phase", - "$ref": "#/definitions/ThreatIntelligenceKillChainPhase" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "parsedPattern": { - "description": "Parsed patterns", - "items": { - "description": "Parsed pattern", - "$ref": "#/definitions/ThreatIntelligenceParsedPattern" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "externalId": { - "description": "External ID of threat intelligence entity", - "type": "string" - }, - "createdByRef": { - "description": "Created by reference of threat intelligence entity", - "type": "string" - }, - "defanged": { - "description": "Is threat intelligence entity defanged", - "type": "boolean" - }, - "externalLastUpdatedTimeUtc": { - "description": "External last updated time in UTC", - "type": "string" - }, - "externalReferences": { - "description": "External References", - "items": { - "description": "external_reference", - "$ref": "#/definitions/ThreatIntelligenceExternalReference" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "granularMarkings": { - "description": "Granular Markings", - "items": { - "description": "Granular marking", - "$ref": "#/definitions/ThreatIntelligenceGranularMarkingModel" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "labels": { - "description": "Labels of threat intelligence entity", - "items": { - "description": "label", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "revoked": { - "description": "Is threat intelligence entity revoked", - "type": "boolean" - }, - "confidence": { - "description": "Confidence of threat intelligence entity", - "type": "integer", - "format": "int32" - }, - "objectMarkingRefs": { - "description": "Threat intelligence entity object marking references", - "items": { - "description": "Threat intelligence entity object marking reference", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "language": { - "description": "Language of threat intelligence entity", - "type": "string" - }, - "threatTypes": { - "description": "Threat types", - "items": { - "description": "Threat type", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "validFrom": { - "description": "Valid from", - "type": "string" - }, - "validUntil": { - "description": "Valid until", - "type": "string" - }, - "created": { - "description": "Created by", - "type": "string" - }, - "modified": { - "description": "Modified by", - "type": "string" - }, - "extensions": { - "description": "Extensions map", - "type": "object", - "additionalProperties": {} - } - }, - "type": "object" - }, - "ThreatIntelligenceKillChainPhase": { - "description": "Describes threat kill chain phase entity", - "properties": { - "killChainName": { - "description": "Kill chainName name", - "type": "string" - }, - "phaseName": { - "description": "Phase name", - "type": "string" - } - }, - "type": "object" - }, - "ThreatIntelligenceParsedPattern": { - "description": "Describes parsed pattern entity", - "properties": { - "patternTypeKey": { - "description": "Pattern type key", - "type": "string" - }, - "patternTypeValues": { - "description": "Pattern type keys", - "items": { - "description": "Pattern type key", - "$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "ThreatIntelligenceParsedPatternTypeValue": { - "description": "Describes threat kill chain phase entity", - "properties": { - "valueType": { - "description": "Type of the value", - "type": "string" - }, - "value": { - "description": "Value of parsed pattern", - "type": "string" - } - }, - "type": "object" - }, - "ThreatIntelligenceGranularMarkingModel": { - "description": "Describes threat granular marking model entity", - "properties": { - "language": { - "description": "Language granular marking model", - "type": "string" - }, - "markingRef": { - "description": "marking reference granular marking model", - "type": "integer", - "format": "int32" - }, - "selectors": { - "description": "granular marking model selectors", - "items": { - "description": "granular marking model selector", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "ThreatIntelligenceExternalReference": { - "description": "Describes external reference", - "properties": { - "description": { - "description": "External reference description", - "type": "string" - }, - "externalId": { - "description": "External reference ID", - "type": "string" - }, - "sourceName": { - "description": "External reference source name", - "type": "string" - }, - "url": { - "description": "External reference URL", - "type": "string" - }, - "hashes": { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "description": "External reference hashes" - } - }, - "type": "object" - }, - "ThreatIntelligenceFilteringCriteria": { - "description": "Filtering criteria for querying threat intelligence indicators.", - "properties": { - "pageSize": { - "description": "Page size", - "type": "integer", - "format": "int32" - }, - "minConfidence": { - "description": "Minimum confidence.", - "type": "integer", - "format": "int32" - }, - "maxConfidence": { - "description": "Maximum confidence.", - "type": "integer", - "format": "int32" - }, - "minValidUntil": { - "description": "Start time for ValidUntil filter.", - "type": "string" - }, - "maxValidUntil": { - "description": "End time for ValidUntil filter.", - "type": "string" - }, - "includeDisabled": { - "description": "Parameter to include/exclude disabled indicators.", - "type": "boolean" - }, - "sortBy": { - "description": "Columns to sort by and sorting order", - "items": { - "description": "Sort By", - "$ref": "#/definitions/ThreatIntelligenceSortingCriteria" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "sources": { - "description": "Sources of threat intelligence indicators", - "items": { - "description": "Source", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "patternTypes": { - "description": "Pattern types", - "items": { - "description": "Pattern type", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "threatTypes": { - "description": "Threat types of threat intelligence indicators", - "items": { - "description": "Threat type of a threat intelligence indicator", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "ids": { - "description": "Ids of threat intelligence indicators", - "items": { - "description": "Id of a threat intelligence indicator", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "keywords": { - "description": "Keywords for searching threat intelligence indicators", - "items": { - "description": "keyword for searching threat intelligence indicators", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "skipToken": { - "description": "Skip token.", - "type": "string" - } - }, - "type": "object" - }, - "ThreatIntelligenceSortingCriteria": { - "description": "List of available columns for sorting", - "properties": { - "itemKey": { - "description": "Column name", - "type": "string" - }, - "sortOrder": { - "$ref": "#/definitions/ThreatIntelligenceSortingOrder", - "description": "Sorting order (ascending/descending/unsorted)." - } - }, - "type": "object" - }, - "ThreatIntelligenceSortingOrder": { - "description": "Sorting order (ascending/descending/unsorted).", - "enum": [ - "unsorted", - "ascending", - "descending" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "ThreatIntelligenceSortingOrder", - "values": [ - { - "value": "unsorted" - }, - { - "value": "ascending" - }, - { - "value": "descending" - } - ] - } - }, - "ThreatIntelligenceAppendTags": { - "description": "Array of tags to be appended to the threat intelligence indicator.", - "properties": { - "threatIntelligenceTags": { - "description": "List of tags to be appended.", - "items": { - "description": "parameter", - "type": "string" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "ThreatIntelligenceMetricsList": { - "description": "List of all the threat intelligence metric fields (type/threat type/source).", - "properties": { - "value": { - "description": "Array of threat intelligence metric fields (type/threat type/source).", - "items": { - "$ref": "#/definitions/ThreatIntelligenceMetrics" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "ThreatIntelligenceMetrics": { - "description": "Threat intelligence metrics.", - "properties": { - "properties": { - "description": "Threat intelligence metrics.", - "$ref": "#/definitions/ThreatIntelligenceMetric" - } - }, - "type": "object" - }, - "ThreatIntelligenceMetric": { - "description": "Describes threat intelligence metric", - "properties": { - "lastUpdatedTimeUtc": { - "description": "Last updated indicator metric", - "type": "string" - }, - "threatTypeMetrics": { - "description": "Threat type metrics", - "items": { - "description": "parameter", - "$ref": "#/definitions/ThreatIntelligenceMetricEntity" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "patternTypeMetrics": { - "description": "Pattern type metrics", - "items": { - "description": "parameter", - "$ref": "#/definitions/ThreatIntelligenceMetricEntity" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "sourceMetrics": { - "description": "Source metrics", - "items": { - "description": "parameter", - "$ref": "#/definitions/ThreatIntelligenceMetricEntity" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "ThreatIntelligenceMetricEntity": { - "description": "Describes threat intelligence metric entity", - "properties": { - "metricName": { - "description": "Metric name", - "type": "string" - }, - "metricValue": { - "description": "Metric value", - "type": "integer", - "format": "int32" - } - }, - "type": "object" - } - }, - "parameters": { - "ThreatIntelligenceName": { - "description": "Threat intelligence indicator name field.", - "in": "path", - "name": "name", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ThreatIntelligenceProperties": { - "description": "Properties of threat intelligence indicators to create and update.", - "in": "body", - "name": "ThreatIntelligenceProperties", - "required": true, - "schema": { - "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" - }, - "x-ms-parameter-location": "method" - }, - "ThreatIntelligenceReplaceTags": { - "description": "Tags in the threat intelligence indicator to be replaced.", - "in": "body", - "name": "ThreatIntelligenceReplaceTags", - "required": true, - "schema": { - "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" - }, - "x-ms-parameter-location": "method" - }, - "ThreatIntelligenceFilteringCriteria": { - "description": "Filtering criteria for querying threat intelligence indicators.", - "in": "body", - "name": "ThreatIntelligenceFilteringCriteria", - "required": true, - "schema": { - "$ref": "#/definitions/ThreatIntelligenceFilteringCriteria" - }, - "x-ms-parameter-location": "method" - }, - "ThreatIntelligenceIndicatorEntityKind": { - "description": "The threat intelligence entity kind", - "in": "query", - "name": "ctiEntityKind", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ThreatIntelligenceAppendTags": { - "description": "The threat intelligence append tags request body", - "in": "body", - "name": "ThreatIntelligenceAppendTags", - "required": true, - "schema": { - "$ref": "#/definitions/ThreatIntelligenceAppendTags" - }, - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Watchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Watchlists.json deleted file mode 100644 index 858996998bc4..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/Watchlists.json +++ /dev/null @@ -1,793 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists": { - "get": { - "x-ms-examples": { - "Get all watchlists.": { - "$ref": "./examples/watchlists/GetWatchlists.json" - } - }, - "tags": [ - "Watchlists" - ], - "description": "Get all watchlists, without watchlist items.", - "operationId": "Watchlists_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkipToken" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/WatchlistList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}": { - "get": { - "x-ms-examples": { - "Get a watchlist.": { - "$ref": "./examples/watchlists/GetWatchlistByAlias.json" - } - }, - "tags": [ - "Watchlists" - ], - "description": "Get a watchlist, without its watchlist items.", - "operationId": "Watchlists_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/WatchlistAlias" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/Watchlist" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete a watchlist.": { - "$ref": "./examples/watchlists/DeleteWatchlist.json" - } - }, - "tags": [ - "Watchlists" - ], - "description": "Delete a watchlist.", - "operationId": "Watchlists_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/WatchlistAlias" - } - ], - "responses": { - "202": { - "description": "OK", - "headers": { - "Azure-AsyncOperation": { - "description": "Contains the status URL on which clients are expected to poll the status of the delete operation.", - "type": "string" - }, - "Location": { - "description": "Location URL to poll for result.", - "type": "string" - } - } - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-long-running-operation": true, - "x-ms-long-running-operation-options": { - "final-state-via": "azure-async-operation" - } - }, - "put": { - "x-ms-examples": { - "Create or update a watchlist.": { - "$ref": "./examples/watchlists/CreateWatchlist.json" - }, - "Create or update a watchlist and bulk creates watchlist items.": { - "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItems.json" - } - }, - "tags": [ - "Watchlists" - ], - "description": "Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with rawContent and contentType properties.", - "operationId": "Watchlists_CreateOrUpdate", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/WatchlistAlias" - }, - { - "$ref": "#/parameters/Watchlist" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/Watchlist" - } - }, - "201": { - "description": "Created. The response includes the Provisioning State and the Azure-AsyncOperation header. To get the progress of the operation, call GET operation on the URL in Azure-AsyncOperation header field.", - "schema": { - "$ref": "#/definitions/Watchlist" - }, - "headers": { - "Azure-AsyncOperation": { - "description": "Contains the status URL on which clients are expected to poll the status of the operation.", - "type": "string" - } - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-long-running-operation": true, - "x-ms-long-running-operation-options": { - "final-state-via": "azure-async-operation" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems": { - "get": { - "x-ms-examples": { - "Get all watchlist Items.": { - "$ref": "./examples/watchlists/GetWatchlistItems.json" - } - }, - "tags": [ - "WatchlistItems" - ], - "description": "Get all watchlist Items.", - "operationId": "WatchlistItems_List", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/WatchlistAlias" - }, - { - "$ref": "./common/2.0/types.json#/parameters/ODataSkipToken" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/WatchlistItemList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": { - "get": { - "x-ms-examples": { - "Get a watchlist item.": { - "$ref": "./examples/watchlists/GetWatchlistItemById.json" - } - }, - "tags": [ - "WatchlistItems" - ], - "description": "Get a watchlist item.", - "operationId": "WatchlistItems_Get", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/WatchlistAlias" - }, - { - "$ref": "#/parameters/WatchlistItemId" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/WatchlistItem" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete a watchlist item.": { - "$ref": "./examples/watchlists/DeleteWatchlistItem.json" - } - }, - "tags": [ - "WatchlistItems" - ], - "description": "Delete a watchlist item.", - "operationId": "WatchlistItems_Delete", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/WatchlistAlias" - }, - { - "$ref": "#/parameters/WatchlistItemId" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Create or update a watchlist item.": { - "$ref": "./examples/watchlists/CreateWatchlistItem.json" - } - }, - "tags": [ - "WatchlistItems" - ], - "description": "Create or update a watchlist item.", - "operationId": "WatchlistItems_CreateOrUpdate", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/WatchlistAlias" - }, - { - "$ref": "#/parameters/WatchlistItemId" - }, - { - "$ref": "#/parameters/WatchlistItem" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/WatchlistItem" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/WatchlistItem" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "WatchlistList": { - "description": "List all the watchlists.", - "type": "object", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of watchlists.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of watchlist.", - "items": { - "$ref": "#/definitions/Watchlist" - }, - "type": "array" - } - }, - "required": [ - "value" - ] - }, - "Watchlist": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Represents a Watchlist in Azure Security Insights.", - "properties": { - "properties": { - "$ref": "#/definitions/WatchlistProperties", - "description": "Watchlist properties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "WatchlistProperties": { - "description": "Describes watchlist properties", - "properties": { - "watchlistId": { - "description": "The id (a Guid) of the watchlist", - "type": "string" - }, - "displayName": { - "description": "The display name of the watchlist", - "type": "string" - }, - "provider": { - "description": "The provider of the watchlist", - "type": "string" - }, - "source": { - "description": "The filename of the watchlist, called 'source'", - "type": "string" - }, - "sourceType": { - "description": "The sourceType of the watchlist", - "enum": [ - "Local", - "AzureStorage" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "sourceType", - "values": [ - { - "description": "The source from local file.", - "value": "Local" - }, - { - "description": "The source from Azure storage.", - "value": "AzureStorage" - } - ] - } - }, - "created": { - "description": "The time the watchlist was created", - "format": "date-time", - "type": "string" - }, - "updated": { - "description": "The last time the watchlist was updated", - "format": "date-time", - "type": "string" - }, - "createdBy": { - "$ref": "./common/2.0/types.json#/definitions/UserInfo", - "description": "Describes a user that created the watchlist", - "type": "object" - }, - "updatedBy": { - "$ref": "./common/2.0/types.json#/definitions/UserInfo", - "description": "Describes a user that updated the watchlist", - "type": "object" - }, - "description": { - "description": "A description of the watchlist", - "type": "string" - }, - "watchlistType": { - "description": "The type of the watchlist", - "type": "string" - }, - "watchlistAlias": { - "description": "The alias of the watchlist", - "type": "string" - }, - "isDeleted": { - "description": "A flag that indicates if the watchlist is deleted or not", - "type": "boolean" - }, - "labels": { - "description": "List of labels relevant to this watchlist", - "items": { - "$ref": "./common/2.0/types.json#/definitions/Label" - }, - "type": "array" - }, - "defaultDuration": { - "description": "The default duration of a watchlist (in ISO 8601 duration format)", - "format": "duration", - "type": "string" - }, - "tenantId": { - "description": "The tenantId where the watchlist belongs to", - "type": "string" - }, - "numberOfLinesToSkip": { - "description": "The number of lines in a csv/tsv content to skip before the header", - "type": "integer", - "format": "int32" - }, - "rawContent": { - "description": "The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint", - "type": "string" - }, - "itemsSearchKey": { - "description": "The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.", - "type": "string" - }, - "contentType": { - "description": "The content type of the raw content. Example : text/csv or text/tsv", - "type": "string" - }, - "uploadStatus": { - "description": "The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted", - "type": "string" - }, - "provisioningState": { - "$ref": "#/definitions/ProvisioningState" - } - }, - "required": [ - "displayName", - "provider", - "itemsSearchKey" - ], - "type": "object" - }, - "WatchlistItemList": { - "description": "List all the watchlist items.", - "type": "object", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of watchlist items.", - "readOnly": true, - "type": "string" - }, - "value": { - "description": "Array of watchlist items.", - "items": { - "$ref": "#/definitions/WatchlistItem" - }, - "type": "array" - } - }, - "required": [ - "value" - ] - }, - "WatchlistItem": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "description": "Represents a Watchlist Item in Azure Security Insights.", - "properties": { - "properties": { - "$ref": "#/definitions/WatchlistItemProperties", - "description": "Watchlist Item properties", - "x-ms-client-flatten": true - } - }, - "type": "object" - }, - "WatchlistItemProperties": { - "description": "Describes watchlist item properties", - "properties": { - "watchlistItemType": { - "description": "The type of the watchlist item", - "type": "string" - }, - "watchlistItemId": { - "description": "The id (a Guid) of the watchlist item", - "type": "string" - }, - "tenantId": { - "description": "The tenantId to which the watchlist item belongs to", - "type": "string" - }, - "isDeleted": { - "description": "A flag that indicates if the watchlist item is deleted or not", - "type": "boolean" - }, - "created": { - "description": "The time the watchlist item was created", - "format": "date-time", - "type": "string" - }, - "updated": { - "description": "The last time the watchlist item was updated", - "format": "date-time", - "type": "string" - }, - "createdBy": { - "$ref": "./common/2.0/types.json#/definitions/UserInfo", - "description": "Describes a user that created the watchlist item", - "type": "object" - }, - "updatedBy": { - "$ref": "./common/2.0/types.json#/definitions/UserInfo", - "description": "Describes a user that updated the watchlist item", - "type": "object" - }, - "itemsKeyValue": { - "description": "key-value pairs for a watchlist item", - "type": "object" - }, - "entityMapping": { - "description": "key-value pairs for a watchlist item entity mapping", - "type": "object" - } - }, - "required": [ - "itemsKeyValue" - ], - "type": "object" - }, - "ProvisioningState": { - "description": "Describes provisioning state", - "enum": [ - "New", - "InProgress", - "Uploading", - "Deleting", - "Succeeded", - "Failed", - "Canceled" - ], - "type": "string", - "x-ms-enum": { - "name": "ProvisioningState", - "modelAsString": true, - "values": [ - { - "description": "The New provisioning state.", - "value": "New" - }, - { - "description": "The InProgress provisioning state.", - "value": "InProgress" - }, - { - "description": "The Uploading provisioning state.", - "value": "Uploading" - }, - { - "description": "The Deleting provisioning state.", - "value": "Deleting" - }, - { - "description": "The Succeeded provisioning state.", - "value": "Succeeded" - }, - { - "description": "The Failed provisioning state.", - "value": "Failed" - }, - { - "description": "The Canceled provisioning state.", - "value": "Canceled" - } - ] - }, - "readOnly": true - } - }, - "parameters": { - "WatchlistAlias": { - "description": "The watchlist alias", - "in": "path", - "name": "watchlistAlias", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "Watchlist": { - "description": "The watchlist", - "in": "body", - "name": "watchlist", - "required": true, - "schema": { - "$ref": "#/definitions/Watchlist" - }, - "x-ms-parameter-location": "method" - }, - "WatchlistItem": { - "description": "The watchlist item", - "in": "body", - "name": "watchlistItem", - "required": true, - "schema": { - "$ref": "#/definitions/WatchlistItem" - }, - "x-ms-parameter-location": "method" - }, - "WatchlistItemId": { - "description": "The watchlist item id (GUID)", - "in": "path", - "name": "watchlistItemId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json deleted file mode 100644 index 6211a0db155d..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json +++ /dev/null @@ -1,231 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "version": "1.0", - "title": "Common types" - }, - "paths": {}, - "definitions": { - "CloudError": { - "description": "Error response structure.", - "properties": { - "error": { - "$ref": "#/definitions/CloudErrorBody", - "description": "Error data", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-external": true - }, - "CloudErrorBody": { - "description": "Error details.", - "properties": { - "code": { - "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", - "readOnly": true, - "type": "string" - }, - "message": { - "description": "A message describing the error, intended to be suitable for display in a user interface.", - "readOnly": true, - "type": "string" - } - }, - "type": "object", - "x-ms-external": true - }, - "EntityCommonProperties": { - "description": "Entity common property bag.", - "properties": { - "additionalData": { - "additionalProperties": { - "type": "object" - }, - "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", - "readOnly": true, - "type": "object" - }, - "friendlyName": { - "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "ResourceWithEtag": { - "allOf": [ - { - "$ref": "#/definitions/Resource" - } - ], - "description": "An azure resource object with an Etag property", - "properties": { - "etag": { - "description": "Etag of the azure resource", - "type": "string" - } - }, - "type": "object" - }, - "Resource": { - "description": "An azure resource object", - "properties": { - "id": { - "description": "Azure resource Id", - "readOnly": true, - "type": "string" - }, - "name": { - "description": "Azure resource name", - "readOnly": true, - "type": "string" - }, - "type": { - "description": "Azure resource type", - "readOnly": true, - "type": "string" - }, - "systemData": { - "readOnly": true, - "type": "object", - "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", - "$ref": "../../../../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" - } - }, - "type": "object", - "x-ms-azure-resource": true - }, - "ClientInfo": { - "description": "Information on the client (user or application) that made some action", - "properties": { - "email": { - "description": "The email of the client.", - "type": "string" - }, - "name": { - "description": "The name of the client.", - "type": "string" - }, - "objectId": { - "description": "The object id of the client.", - "format": "uuid", - "type": "string" - }, - "userPrincipalName": { - "description": "The user principal name of the client.", - "type": "string" - } - }, - "type": "object" - }, - "UserInfo": { - "description": "User information that made some action", - "properties": { - "email": { - "description": "The email of the user.", - "readOnly": true, - "type": "string" - }, - "name": { - "description": "The name of the user.", - "readOnly": true, - "type": "string" - }, - "objectId": { - "description": "The object id of the user.", - "format": "uuid", - "type": "string", - "x-nullable": true - } - }, - "type": "object" - }, - "Label": { - "description": "Label that will be used to tag and filter on.", - "type": "string" - } - }, - "parameters": { - "WorkspaceName": { - "description": "The name of the workspace.", - "in": "path", - "maxLength": 90, - "minLength": 1, - "name": "workspaceName", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "OperationalInsightsResourceProvider": { - "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", - "in": "path", - "name": "operationalInsightsResourceProvider", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ResourceGroupName": { - "description": "The name of the resource group within the user's subscription. The name is case insensitive.", - "in": "path", - "maxLength": 90, - "minLength": 1, - "name": "resourceGroupName", - "pattern": "^[-\\w\\._\\(\\)]+$", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "SubscriptionId": { - "description": "Azure subscription ID", - "in": "path", - "name": "subscriptionId", - "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", - "required": true, - "type": "string" - }, - "ODataFilter": { - "description": "Filters the results, based on a Boolean condition. Optional.", - "in": "query", - "name": "$filter", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataOrderBy": { - "description": "Sorts the results. Optional.", - "in": "query", - "name": "$orderby", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataSkipToken": { - "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", - "in": "query", - "name": "$skipToken", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataTop": { - "description": "Returns only the first n results. Optional.", - "format": "int32", - "in": "query", - "name": "$top", - "required": false, - "type": "integer", - "x-ms-parameter-location": "method" - }, - "ODataSkip": { - "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", - "in": "query", - "name": "$skip", - "required": false, - "type": "integer", - "format": "int32", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/2.0/types.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/2.0/types.json deleted file mode 100644 index c5956613d39a..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/2.0/types.json +++ /dev/null @@ -1,189 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "version": "2.0", - "title": "Common types" - }, - "paths": {}, - "definitions": { - "ResourceWithEtag": { - "allOf": [ - { - "$ref": "../../../../../../../../common-types/resource-management/v5/types.json#/definitions/Resource" - } - ], - "description": "An azure resource object with an Etag property", - "properties": { - "etag": { - "description": "Etag of the azure resource", - "type": "string" - } - }, - "type": "object" - }, - "ClientInfo": { - "description": "Information on the client (user or application) that made some action", - "properties": { - "email": { - "description": "The email of the client.", - "type": "string" - }, - "name": { - "description": "The name of the client.", - "type": "string" - }, - "objectId": { - "description": "The object id of the client.", - "format": "uuid", - "type": "string" - }, - "userPrincipalName": { - "description": "The user principal name of the client.", - "type": "string" - } - }, - "type": "object" - }, - "UserInfo": { - "description": "User information that made some action", - "properties": { - "email": { - "description": "The email of the user.", - "readOnly": true, - "type": "string" - }, - "name": { - "description": "The name of the user.", - "readOnly": true, - "type": "string" - }, - "objectId": { - "description": "The object id of the user.", - "format": "uuid", - "type": "string", - "x-nullable": true - } - }, - "type": "object" - }, - "Label": { - "description": "Label that will be used to tag and filter on.", - "type": "string" - }, - "CloudError": { - "description": "Error response structure.", - "x-ms-external": true, - "properties": { - "error": { - "$ref": "#/definitions/CloudErrorBody", - "description": "Error data" - } - }, - "type": "object" - }, - "CloudErrorBody": { - "x-ms-external": true, - "description": "Error details.", - "properties": { - "code": { - "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", - "readOnly": true, - "type": "string" - }, - "message": { - "description": "A message describing the error, intended to be suitable for display in a user interface.", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - } - }, - "parameters": { - "WorkspaceName": { - "description": "The name of the workspace.", - "in": "path", - "maxLength": 90, - "minLength": 1, - "name": "workspaceName", - "required": true, - "type": "string", - "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", - "x-ms-parameter-location": "method" - }, - "OperationalInsightsResourceProvider": { - "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", - "in": "path", - "name": "operationalInsightsResourceProvider", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataFilter": { - "description": "Filters the results, based on a Boolean condition. Optional.", - "in": "query", - "name": "$filter", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataOrderBy": { - "description": "Sorts the results. Optional.", - "in": "query", - "name": "$orderby", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataSkipToken": { - "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", - "in": "query", - "name": "$skipToken", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataTop": { - "description": "Returns only the first n results. Optional.", - "format": "int32", - "in": "query", - "name": "$top", - "required": false, - "type": "integer", - "x-ms-parameter-location": "method" - }, - "ODataSkip": { - "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", - "in": "query", - "name": "$skip", - "required": false, - "type": "integer", - "format": "int32", - "x-ms-parameter-location": "method" - }, - "ODataExpand": { - "description": "Expands the object with optional fiends that are not included by default. Optional.", - "in": "query", - "name": "$expand", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataSearch": { - "description": "Searches for a substring in the response. Optional.", - "in": "query", - "name": "$search", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataCount": { - "description": "Instructs the server to return only object count without actual body. Optional.", - "in": "query", - "name": "$count", - "required": false, - "type": "boolean", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/AlertTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/AlertTypes.json deleted file mode 100644 index 0773867ffe61..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/AlertTypes.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "version": "2025-09-01", - "title": "Common Alert types" - }, - "paths": {}, - "definitions": { - "AlertSeverityEnum": { - "description": "The severity of the alert", - "enum": [ - "High", - "Medium", - "Low", - "Informational" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AlertSeverity", - "values": [ - { - "description": "High severity", - "value": "High" - }, - { - "description": "Medium severity", - "value": "Medium" - }, - { - "description": "Low severity", - "value": "Low" - }, - { - "description": "Informational severity", - "value": "Informational" - } - ] - } - }, - "AttackTactic": { - "description": "The severity for alerts created by this alert rule.", - "enum": [ - "Reconnaissance", - "ResourceDevelopment", - "InitialAccess", - "Execution", - "Persistence", - "PrivilegeEscalation", - "DefenseEvasion", - "CredentialAccess", - "Discovery", - "LateralMovement", - "Collection", - "Exfiltration", - "CommandAndControl", - "Impact", - "PreAttack", - "ImpairProcessControl", - "InhibitResponseFunction" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AttackTactic" - } - } - }, - "parameters": {} -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/ContentCommonTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/ContentCommonTypes.json deleted file mode 100644 index 1d9fff17e7eb..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/ContentCommonTypes.json +++ /dev/null @@ -1,666 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "version": "2025-09-01", - "title": "Common content metadata types" - }, - "paths": {}, - "definitions": { - "metadataContentId": { - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a metadata, both will have the same contentId.", - "type": "string" - }, - "metadataParentId": { - "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)", - "type": "string" - }, - "metadataDisplayName": { - "description": "DisplayName of the content.", - "type": "string" - }, - "metadataVersion": { - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks", - "type": "string" - }, - "metadataPackageKind": { - "description": "The package kind", - "enum": [ - "Solution", - "Standalone" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "packageKind", - "values": [ - { - "value": "Solution" - }, - { - "value": "Standalone" - } - ] - } - }, - "metadataKind": { - "type": "string", - "description": "The kind of content the metadata is for.", - "enum": [ - "DataConnector", - "DataType", - "Workbook", - "WorkbookTemplate", - "Playbook", - "PlaybookTemplate", - "AnalyticsRuleTemplate", - "AnalyticsRule", - "HuntingQuery", - "InvestigationQuery", - "Parser", - "Watchlist", - "WatchlistTemplate", - "Solution", - "AzureFunction", - "LogicAppsCustomConnector", - "AutomationRule", - "ResourcesDataConnector", - "Notebook", - "Standalone", - "SummaryRule" - ], - "x-ms-enum": { - "modelAsString": true, - "name": "kind", - "values": [ - { - "value": "DataConnector" - }, - { - "value": "DataType" - }, - { - "value": "Workbook" - }, - { - "value": "WorkbookTemplate" - }, - { - "value": "Playbook" - }, - { - "value": "PlaybookTemplate" - }, - { - "value": "AnalyticsRuleTemplate" - }, - { - "value": "AnalyticsRule" - }, - { - "value": "HuntingQuery" - }, - { - "value": "InvestigationQuery" - }, - { - "value": "Parser" - }, - { - "value": "Watchlist" - }, - { - "value": "WatchlistTemplate" - }, - { - "value": "Solution" - }, - { - "value": "AzureFunction" - }, - { - "value": "LogicAppsCustomConnector" - }, - { - "value": "AutomationRule" - }, - { - "value": "ResourcesDataConnector", - "description": "The Codeless Connector Platform (CCP) Connectors" - }, - { - "value": "Notebook", - "description": "Jupyter Notebooks" - }, - { - "value": "Standalone", - "description": "one-off / standalone content contributed by community contributors" - }, - { - "value": "SummaryRule", - "description": "Summary rules perform batch processing directly in your Log Analytics workspace." - } - ] - } - }, - "metadataTrueFalseFlag": { - "type": "string", - "description": "The boolean value the metadata is for.", - "enum": [ - "true", - "false" - ], - "x-ms-enum": { - "modelAsString": true, - "name": "flag", - "values": [ - { - "value": "true" - }, - { - "value": "false" - } - ] - } - }, - "metadataSource": { - "description": "The original source of the content item, where it comes from.", - "type": "object", - "required": [ - "kind" - ], - "properties": { - "kind": { - "description": "Source type of the content", - "type": "string", - "enum": [ - "LocalWorkspace", - "Community", - "Solution", - "SourceRepository" - ], - "x-ms-enum": { - "modelAsString": true, - "name": "sourceKind", - "values": [ - { - "value": "LocalWorkspace" - }, - { - "value": "Community" - }, - { - "value": "Solution" - }, - { - "value": "SourceRepository" - } - ] - } - }, - "name": { - "description": "Name of the content source. The repo name, solution name, LA workspace name etc.", - "type": "string" - }, - "sourceId": { - "description": "ID of the content source. The solution ID, workspace ID, etc", - "type": "string" - } - } - }, - "metadataAuthor": { - "type": "object", - "description": "Publisher or creator of the content item.", - "properties": { - "name": { - "description": "Name of the author. Company or person.", - "type": "string" - }, - "email": { - "description": "Email of author contact", - "type": "string" - }, - "link": { - "description": "Link for author/vendor page", - "type": "string" - } - } - }, - "metadataSupport": { - "type": "object", - "description": "Support information for the content item.", - "required": [ - "tier" - ], - "properties": { - "tier": { - "description": "Type of support for content item", - "type": "string", - "enum": [ - "Microsoft", - "Partner", - "Community" - ], - "x-ms-enum": { - "modelAsString": true, - "name": "supportTier", - "values": [ - { - "value": "Microsoft" - }, - { - "value": "Partner" - }, - { - "value": "Community" - } - ] - } - }, - "name": { - "description": "Name of the support contact. Company or person.", - "type": "string" - }, - "email": { - "description": "Email of support contact", - "type": "string" - }, - "link": { - "description": "Link for support help, like to support page to open a ticket etc.", - "type": "string" - } - } - }, - "metadataDependencies": { - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", - "type": "object", - "properties": { - "contentId": { - "description": "Id of the content item we depend on", - "$ref": "#/definitions/metadataContentId" - }, - "kind": { - "description": "Type of the content item we depend on", - "$ref": "#/definitions/metadataKind" - }, - "version": { - "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.", - "$ref": "#/definitions/metadataVersion" - }, - "name": { - "description": "Name of the content item", - "type": "string" - }, - "operator": { - "description": "Operator used for list of dependencies in criteria array.", - "type": "string", - "enum": [ - "AND", - "OR" - ], - "x-ms-enum": { - "modelAsString": true, - "name": "operator", - "values": [ - { - "value": "AND" - }, - { - "value": "OR" - } - ] - } - }, - "criteria": { - "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", - "type": "array", - "items": { - "$ref": "#/definitions/metadataDependencies", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." - }, - "x-ms-identifiers": [ - "contentId" - ], - "example": [ - { - "kind": "DataConnector", - "contentId": "68b1de8a-b635-430d-b208-01ba3dda5877", - "version": "1.0.0" - }, - { - "kind": "Workbook", - "contentId": "ad903b46-9905-4504-9825-3bcce796da8e", - "version": "1.0.0" - } - ] - } - } - }, - "metadataCategories": { - "type": "object", - "description": "ies for the solution content item", - "properties": { - "domains": { - "description": "domain for the solution content item", - "type": "array", - "example": [ - "str1", - "str2", - "str3" - ], - "items": { - "type": "string" - } - }, - "verticals": { - "description": "Industry verticals for the solution content item", - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "str1", - "str2", - "str3" - ] - } - } - }, - "metadataProviders": { - "description": "Providers for the solution content item", - "type": "array", - "example": [ - "str1", - "str2", - "str3" - ], - "items": { - "type": "string" - } - }, - "metadataFirstPublishDate": { - "description": "first publish date of solution content item", - "type": "string", - "format": "date" - }, - "metadataLastPublishDate": { - "description": "last publish date of solution content item", - "type": "string", - "format": "date" - }, - "metadataCustomVersion": { - "description": "The custom version of the content. A optional free text", - "type": "string" - }, - "metadataContentSchemaVersion": { - "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version", - "type": "string" - }, - "metadataIcon": { - "description": "the icon identifier. this id can later be fetched from the metadata", - "type": "string" - }, - "metadataThreatAnalysisTactics": { - "description": "the tactics the resource covers", - "type": "array", - "example": [ - "reconnaissance", - "exfiltration" - ], - "items": { - "type": "string" - } - }, - "metadataThreatAnalysisTechniques": { - "description": "the techniques the resource covers, these have to be aligned with the tactics being used", - "type": "array", - "example": [ - "T1548", - "T1548.001", - "T1134.003" - ], - "items": { - "type": "string" - } - }, - "metadataPreviewImages": { - "description": "preview image file names. These will be taken from the solution artifacts", - "type": "array", - "example": [ - "example.png", - "example2.jpeg" - ], - "items": { - "type": "string" - } - }, - "metadataPreviewImagesDark": { - "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", - "type": "array", - "example": [ - "example.png", - "example2.jpeg" - ], - "items": { - "type": "string" - } - }, - "metadataTags": { - "description": "the tags assigned to the resource", - "type": "array", - "example": [ - "str1", - "str2", - "str3" - ], - "items": { - "type": "string" - } - }, - "templateBaseProperties": { - "description": "Template property bag.", - "type": "object", - "properties": { - "contentId": { - "$ref": "#/definitions/metadataContentId", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "$ref": "#/definitions/metadataVersion", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "$ref": "#/definitions/metadataVersion", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "$ref": "#/definitions/metadataDisplayName", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/metadataKind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, - "author": { - "$ref": "#/definitions/metadataAuthor", - "description": "The creator of the content item." - }, - "support": { - "$ref": "#/definitions/metadataSupport", - "description": "Support information for the template - type, name, contact information" - }, - "dependencies": { - "$ref": "#/definitions/metadataDependencies", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." - }, - "categories": { - "$ref": "#/definitions/metadataCategories", - "description": "Categories for the item" - }, - "providers": { - "$ref": "#/definitions/metadataProviders", - "description": "Providers for the content item" - }, - "firstPublishDate": { - "$ref": "#/definitions/metadataFirstPublishDate", - "description": "first publish date content item" - }, - "lastPublishDate": { - "$ref": "#/definitions/metadataLastPublishDate", - "description": "last publish date for the content item" - }, - "customVersion": { - "$ref": "#/definitions/metadataCustomVersion", - "description": "The custom version of the content. A optional free text" - }, - "contentSchemaVersion": { - "$ref": "#/definitions/metadataContentSchemaVersion", - "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" - }, - "icon": { - "$ref": "#/definitions/metadataIcon", - "description": "the icon identifier. this id can later be fetched from the content metadata" - }, - "threatAnalysisTactics": { - "$ref": "#/definitions/metadataThreatAnalysisTactics", - "description": "the tactics the resource covers" - }, - "threatAnalysisTechniques": { - "$ref": "#/definitions/metadataThreatAnalysisTechniques", - "description": "the techniques the resource covers, these have to be aligned with the tactics being used" - }, - "previewImages": { - "$ref": "#/definitions/metadataPreviewImages", - "description": "preview image file names. These will be taken from the solution artifacts" - }, - "previewImagesDark": { - "$ref": "#/definitions/metadataPreviewImagesDark", - "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" - }, - "packageId": { - "$ref": "#/definitions/metadataContentId", - "description": "the package Id contains this template" - }, - "packageKind": { - "$ref": "#/definitions/metadataPackageKind", - "description": "the packageKind of the package contains this template" - }, - "packageName": { - "$ref": "#/definitions/metadataDisplayName", - "description": "the name of the package contains this template" - }, - "isDeprecated": { - "$ref": "#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this template is deprecated", - "readOnly": true - } - } - }, - "packageBaseProperties": { - "description": "Describes package properties", - "properties": { - "contentId": { - "$ref": "#/definitions/metadataContentId", - "description": "The content id of the package" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, - "contentKind": { - "$ref": "#/definitions/metadataPackageKind", - "description": "The package kind" - }, - "contentSchemaVersion": { - "$ref": "#/definitions/metadataVersion", - "description": "The version of the content schema." - }, - "isNew": { - "$ref": "#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this is a newly published package." - }, - "isPreview": { - "$ref": "#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this package is in preview." - }, - "isFeatured": { - "$ref": "#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this package is among the featured list." - }, - "isDeprecated": { - "$ref": "#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this template is deprecated" - }, - "version": { - "$ref": "#/definitions/metadataVersion", - "description": "the latest version number of the package" - }, - "displayName": { - "$ref": "#/definitions/metadataDisplayName", - "description": "The display name of the package" - }, - "description": { - "description": "The description of the package", - "type": "string" - }, - "publisherDisplayName": { - "$ref": "#/definitions/metadataDisplayName", - "description": "The publisher display name of the package" - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "The source of the package" - }, - "author": { - "$ref": "#/definitions/metadataAuthor", - "description": "The author of the package" - }, - "support": { - "$ref": "#/definitions/metadataSupport", - "description": "The support tier of the package" - }, - "dependencies": { - "$ref": "#/definitions/metadataDependencies", - "description": "The support tier of the package" - }, - "providers": { - "$ref": "#/definitions/metadataProviders", - "description": "Providers for the package item" - }, - "firstPublishDate": { - "$ref": "#/definitions/metadataFirstPublishDate", - "description": "first publish date package item" - }, - "lastPublishDate": { - "$ref": "#/definitions/metadataLastPublishDate", - "description": "last publish date for the package item" - }, - "categories": { - "$ref": "#/definitions/metadataCategories", - "description": "The categories of the package" - }, - "threatAnalysisTactics": { - "$ref": "#/definitions/metadataThreatAnalysisTactics", - "description": "the tactics the resource covers" - }, - "threatAnalysisTechniques": { - "$ref": "#/definitions/metadataThreatAnalysisTechniques", - "description": "the techniques the resource covers, these have to be aligned with the tactics being used" - }, - "icon": { - "$ref": "#/definitions/metadataIcon", - "description": "the icon identifier. this id can later be fetched from the content metadata" - } - }, - "type": "object" - } - }, - "parameters": {} -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/EntityTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/EntityTypes.json deleted file mode 100644 index cab1cf9bfa6e..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/EntityTypes.json +++ /dev/null @@ -1,2287 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "version": "2025-09-01", - "title": "Common Entity types" - }, - "paths": {}, - "definitions": { - "AccountEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents an account entity.", - "properties": { - "properties": { - "$ref": "#/definitions/AccountEntityProperties", - "description": "Account entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Account" - }, - "AccountEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Account entity property bag.", - "properties": { - "aadTenantId": { - "description": "The Azure Active Directory tenant id.", - "readOnly": true, - "type": "string" - }, - "aadUserId": { - "description": "The Azure Active Directory user id.", - "readOnly": true, - "type": "string" - }, - "accountName": { - "description": "The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.", - "readOnly": true, - "type": "string" - }, - "displayName": { - "description": "The display name of the account.", - "readOnly": true, - "type": "string" - }, - "hostEntityId": { - "description": "The Host entity id that contains the account in case it is a local account (not domain joined)", - "readOnly": true, - "type": "string" - }, - "isDomainJoined": { - "description": "Determines whether this is a domain account.", - "readOnly": true, - "type": "boolean" - }, - "ntDomain": { - "description": "The NetBIOS domain name as it appears in the alert format - domain\\username. Examples: NT AUTHORITY.", - "readOnly": true, - "type": "string" - }, - "objectGuid": { - "description": "The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.", - "format": "uuid", - "readOnly": true, - "type": "string" - }, - "puid": { - "description": "The Azure Active Directory Passport User ID.", - "readOnly": true, - "type": "string" - }, - "sid": { - "description": "The account security identifier, e.g. S-1-5-18.", - "readOnly": true, - "type": "string" - }, - "upnSuffix": { - "description": "The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.", - "readOnly": true, - "type": "string" - }, - "dnsDomain": { - "description": "The fully qualified domain DNS name.", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "AzureResourceEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents an azure resource entity.", - "properties": { - "properties": { - "$ref": "#/definitions/AzureResourceEntityProperties", - "description": "AzureResource entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "AzureResource" - }, - "AzureResourceEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "AzureResource entity property bag.", - "properties": { - "resourceId": { - "description": "The azure resource id of the resource", - "readOnly": true, - "type": "string" - }, - "subscriptionId": { - "description": "The subscription id of the resource", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "CloudApplicationEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a cloud application entity.", - "properties": { - "properties": { - "$ref": "#/definitions/CloudApplicationEntityProperties", - "description": "CloudApplication entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "CloudApplication" - }, - "CloudApplicationEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "CloudApplication entity property bag.", - "properties": { - "appId": { - "description": "The technical identifier of the application.", - "readOnly": true, - "type": "integer", - "format": "int32" - }, - "appName": { - "description": "The name of the related cloud application.", - "readOnly": true, - "type": "string" - }, - "instanceName": { - "description": "The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "DnsEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a dns entity.", - "properties": { - "properties": { - "$ref": "#/definitions/DnsEntityProperties", - "description": "Dns entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "DnsResolution" - }, - "DnsEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Dns entity property bag.", - "properties": { - "dnsServerIpEntityId": { - "description": "An ip entity id for the dns server resolving the request", - "readOnly": true, - "type": "string" - }, - "domainName": { - "description": "The name of the dns record associated with the alert", - "readOnly": true, - "type": "string" - }, - "hostIpAddressEntityId": { - "description": "An ip entity id for the dns request client", - "readOnly": true, - "type": "string" - }, - "ipAddressEntityIds": { - "description": "Ip entity identifiers for the resolved ip address.", - "items": { - "description": "Ip entity id", - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "Entity": { - "allOf": [ - { - "$ref": "../../../../../../../common-types/resource-management/v5/types.json#/definitions/Resource" - } - ], - "properties": { - "kind": { - "$ref": "#/definitions/EntityInnerKind", - "description": "The kind of the entity." - } - }, - "description": "Specific entity.", - "discriminator": "kind", - "type": "object", - "required": [ - "kind" - ] - }, - "EntityEdges": { - "description": "The edge that connects the entity to the other entity.", - "properties": { - "targetEntityId": { - "description": "The target entity Id.", - "type": "string" - }, - "additionalData": { - "additionalProperties": { - "type": "object" - }, - "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", - "type": "object" - } - }, - "type": "object" - }, - "EntityInnerKind": { - "description": "The kind of the entity", - "enum": [ - "Account", - "Host", - "File", - "AzureResource", - "CloudApplication", - "DnsResolution", - "FileHash", - "Ip", - "Malware", - "Process", - "RegistryKey", - "RegistryValue", - "SecurityGroup", - "Url", - "IoTDevice", - "SecurityAlert", - "Bookmark", - "Mailbox", - "MailCluster", - "MailMessage", - "SubmissionMail" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "EntityKindEnum", - "values": [ - { - "description": "Entity represents account in the system.", - "value": "Account" - }, - { - "description": "Entity represents host in the system.", - "value": "Host" - }, - { - "description": "Entity represents file in the system.", - "value": "File" - }, - { - "description": "Entity represents azure resource in the system.", - "value": "AzureResource" - }, - { - "description": "Entity represents cloud application in the system.", - "value": "CloudApplication" - }, - { - "description": "Entity represents dns resolution in the system.", - "value": "DnsResolution" - }, - { - "description": "Entity represents file hash in the system.", - "value": "FileHash" - }, - { - "description": "Entity represents ip in the system.", - "value": "Ip" - }, - { - "description": "Entity represents malware in the system.", - "value": "Malware" - }, - { - "description": "Entity represents process in the system.", - "value": "Process" - }, - { - "description": "Entity represents registry key in the system.", - "value": "RegistryKey" - }, - { - "description": "Entity represents registry value in the system.", - "value": "RegistryValue" - }, - { - "description": "Entity represents security group in the system.", - "value": "SecurityGroup" - }, - { - "description": "Entity represents url in the system.", - "value": "Url" - }, - { - "description": "Entity represents IoT device in the system.", - "value": "IoTDevice" - }, - { - "description": "Entity represents security alert in the system.", - "value": "SecurityAlert" - }, - { - "description": "Entity represents bookmark in the system.", - "value": "Bookmark" - }, - { - "description": "Entity represents mail cluster in the system.", - "value": "MailCluster" - }, - { - "description": "Entity represents mail message in the system.", - "value": "MailMessage" - }, - { - "description": "Entity represents mailbox in the system.", - "value": "Mailbox" - }, - { - "description": "Entity represents submission mail in the system.", - "value": "SubmissionMail" - } - ] - } - }, - "EntityKind": { - "description": "Describes an entity with kind.", - "properties": { - "kind": { - "$ref": "#/definitions/EntityInnerKind", - "description": "The kind of the entity." - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "FileEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a file entity.", - "properties": { - "properties": { - "$ref": "#/definitions/FileEntityProperties", - "description": "File entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "File" - }, - "FileEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "File entity property bag.", - "properties": { - "directory": { - "description": "The full path to the file.", - "readOnly": true, - "type": "string" - }, - "fileHashEntityIds": { - "description": "The file hash entity identifiers associated with this file", - "items": { - "description": "file hash id", - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "fileName": { - "description": "The file name without path (some alerts might not include path).", - "readOnly": true, - "type": "string" - }, - "hostEntityId": { - "description": "The Host entity id which the file belongs to", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "FileHashEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a file hash entity.", - "properties": { - "properties": { - "$ref": "#/definitions/FileHashEntityProperties", - "description": "FileHash entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "FileHash" - }, - "FileHashEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "FileHash entity property bag.", - "properties": { - "algorithm": { - "description": "The hash algorithm type.", - "enum": [ - "Unknown", - "MD5", - "SHA1", - "SHA256", - "SHA256AC" - ], - "readOnly": true, - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "FileHashAlgorithm", - "values": [ - { - "description": "Unknown hash algorithm", - "value": "Unknown" - }, - { - "description": "MD5 hash type", - "value": "MD5" - }, - { - "description": "SHA1 hash type", - "value": "SHA1" - }, - { - "description": "SHA256 hash type", - "value": "SHA256" - }, - { - "description": "SHA256 Authenticode hash type", - "value": "SHA256AC" - } - ] - } - }, - "hashValue": { - "description": "The file hash value.", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "GeoLocation": { - "description": "The geo-location context attached to the ip entity", - "properties": { - "asn": { - "description": "Autonomous System Number", - "readOnly": true, - "type": "integer", - "format": "int32" - }, - "city": { - "description": "City name", - "readOnly": true, - "type": "string" - }, - "countryCode": { - "description": "The country code according to ISO 3166 format", - "readOnly": true, - "type": "string" - }, - "countryName": { - "description": "Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name", - "readOnly": true, - "type": "string" - }, - "latitude": { - "description": "The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.", - "format": "double", - "readOnly": true, - "type": "number" - }, - "longitude": { - "description": "The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.", - "format": "double", - "readOnly": true, - "type": "number" - }, - "state": { - "description": "State name", - "readOnly": true, - "type": "string" - } - }, - "readOnly": true, - "type": "object" - }, - "HostEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a host entity.", - "properties": { - "properties": { - "$ref": "#/definitions/HostEntityProperties", - "description": "Host entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Host" - }, - "HostEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Host entity property bag.", - "properties": { - "azureID": { - "description": "The azure resource id of the VM.", - "readOnly": true, - "type": "string" - }, - "dnsDomain": { - "description": "The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain", - "readOnly": true, - "type": "string" - }, - "hostName": { - "description": "The hostname without the domain suffix.", - "readOnly": true, - "type": "string" - }, - "isDomainJoined": { - "description": "Determines whether this host belongs to a domain.", - "readOnly": true, - "type": "boolean" - }, - "netBiosName": { - "description": "The host name (pre-windows2000).", - "readOnly": true, - "type": "string" - }, - "ntDomain": { - "description": "The NT domain that this host belongs to.", - "readOnly": true, - "type": "string" - }, - "omsAgentID": { - "description": "The OMS agent id, if the host has OMS agent installed.", - "readOnly": true, - "type": "string" - }, - "osFamily": { - "description": "The operating system type.", - "enum": [ - "Linux", - "Windows", - "Android", - "IOS", - "Unknown" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": false, - "name": "OSFamily", - "values": [ - { - "description": "Host with Linux operating system.", - "value": "Linux" - }, - { - "description": "Host with Windows operating system.", - "value": "Windows" - }, - { - "description": "Host with Android operating system.", - "value": "Android" - }, - { - "description": "Host with IOS operating system.", - "value": "IOS" - }, - { - "description": "Host with Unknown operating system.", - "value": "Unknown" - } - ] - } - }, - "osVersion": { - "description": "A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "HuntingBookmark": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a Hunting bookmark entity.", - "properties": { - "properties": { - "$ref": "#/definitions/HuntingBookmarkProperties", - "description": "HuntingBookmark entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Bookmark" - }, - "HuntingBookmarkProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Describes bookmark properties", - "properties": { - "created": { - "description": "The time the bookmark was created", - "format": "date-time", - "type": "string" - }, - "createdBy": { - "$ref": "./2.0/types.json#/definitions/UserInfo", - "description": "Describes a user that created the bookmark", - "type": "object" - }, - "displayName": { - "description": "The display name of the bookmark", - "type": "string" - }, - "eventTime": { - "description": "The time of the event", - "format": "date-time", - "type": "string" - }, - "labels": { - "description": "List of labels relevant to this bookmark", - "items": { - "$ref": "./2.0/types.json#/definitions/Label" - }, - "type": "array", - "x-ms-identifiers": [] - }, - "notes": { - "description": "The notes of the bookmark", - "type": "string" - }, - "query": { - "description": "The query of the bookmark.", - "type": "string" - }, - "queryResult": { - "description": "The query result of the bookmark.", - "type": "string" - }, - "updated": { - "description": "The last time the bookmark was updated", - "format": "date-time", - "type": "string" - }, - "updatedBy": { - "$ref": "./2.0/types.json#/definitions/UserInfo", - "description": "Describes a user that updated the bookmark", - "type": "object" - }, - "incidentInfo": { - "$ref": "IncidentTypes.json#/definitions/IncidentInfo", - "description": "Describes an incident that relates to bookmark", - "type": "object" - } - }, - "required": [ - "displayName", - "query" - ], - "type": "object" - }, - "IoTDeviceEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents an IoT device entity.", - "properties": { - "properties": { - "$ref": "#/definitions/IoTDeviceEntityProperties", - "description": "IoTDevice entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "IoTDevice" - }, - "IoTDeviceEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "IoTDevice entity property bag.", - "properties": { - "deviceId": { - "description": "The ID of the IoT Device in the IoT Hub", - "readOnly": true, - "type": "string" - }, - "deviceName": { - "description": "The friendly name of the device", - "readOnly": true, - "type": "string" - }, - "source": { - "description": "The source of the device", - "readOnly": true, - "type": "string" - }, - "iotSecurityAgentId": { - "description": "The ID of the security agent running on the device", - "format": "uuid", - "readOnly": true, - "type": "string" - }, - "deviceType": { - "description": "The type of the device", - "readOnly": true, - "type": "string" - }, - "vendor": { - "description": "The vendor of the device", - "readOnly": true, - "type": "string" - }, - "edgeId": { - "description": "The ID of the edge device", - "readOnly": true, - "type": "string" - }, - "macAddress": { - "description": "The MAC address of the device", - "readOnly": true, - "type": "string" - }, - "model": { - "description": "The model of the device", - "readOnly": true, - "type": "string" - }, - "serialNumber": { - "description": "The serial number of the device", - "readOnly": true, - "type": "string" - }, - "firmwareVersion": { - "description": "The firmware version of the device", - "readOnly": true, - "type": "string" - }, - "operatingSystem": { - "description": "The operating system of the device", - "readOnly": true, - "type": "string" - }, - "iotHubEntityId": { - "description": "The AzureResource entity id of the IoT Hub", - "readOnly": true, - "type": "string" - }, - "hostEntityId": { - "description": "The Host entity id of this device", - "readOnly": true, - "type": "string" - }, - "ipAddressEntityId": { - "description": "The IP entity if of this device", - "readOnly": true, - "type": "string" - }, - "threatIntelligence": { - "description": "A list of TI contexts attached to the IoTDevice entity.", - "items": { - "$ref": "#/definitions/ThreatIntelligence" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "protocols": { - "description": "A list of protocols of the IoTDevice entity.", - "items": { - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "IpEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents an ip entity.", - "properties": { - "properties": { - "$ref": "#/definitions/IpEntityProperties", - "description": "Ip entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Ip" - }, - "IpEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Ip entity property bag.", - "properties": { - "address": { - "description": "The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)", - "readOnly": true, - "type": "string" - }, - "location": { - "$ref": "#/definitions/GeoLocation", - "description": "The geo-location context attached to the ip entity" - }, - "threatIntelligence": { - "description": "A list of TI contexts attached to the ip entity.", - "items": { - "$ref": "#/definitions/ThreatIntelligence" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "MailboxEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a mailbox entity.", - "properties": { - "properties": { - "$ref": "#/definitions/MailboxEntityProperties", - "description": "Mailbox entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Mailbox" - }, - "MailboxEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Mailbox entity property bag.", - "properties": { - "mailboxPrimaryAddress": { - "description": "The mailbox's primary address", - "readOnly": true, - "type": "string" - }, - "displayName": { - "description": "The mailbox's display name", - "readOnly": true, - "type": "string" - }, - "upn": { - "description": "The mailbox's UPN", - "readOnly": true, - "type": "string" - }, - "externalDirectoryObjectId": { - "description": "The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side", - "format": "uuid", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "MailClusterEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a mail cluster entity.", - "properties": { - "properties": { - "$ref": "#/definitions/MailClusterEntityProperties", - "description": "Mail cluster entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MailCluster" - }, - "MailClusterEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Mail cluster entity property bag.", - "properties": { - "networkMessageIds": { - "description": "The mail message IDs that are part of the mail cluster", - "items": { - "description": "A mail message ID", - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "countByDeliveryStatus": { - "description": "Count of mail messages by DeliveryStatus string representation", - "readOnly": true, - "type": "object" - }, - "countByThreatType": { - "description": "Count of mail messages by ThreatType string representation", - "readOnly": true, - "type": "object" - }, - "countByProtectionStatus": { - "description": "Count of mail messages by ProtectionStatus string representation", - "readOnly": true, - "type": "object" - }, - "threats": { - "description": "The threats of mail messages that are part of the mail cluster", - "items": { - "description": "A threat", - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "query": { - "description": "The query that was used to identify the messages of the mail cluster", - "readOnly": true, - "type": "string" - }, - "queryTime": { - "description": "The query time", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "mailCount": { - "description": "The number of mail messages that are part of the mail cluster", - "readOnly": true, - "type": "integer", - "format": "int32" - }, - "isVolumeAnomaly": { - "description": "Is this a volume anomaly mail cluster", - "readOnly": true, - "type": "boolean" - }, - "source": { - "description": "The source of the mail cluster (default is 'O365 ATP')", - "readOnly": true, - "type": "string" - }, - "clusterSourceIdentifier": { - "description": "The id of the cluster source", - "readOnly": true, - "type": "string" - }, - "clusterSourceType": { - "description": "The type of the cluster source", - "readOnly": true, - "type": "string" - }, - "clusterQueryStartTime": { - "description": "The cluster query start time", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "clusterQueryEndTime": { - "description": "The cluster query end time", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "clusterGroup": { - "description": "The cluster group", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "MailMessageEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a mail message entity.", - "properties": { - "properties": { - "$ref": "#/definitions/MailMessageEntityProperties", - "description": "Mail message entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "MailMessage" - }, - "MailMessageEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Mail message entity property bag.", - "properties": { - "fileEntityIds": { - "description": "The File entity ids of this mail message's attachments", - "items": { - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "recipient": { - "description": "The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient", - "readOnly": true, - "type": "string" - }, - "urls": { - "description": "The Urls contained in this mail message", - "items": { - "description": "A Url contained in this mail message", - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "threats": { - "description": "The threats of this mail message", - "items": { - "description": "A threat of the mail message", - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "p1Sender": { - "description": "The p1 sender's email address", - "readOnly": true, - "type": "string" - }, - "p1SenderDisplayName": { - "description": "The p1 sender's display name", - "readOnly": true, - "type": "string" - }, - "p1SenderDomain": { - "description": "The p1 sender's domain", - "readOnly": true, - "type": "string" - }, - "senderIP": { - "description": "The sender's IP address", - "readOnly": true, - "type": "string" - }, - "p2Sender": { - "description": "The p2 sender's email address", - "readOnly": true, - "type": "string" - }, - "p2SenderDisplayName": { - "description": "The p2 sender's display name", - "readOnly": true, - "type": "string" - }, - "p2SenderDomain": { - "description": "The p2 sender's domain", - "readOnly": true, - "type": "string" - }, - "receiveDate": { - "description": "The receive date of this message", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "networkMessageId": { - "description": "The network message id of this mail message", - "format": "uuid", - "readOnly": true, - "type": "string" - }, - "internetMessageId": { - "description": "The internet message id of this mail message", - "readOnly": true, - "type": "string" - }, - "subject": { - "description": "The subject of this mail message", - "readOnly": true, - "type": "string" - }, - "language": { - "description": "The language of this mail message", - "readOnly": true, - "type": "string" - }, - "threatDetectionMethods": { - "description": "The threat detection methods", - "items": { - "description": "A threat detection method", - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "bodyFingerprintBin1": { - "description": "The bodyFingerprintBin1", - "type": "integer", - "format": "int32" - }, - "bodyFingerprintBin2": { - "description": "The bodyFingerprintBin2", - "type": "integer", - "format": "int32" - }, - "bodyFingerprintBin3": { - "description": "The bodyFingerprintBin3", - "type": "integer", - "format": "int32" - }, - "bodyFingerprintBin4": { - "description": "The bodyFingerprintBin4", - "type": "integer", - "format": "int32" - }, - "bodyFingerprintBin5": { - "description": "The bodyFingerprintBin5", - "type": "integer", - "format": "int32" - }, - "antispamDirection": { - "description": "The directionality of this mail message", - "enum": [ - "Unknown", - "Inbound", - "Outbound", - "Intraorg" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AntispamMailDirection", - "values": [ - { - "description": "Unknown", - "value": "Unknown" - }, - { - "description": "Inbound", - "value": "Inbound" - }, - { - "description": "Outbound", - "value": "Outbound" - }, - { - "description": "Intraorg", - "value": "Intraorg" - } - ] - } - }, - "deliveryAction": { - "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc", - "enum": [ - "Unknown", - "DeliveredAsSpam", - "Delivered", - "Blocked", - "Replaced" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": false, - "name": "DeliveryAction", - "values": [ - { - "description": "Unknown", - "value": "Unknown" - }, - { - "description": "DeliveredAsSpam", - "value": "DeliveredAsSpam" - }, - { - "description": "Delivered", - "value": "Delivered" - }, - { - "description": "Blocked", - "value": "Blocked" - }, - { - "description": "Replaced", - "value": "Replaced" - } - ] - } - }, - "deliveryLocation": { - "description": "The delivery location of this mail message like Inbox, JunkFolder etc", - "enum": [ - "Unknown", - "Inbox", - "JunkFolder", - "DeletedFolder", - "Quarantine", - "External", - "Failed", - "Dropped", - "Forwarded" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": false, - "name": "DeliveryLocation", - "values": [ - { - "description": "Unknown", - "value": "Unknown" - }, - { - "description": "Inbox", - "value": "Inbox" - }, - { - "description": "JunkFolder", - "value": "JunkFolder" - }, - { - "description": "DeletedFolder", - "value": "DeletedFolder" - }, - { - "description": "Quarantine", - "value": "Quarantine" - }, - { - "description": "External", - "value": "External" - }, - { - "description": "Failed", - "value": "Failed" - }, - { - "description": "Dropped", - "value": "Dropped" - }, - { - "description": "Forwarded", - "value": "Forwarded" - } - ] - } - } - }, - "type": "object" - }, - "MalwareEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a malware entity.", - "properties": { - "properties": { - "$ref": "#/definitions/MalwareEntityProperties", - "description": "File entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Malware" - }, - "MalwareEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Malware entity property bag.", - "properties": { - "category": { - "description": "The malware category by the vendor, e.g. Trojan", - "readOnly": true, - "type": "string" - }, - "fileEntityIds": { - "description": "List of linked file entity identifiers on which the malware was found", - "items": { - "description": "file entity id", - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "malwareName": { - "description": "The malware name by the vendor, e.g. Win32/Toga!rfn", - "readOnly": true, - "type": "string" - }, - "processEntityIds": { - "description": "List of linked process entity identifiers on which the malware was found.", - "items": { - "description": "process entity id", - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "ProcessEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a process entity.", - "properties": { - "properties": { - "$ref": "#/definitions/ProcessEntityProperties", - "description": "Process entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Process" - }, - "ProcessEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Process entity property bag.", - "properties": { - "accountEntityId": { - "description": "The account entity id running the processes.", - "readOnly": true, - "type": "string" - }, - "commandLine": { - "description": "The command line used to create the process", - "readOnly": true, - "type": "string" - }, - "creationTimeUtc": { - "description": "The time when the process started to run", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "elevationToken": { - "description": "The elevation token associated with the process.", - "enum": [ - "Default", - "Full", - "Limited" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": false, - "name": "ElevationToken", - "values": [ - { - "description": "Default elevation token", - "value": "Default" - }, - { - "description": "Full elevation token", - "value": "Full" - }, - { - "description": "Limited elevation token", - "value": "Limited" - } - ] - } - }, - "hostEntityId": { - "description": "The host entity id on which the process was running", - "readOnly": true, - "type": "string" - }, - "hostLogonSessionEntityId": { - "description": "The session entity id in which the process was running", - "readOnly": true, - "type": "string" - }, - "imageFileEntityId": { - "description": "Image file entity id", - "readOnly": true, - "type": "string" - }, - "parentProcessEntityId": { - "description": "The parent process entity id.", - "readOnly": true, - "type": "string" - }, - "processId": { - "description": "The process ID", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "RegistryKeyEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a registry key entity.", - "properties": { - "properties": { - "$ref": "#/definitions/RegistryKeyEntityProperties", - "description": "RegistryKey entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "RegistryKey" - }, - "RegistryKeyEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "RegistryKey entity property bag.", - "properties": { - "hive": { - "description": "the hive that holds the registry key.", - "enum": [ - "HKEY_LOCAL_MACHINE", - "HKEY_CLASSES_ROOT", - "HKEY_CURRENT_CONFIG", - "HKEY_USERS", - "HKEY_CURRENT_USER_LOCAL_SETTINGS", - "HKEY_PERFORMANCE_DATA", - "HKEY_PERFORMANCE_NLSTEXT", - "HKEY_PERFORMANCE_TEXT", - "HKEY_A", - "HKEY_CURRENT_USER" - ], - "readOnly": true, - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "RegistryHive", - "values": [ - { - "description": "HKEY_LOCAL_MACHINE", - "value": "HKEY_LOCAL_MACHINE" - }, - { - "description": "HKEY_CLASSES_ROOT", - "value": "HKEY_CLASSES_ROOT" - }, - { - "description": "HKEY_CURRENT_CONFIG", - "value": "HKEY_CURRENT_CONFIG" - }, - { - "description": "HKEY_USERS", - "value": "HKEY_USERS" - }, - { - "description": "HKEY_CURRENT_USER_LOCAL_SETTINGS", - "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS" - }, - { - "description": "HKEY_PERFORMANCE_DATA", - "value": "HKEY_PERFORMANCE_DATA" - }, - { - "description": "HKEY_PERFORMANCE_NLSTEXT", - "value": "HKEY_PERFORMANCE_NLSTEXT" - }, - { - "description": "HKEY_PERFORMANCE_TEXT", - "value": "HKEY_PERFORMANCE_TEXT" - }, - { - "description": "HKEY_A", - "value": "HKEY_A" - }, - { - "description": "HKEY_CURRENT_USER", - "value": "HKEY_CURRENT_USER" - } - ] - } - }, - "key": { - "description": "The registry key path.", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "RegistryValueEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a registry value entity.", - "properties": { - "properties": { - "$ref": "#/definitions/RegistryValueEntityProperties", - "description": "RegistryKey entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "RegistryValue" - }, - "RegistryValueEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "RegistryValue entity property bag.", - "properties": { - "keyEntityId": { - "description": "The registry key entity id.", - "readOnly": true, - "type": "string" - }, - "valueData": { - "description": "String formatted representation of the value data.", - "readOnly": true, - "type": "string" - }, - "valueName": { - "description": "The registry value name.", - "readOnly": true, - "type": "string" - }, - "valueType": { - "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", - "enum": [ - "None", - "Unknown", - "String", - "ExpandString", - "Binary", - "DWord", - "MultiString", - "QWord" - ], - "readOnly": true, - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "RegistryValueKind", - "values": [ - { - "description": "None", - "value": "None" - }, - { - "description": "Unknown value type", - "value": "Unknown" - }, - { - "description": "String value type", - "value": "String" - }, - { - "description": "ExpandString value type", - "value": "ExpandString" - }, - { - "description": "Binary value type", - "value": "Binary" - }, - { - "description": "DWord value type", - "value": "DWord" - }, - { - "description": "MultiString value type", - "value": "MultiString" - }, - { - "description": "QWord value type", - "value": "QWord" - } - ] - } - } - }, - "type": "object" - }, - "SecurityAlert": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a security alert entity.", - "properties": { - "properties": { - "$ref": "#/definitions/SecurityAlertProperties", - "description": "SecurityAlert entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "SecurityAlert" - }, - "SecurityAlertProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "SecurityAlert entity property bag.", - "properties": { - "alertDisplayName": { - "description": "The display name of the alert.", - "readOnly": true, - "type": "string" - }, - "alertType": { - "description": "The type name of the alert.", - "readOnly": true, - "type": "string" - }, - "compromisedEntity": { - "description": "Display name of the main entity being reported on.", - "readOnly": true, - "type": "string" - }, - "confidenceLevel": { - "description": "The confidence level of this alert.", - "enum": [ - "Unknown", - "Low", - "High" - ], - "readOnly": true, - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "ConfidenceLevel", - "values": [ - { - "description": "Unknown confidence, the is the default value", - "value": "Unknown" - }, - { - "description": "Low confidence, meaning we have some doubts this is indeed malicious or part of an attack", - "value": "Low" - }, - { - "description": "High confidence that the alert is true positive malicious", - "value": "High" - } - ] - } - }, - "confidenceReasons": { - "description": "The confidence reasons", - "items": { - "description": "confidence reason item", - "properties": { - "reason": { - "description": "The reason's description", - "readOnly": true, - "type": "string" - }, - "reasonType": { - "description": "The type (category) of the reason", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "confidenceScore": { - "description": "The confidence score of the alert.", - "format": "double", - "readOnly": true, - "type": "number" - }, - "confidenceScoreStatus": { - "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", - "enum": [ - "NotApplicable", - "InProcess", - "NotFinal", - "Final" - ], - "readOnly": true, - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "ConfidenceScoreStatus", - "values": [ - { - "description": "Score will not be calculated for this alert as it is not supported by virtual analyst", - "value": "NotApplicable" - }, - { - "description": "No score was set yet and calculation is in progress", - "value": "InProcess" - }, - { - "description": "Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data", - "value": "NotFinal" - }, - { - "description": "Final score was calculated and available", - "value": "Final" - } - ] - } - }, - "description": { - "description": "Alert description.", - "readOnly": true, - "type": "string" - }, - "endTimeUtc": { - "description": "The impact end time of the alert (the time of the last event contributing to the alert).", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "intent": { - "description": "Holds the alert intent stage(s) mapping for this alert.", - "enum": [ - "Unknown", - "Probing", - "Exploitation", - "Persistence", - "PrivilegeEscalation", - "DefenseEvasion", - "CredentialAccess", - "Discovery", - "LateralMovement", - "Execution", - "Collection", - "Exfiltration", - "CommandAndControl", - "Impact" - ], - "readOnly": true, - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "KillChainIntent", - "values": [ - { - "description": "The default value.", - "value": "Unknown" - }, - { - "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in.", - "value": "Probing" - }, - { - "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage.", - "value": "Exploitation" - }, - { - "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access.", - "value": "Persistence" - }, - { - "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.", - "value": "PrivilegeEscalation" - }, - { - "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ", - "value": "DefenseEvasion" - }, - { - "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment.", - "value": "CredentialAccess" - }, - { - "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.", - "value": "Discovery" - }, - { - "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect.", - "value": "LateralMovement" - }, - { - "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network.", - "value": "Execution" - }, - { - "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", - "value": "Collection" - }, - { - "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", - "value": "Exfiltration" - }, - { - "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network.", - "value": "CommandAndControl" - }, - { - "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.", - "value": "Impact" - } - ] - } - }, - "providerAlertId": { - "description": "The identifier of the alert inside the product which generated the alert.", - "readOnly": true, - "type": "string" - }, - "processingEndTime": { - "description": "The time the alert was made available for consumption.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "productComponentName": { - "description": "The name of a component inside the product which generated the alert.", - "readOnly": true, - "type": "string" - }, - "productName": { - "description": "The name of the product which published this alert.", - "readOnly": true, - "type": "string" - }, - "productVersion": { - "description": "The version of the product generating the alert.", - "readOnly": true, - "type": "string" - }, - "remediationSteps": { - "description": "Manual action items to take to remediate the alert.", - "items": { - "type": "string" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "severity": { - "$ref": "AlertTypes.json#/definitions/AlertSeverityEnum", - "description": "The severity of the alert" - }, - "startTimeUtc": { - "description": "The impact start time of the alert (the time of the first event contributing to the alert).", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "status": { - "description": "The lifecycle status of the alert.", - "enum": [ - "Unknown", - "New", - "Resolved", - "Dismissed", - "InProgress" - ], - "readOnly": true, - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AlertStatus", - "values": [ - { - "description": "Unknown value", - "value": "Unknown" - }, - { - "description": "New alert", - "value": "New" - }, - { - "description": "Alert closed after handling", - "value": "Resolved" - }, - { - "description": "Alert dismissed as false positive", - "value": "Dismissed" - }, - { - "description": "Alert is being handled", - "value": "InProgress" - } - ] - } - }, - "systemAlertId": { - "description": "Holds the product identifier of the alert for the product.", - "readOnly": true, - "type": "string" - }, - "tactics": { - "description": "The tactics of the alert", - "items": { - "$ref": "AlertTypes.json#/definitions/AttackTactic" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - }, - "timeGenerated": { - "description": "The time the alert was generated.", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "vendorName": { - "description": "The name of the vendor that raise the alert.", - "readOnly": true, - "type": "string" - }, - "alertLink": { - "description": "The uri link of the alert.", - "readOnly": true, - "type": "string" - }, - "resourceIdentifiers": { - "description": "The list of resource identifiers of the alert.", - "items": { - "type": "object" - }, - "readOnly": true, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object" - }, - "SecurityGroupEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a security group entity.", - "properties": { - "properties": { - "$ref": "#/definitions/SecurityGroupEntityProperties", - "description": "SecurityGroup entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "SecurityGroup" - }, - "SecurityGroupEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "SecurityGroup entity property bag.", - "properties": { - "distinguishedName": { - "description": "The group distinguished name", - "readOnly": true, - "type": "string" - }, - "objectGuid": { - "description": "A single-value attribute that is the unique identifier for the object, assigned by active directory.", - "format": "uuid", - "readOnly": true, - "type": "string" - }, - "sid": { - "description": "The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "SubmissionMailEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a submission mail entity.", - "properties": { - "properties": { - "$ref": "#/definitions/SubmissionMailEntityProperties", - "description": "Submission mail entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "SubmissionMail" - }, - "SubmissionMailEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Submission mail entity property bag.", - "properties": { - "networkMessageId": { - "description": "The network message id of email to which submission belongs", - "format": "uuid", - "readOnly": true, - "type": "string" - }, - "submissionId": { - "description": "The submission id", - "format": "uuid", - "readOnly": true, - "type": "string" - }, - "submitter": { - "description": "The submitter", - "readOnly": true, - "type": "string" - }, - "submissionDate": { - "description": "The submission date", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "timestamp": { - "description": "The Time stamp when the message is received (Mail)", - "format": "date-time", - "readOnly": true, - "type": "string" - }, - "recipient": { - "description": "The recipient of the mail", - "readOnly": true, - "type": "string" - }, - "sender": { - "description": "The sender of the mail", - "readOnly": true, - "type": "string" - }, - "senderIp": { - "description": "The sender's IP", - "readOnly": true, - "type": "string" - }, - "subject": { - "description": "The subject of submission mail", - "readOnly": true, - "type": "string" - }, - "reportType": { - "description": "The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "ThreatIntelligence": { - "description": "ThreatIntelligence property bag.", - "properties": { - "confidence": { - "description": "Confidence (must be between 0 and 1)", - "format": "double", - "readOnly": true, - "type": "number" - }, - "providerName": { - "description": "Name of the provider from whom this Threat Intelligence information was received", - "readOnly": true, - "type": "string" - }, - "reportLink": { - "description": "Report link", - "readOnly": true, - "type": "string" - }, - "threatDescription": { - "description": "Threat description (free text)", - "readOnly": true, - "type": "string" - }, - "threatName": { - "description": "Threat name (e.g. \"Jedobot malware\")", - "readOnly": true, - "type": "string" - }, - "threatType": { - "description": "Threat type (e.g. \"Botnet\")", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "UrlEntity": { - "allOf": [ - { - "$ref": "#/definitions/Entity" - } - ], - "description": "Represents a url entity.", - "properties": { - "properties": { - "$ref": "#/definitions/UrlEntityProperties", - "description": "Url entity properties", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-discriminator-value": "Url" - }, - "UrlEntityProperties": { - "allOf": [ - { - "$ref": "#/definitions/EntityCommonProperties" - } - ], - "description": "Url entity property bag.", - "properties": { - "url": { - "description": "A full URL the entity points to", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "EntityCommonProperties": { - "description": "Entity common property bag.", - "properties": { - "additionalData": { - "additionalProperties": true, - "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", - "readOnly": true, - "type": "object" - }, - "friendlyName": { - "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - } - }, - "parameters": {} -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/IncidentTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/IncidentTypes.json deleted file mode 100644 index 0df99aa8f6bb..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/IncidentTypes.json +++ /dev/null @@ -1,246 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "version": "2025-09-01", - "title": "Common Incident types" - }, - "paths": {}, - "definitions": { - "IncidentClassificationEnum": { - "description": "The reason the incident was closed", - "enum": [ - "Undetermined", - "TruePositive", - "BenignPositive", - "FalsePositive" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "IncidentClassification", - "values": [ - { - "description": "Incident classification was undetermined", - "value": "Undetermined" - }, - { - "description": "Incident was true positive", - "value": "TruePositive" - }, - { - "description": "Incident was benign positive", - "value": "BenignPositive" - }, - { - "description": "Incident was false positive", - "value": "FalsePositive" - } - ] - } - }, - "IncidentClassificationReasonEnum": { - "description": "The classification reason the incident was closed with", - "enum": [ - "SuspiciousActivity", - "SuspiciousButExpected", - "IncorrectAlertLogic", - "InaccurateData" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "IncidentClassificationReason", - "values": [ - { - "description": "Classification reason was suspicious activity", - "value": "SuspiciousActivity" - }, - { - "description": "Classification reason was suspicious but expected", - "value": "SuspiciousButExpected" - }, - { - "description": "Classification reason was incorrect alert logic", - "value": "IncorrectAlertLogic" - }, - { - "description": "Classification reason was inaccurate data", - "value": "InaccurateData" - } - ] - } - }, - "IncidentLabel": { - "description": "Represents an incident label", - "properties": { - "labelName": { - "description": "The name of the label", - "type": "string" - }, - "labelType": { - "$ref": "#/definitions/IncidentLabelType" - } - }, - "required": [ - "labelName" - ], - "type": "object" - }, - "IncidentLabelType": { - "description": "The type of the label", - "enum": [ - "User", - "AutoAssigned" - ], - "type": "string", - "readOnly": true, - "x-ms-enum": { - "modelAsString": true, - "name": "IncidentLabelType", - "values": [ - { - "description": "Label manually created by a user", - "value": "User" - }, - { - "description": "Label automatically created by the system", - "value": "AutoAssigned" - } - ] - } - }, - "IncidentSeverityEnum": { - "description": "The severity of the incident", - "enum": [ - "High", - "Medium", - "Low", - "Informational" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "IncidentSeverity", - "values": [ - { - "description": "High severity", - "value": "High" - }, - { - "description": "Medium severity", - "value": "Medium" - }, - { - "description": "Low severity", - "value": "Low" - }, - { - "description": "Informational severity", - "value": "Informational" - } - ] - } - }, - "IncidentStatusEnum": { - "description": "The status of the incident", - "enum": [ - "New", - "Active", - "Closed" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "IncidentStatus", - "values": [ - { - "description": "An active incident which isn't being handled currently", - "value": "New" - }, - { - "description": "An active incident which is being handled", - "value": "Active" - }, - { - "description": "A non-active incident", - "value": "Closed" - } - ] - } - }, - "IncidentOwnerInfo": { - "description": "Information on the user an incident is assigned to", - "properties": { - "email": { - "description": "The email of the user the incident is assigned to.", - "type": "string" - }, - "assignedTo": { - "description": "The name of the user the incident is assigned to.", - "type": "string" - }, - "objectId": { - "description": "The object id of the user the incident is assigned to.", - "format": "uuid", - "type": "string" - }, - "userPrincipalName": { - "description": "The user principal name of the user the incident is assigned to.", - "type": "string" - }, - "ownerType": { - "description": "The type of the owner the incident is assigned to.", - "type": "string", - "enum": [ - "Unknown", - "User", - "Group" - ], - "x-ms-enum": { - "modelAsString": true, - "name": "OwnerType", - "values": [ - { - "description": "The incident owner type is unknown", - "value": "Unknown" - }, - { - "description": "The incident owner type is an AAD user", - "value": "User" - }, - { - "description": "The incident owner type is an AAD group", - "value": "Group" - } - ] - } - } - }, - "type": "object" - }, - "IncidentInfo": { - "description": "Describes related incident information for the bookmark", - "properties": { - "incidentId": { - "description": "Incident Id", - "type": "string" - }, - "severity": { - "description": "The severity of the incident", - "type": "string", - "$ref": "#/definitions/IncidentSeverityEnum" - }, - "title": { - "description": "The title of the incident", - "type": "string" - }, - "relationName": { - "description": "Relation Name", - "type": "string" - } - }, - "type": "object" - } - }, - "parameters": {} -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/dataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/dataConnectorDefinitions.json deleted file mode 100644 index 220a3dc2dc9c..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/dataConnectorDefinitions.json +++ /dev/null @@ -1,706 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions": { - "get": { - "x-ms-examples": { - "Get all data connector definitions.": { - "$ref": "./examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json" - } - }, - "tags": [ - "ConnectorDefinitions" - ], - "description": "Gets all data connector definitions.", - "operationId": "DataConnectorDefinitions_List", - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/DataConnectorDefinitionArmCollectionWrapper" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}": { - "get": { - "x-ms-examples": { - "Get customize data connector definition": { - "$ref": "./examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json" - } - }, - "tags": [ - "ConnectorDefinitions" - ], - "description": "Gets a data connector definition.", - "operationId": "DataConnectorDefinitions_Get", - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/dataConnectorDefinitionName" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "Success", - "schema": { - "$ref": "#/definitions/DataConnectorDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Create data connector definition": { - "$ref": "./examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json" - } - }, - "tags": [ - "ConnectorDefinitions" - ], - "description": "Creates or updates the data connector definition.", - "operationId": "DataConnectorDefinitions_CreateOrUpdate", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/dataConnectorDefinitionName" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "in": "body", - "name": "connectorDefinitionInput", - "required": true, - "schema": { - "$ref": "#/definitions/DataConnectorDefinition" - }, - "description": "The data connector definition", - "x-ms-parameter-location": "method" - } - ], - "responses": { - "200": { - "description": "Updated", - "schema": { - "$ref": "#/definitions/DataConnectorDefinition" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/DataConnectorDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete data connector definition": { - "$ref": "./examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json" - } - }, - "tags": [ - "ConnectorDefinitions" - ], - "description": "Delete the data connector definition.", - "operationId": "DataConnectorDefinitions_Delete", - "produces": [ - "application/json" - ], - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "./common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/dataConnectorDefinitionName" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "Success" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - } - } - } - }, - "definitions": { - "ConnectorDefinitionsAvailability": { - "description": "The exposure status of the connector to the customers.", - "type": "object", - "properties": { - "status": { - "$ref": "#/definitions/AvailabilityStatus" - }, - "isPreview": { - "description": "Gets or sets a value indicating whether the connector is preview.", - "type": "boolean" - } - } - }, - "AvailabilityStatus": { - "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal).", - "type": "integer", - "format": "int32" - }, - "ConnectivityCriterion": { - "description": "The criteria by which we determine whether the connector is connected or not.\r\nFor Example, use a KQL query to check if the expected data type is flowing).", - "required": [ - "type" - ], - "type": "object", - "properties": { - "type": { - "description": "Gets or sets the type of connectivity.", - "type": "string" - }, - "value": { - "description": "Gets or sets the queries for checking connectivity.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "ConnectorDataType": { - "description": "The data type which is created by the connector,\r\nincluding a query indicated when was the last time that data type was received in the workspace.", - "required": [ - "lastDataReceivedQuery", - "name" - ], - "type": "object", - "properties": { - "name": { - "description": "Gets or sets the name of the data type to show in the graph.", - "type": "string" - }, - "lastDataReceivedQuery": { - "description": "Gets or sets the query to indicate when relevant data was last received in the workspace.", - "type": "string" - } - } - }, - "DataConnectorDefinition": { - "allOf": [ - { - "$ref": "./common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "required": [ - "kind" - ], - "description": "An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal,\r\nand the info required to define data connections.", - "type": "object", - "properties": { - "kind": { - "$ref": "#/definitions/DataConnectorDefinitionKind", - "description": "The data connector kind", - "type": "string" - } - }, - "discriminator": "kind" - }, - "DataConnectorDefinitionKind": { - "description": "The kind of the data connector definitions", - "enum": [ - "Customizable" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "DataConnectorDefinitionKind", - "values": [ - { - "value": "Customizable" - } - ] - } - }, - "DataConnectorDefinitionArmCollectionWrapper": { - "type": "object", - "description": "Encapsulate the data connector definition object", - "properties": { - "value": { - "type": "array", - "items": { - "$ref": "#/definitions/DataConnectorDefinition" - } - }, - "nextLink": { - "type": "string" - } - } - }, - "CustomizableConnectorDefinition": { - "description": "Connector definition for kind 'Customizable'.", - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/DataConnectorDefinition" - } - ], - "properties": { - "properties": { - "$ref": "#/definitions/CustomizableConnectorDefinitionProperties", - "description": "Customizable properties.", - "x-ms-client-flatten": true - } - }, - "x-ms-discriminator-value": "Customizable" - }, - "CustomizableConnectorDefinitionProperties": { - "description": "The UiConfig for 'Customizable' connector definition kind.", - "type": "object", - "required": [ - "connectorUiConfig" - ], - "properties": { - "createdTimeUtc": { - "format": "date-time", - "description": "Gets or sets the connector definition created date in UTC format.", - "type": "string" - }, - "lastModifiedUtc": { - "format": "date-time", - "description": "Gets or sets the connector definition last modified date in UTC format.", - "type": "string" - }, - "connectorUiConfig": { - "$ref": "#/definitions/CustomizableConnectorUiConfig" - }, - "connectionsConfig": { - "$ref": "#/definitions/CustomizableConnectionsConfig" - } - } - }, - "CustomizableConnectionsConfig": { - "description": "The UiConfig for 'Customizable' connector definition kind.", - "required": [ - "templateSpecVersion", - "templateSpecName" - ], - "type": "object", - "properties": { - "templateSpecName": { - "description": "Gets or sets the template name. The template includes ARM templates that can be created by the connector, usually it will be the dataConnectors ARM templates.", - "type": "string" - }, - "templateSpecVersion": { - "description": "Gets or sets the template version.", - "type": "string" - } - } - }, - "CustomizableConnectorUiConfig": { - "description": "The UiConfig for 'Customizable' connector definition kind.", - "required": [ - "dataTypes", - "descriptionMarkdown", - "graphQueries", - "instructionSteps", - "permissions", - "publisher", - "title", - "connectivityCriteria" - ], - "type": "object", - "properties": { - "id": { - "description": "Gets or sets custom connector id. optional field.", - "type": "string" - }, - "title": { - "description": "Gets or sets the connector blade title.", - "type": "string" - }, - "publisher": { - "description": "Gets or sets the connector publisher name.", - "type": "string" - }, - "descriptionMarkdown": { - "description": "Gets or sets the connector description in markdown format.", - "type": "string" - }, - "graphQueries": { - "description": "Gets or sets the graph queries to show the current data volume over time.", - "type": "array", - "items": { - "$ref": "#/definitions/GraphQuery" - }, - "x-ms-identifiers": [] - }, - "dataTypes": { - "description": "Gets or sets the data types to check for last data received.", - "type": "array", - "items": { - "$ref": "#/definitions/ConnectorDataType" - }, - "x-ms-identifiers": [] - }, - "connectivityCriteria": { - "description": "Gets or sets the way the connector checks whether the connector is connected.", - "type": "array", - "items": { - "$ref": "#/definitions/ConnectivityCriterion" - }, - "x-ms-identifiers": [] - }, - "availability": { - "$ref": "#/definitions/ConnectorDefinitionsAvailability" - }, - "permissions": { - "$ref": "#/definitions/ConnectorDefinitionsPermissions" - }, - "instructionSteps": { - "description": "Gets or sets the instruction steps to enable the connector.", - "type": "array", - "items": { - "$ref": "#/definitions/InstructionStep" - }, - "x-ms-identifiers": [] - }, - "logo": { - "description": "Gets or sets the connector logo to be used when displaying the connector within Azure Sentinel's connector's gallery.\r\nThe logo value should be in SVG format.", - "type": "string" - }, - "isConnectivityCriteriasMatchSome": { - "description": "Gets or sets a value indicating whether to use 'OR'(SOME) or 'AND' between ConnectivityCriteria items.", - "type": "boolean" - } - } - }, - "CustomPermissionDetails": { - "description": "The Custom permissions required for the connector.", - "required": [ - "description", - "name" - ], - "type": "object", - "properties": { - "name": { - "description": "Gets or sets the custom permissions name.", - "type": "string" - }, - "description": { - "description": "Gets or sets the custom permissions description.", - "type": "string" - } - } - }, - "GraphQuery": { - "description": "The graph query to show the volume of data arriving into the workspace over time.", - "required": [ - "baseQuery", - "legend", - "metricName" - ], - "type": "object", - "properties": { - "metricName": { - "description": "Gets or sets the metric name that the query is checking. For example: 'Total data receive'.", - "type": "string" - }, - "legend": { - "description": "Gets or sets the legend for the graph.", - "type": "string" - }, - "baseQuery": { - "description": "Gets or sets the base query for the graph.\r\nThe base query is wrapped by Sentinel UI infra with a KQL query, that measures the volume over time.", - "type": "string" - } - } - }, - "InstructionStep": { - "description": "Instruction steps to enable the connector.", - "type": "object", - "properties": { - "title": { - "description": "Gets or sets the instruction step title.", - "type": "string" - }, - "description": { - "description": "Gets or sets the instruction step description.", - "type": "string" - }, - "instructions": { - "description": "Gets or sets the instruction step details.", - "type": "array", - "items": { - "$ref": "#/definitions/InstructionStepDetails" - }, - "x-ms-identifiers": [] - }, - "innerSteps": { - "description": "Gets or sets the inner instruction steps details.\r\nFor Example: instruction step 1 might contain inner instruction steps: [instruction step 1.1, instruction step 1.2].", - "type": "array", - "items": { - "$ref": "#/definitions/InstructionStep" - }, - "x-ms-identifiers": [] - } - } - }, - "InstructionStepDetails": { - "description": "Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.", - "required": [ - "parameters", - "type" - ], - "type": "object", - "properties": { - "parameters": { - "description": "Gets or sets the instruction type parameters settings.", - "type": "object" - }, - "type": { - "description": "Gets or sets the instruction type name.", - "type": "string" - } - } - }, - "ConnectorDefinitionsPermissions": { - "description": "The required Permissions for the connector.", - "type": "object", - "properties": { - "tenant": { - "description": "Gets or sets the required tenant permissions for the connector.", - "type": "array", - "items": { - "type": "string" - } - }, - "licenses": { - "description": "Gets or sets the required licenses for the user to create connections.", - "type": "array", - "items": { - "type": "string" - } - }, - "resourceProvider": { - "description": "Gets or sets the resource provider permissions required for the user to create connections.", - "type": "array", - "items": { - "$ref": "#/definitions/ConnectorDefinitionsResourceProvider" - }, - "x-ms-identifiers": [] - }, - "customs": { - "description": "Gets or sets the customs permissions required for the user to create connections.", - "type": "array", - "items": { - "$ref": "#/definitions/CustomPermissionDetails" - }, - "x-ms-identifiers": [] - } - } - }, - "ProviderPermissionsScope": { - "description": "The scope on which the user should have permissions, in order to be able to create connections.", - "enum": [ - "Subscription", - "ResourceGroup", - "Workspace" - ], - "type": "string", - "example": "Subscription", - "x-ms-enum": { - "name": "ProviderPermissionsScope", - "modelAsString": true, - "values": [ - { - "value": "Subscription" - }, - { - "value": "ResourceGroup" - }, - { - "value": "Workspace" - } - ] - } - }, - "ConnectorDefinitionsResourceProvider": { - "description": "The resource provider details include the required permissions for the user to create connections.\r\nThe user should have the required permissions(Read\\Write, ..) in the specified scope ProviderPermissionsScope against the specified resource provider.", - "required": [ - "permissionsDisplayText", - "provider", - "providerDisplayName", - "requiredPermissions", - "scope" - ], - "type": "object", - "properties": { - "provider": { - "description": "Gets or sets the provider name.", - "type": "string" - }, - "permissionsDisplayText": { - "description": "Gets or sets the permissions description text.", - "type": "string" - }, - "providerDisplayName": { - "description": "Gets or sets the permissions provider display name.", - "type": "string" - }, - "scope": { - "$ref": "#/definitions/ProviderPermissionsScope" - }, - "requiredPermissions": { - "$ref": "#/definitions/ResourceProviderRequiredPermissions" - } - } - }, - "ResourceProviderRequiredPermissions": { - "description": "Required permissions for the connector resource provider that define in ResourceProviders.\r\nFor more information about the permissions see here.", - "type": "object", - "properties": { - "read": { - "description": "Gets or sets a value indicating whether the permission is read action (GET).", - "type": "boolean" - }, - "write": { - "description": "Gets or sets a value indicating whether the permission is write action (PUT or PATCH).", - "type": "boolean" - }, - "delete": { - "description": "Gets or sets a value indicating whether the permission is delete action (DELETE).", - "type": "boolean" - }, - "action": { - "description": "Gets or sets a value indicating whether the permission is custom actions (POST).", - "type": "boolean" - } - } - } - }, - "parameters": { - "dataConnectorDefinitionName": { - "in": "path", - "name": "dataConnectorDefinitionName", - "description": "The data connector definition name.", - "required": true, - "type": "string", - "pattern": "^[a-z0-9A-Z-_]*$", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/operations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/operations.json deleted file mode 100644 index 95b211348880..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/operations.json +++ /dev/null @@ -1,139 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2025-09-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/providers/Microsoft.SecurityInsights/operations": { - "get": { - "x-ms-examples": { - "Get all operations.": { - "$ref": "./examples/operations/ListOperations.json" - } - }, - "operationId": "Operations_List", - "description": "Lists all operations available Azure Security Insights Resource Provider.", - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "produces": [ - "application/json" - ], - "responses": { - "200": { - "description": "OK. Successfully retrieved operations list.", - "schema": { - "$ref": "#/definitions/OperationsList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "./common/2.0/types.json#/definitions/CloudError" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - } - }, - "definitions": { - "OperationsList": { - "description": "Lists the operations available in the SecurityInsights RP.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of operations.", - "type": "string", - "readOnly": true - }, - "value": { - "description": "Array of operations", - "items": { - "$ref": "#/definitions/Operation" - }, - "type": "array", - "x-ms-identifiers": [] - } - }, - "type": "object", - "required": [ - "value" - ] - }, - "Operation": { - "description": "Operation provided by provider", - "properties": { - "display": { - "description": "Properties of the operation", - "properties": { - "description": { - "description": "Description of the operation", - "type": "string" - }, - "operation": { - "description": "Operation name", - "type": "string" - }, - "provider": { - "description": "Provider name", - "type": "string" - }, - "resource": { - "description": "Resource name", - "type": "string" - } - }, - "type": "object" - }, - "name": { - "description": "Name of the operation", - "type": "string" - }, - "origin": { - "description": "The origin of the operation", - "type": "string" - }, - "isDataAction": { - "description": "Indicates whether the operation is a data action", - "type": "boolean" - } - }, - "type": "object" - } - }, - "parameters": {} -} From 4e19e031018d6a2c058d2fc2056294a331a5ff98 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Wed, 3 Jun 2026 15:33:36 +0300 Subject: [PATCH 09/38] Add tag package-preview-2025-10-01 to readme --- .../SecurityInsights/readme.md | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/readme.md b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/readme.md index 3eb356fd902b..525f12010519 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/readme.md +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/readme.md @@ -32,6 +32,58 @@ tag: package-2025-09-01 --- +### Tag: package-preview-2025-10-01 + +These settings apply only when `--tag=package-preview-2025-10-01` is specified on the command line. + +```yaml $(tag) == 'package-preview-2025-10-01' +input-file: + - preview/2025-10-01-preview/openapi.json +suppressions: + - code: AvoidAdditionalProperties + from: dataConnectors.json + reason: These properties are unknown and need to be specified by the customer (each request can have different values) + - code: AvoidAdditionalProperties + from: Entities.json + reason: These properties are unknown and changed frequently (each request can have different values for each entity) + - code: AvoidAdditionalProperties + from: EntityQueries.json + reason: These properties are unknown and changed frequently (each request can have different values for each entity) + - code: AvoidAdditionalProperties + from: EntityQueryTemplates.json + reason: These properties are unknown and changed frequently (each request can have different values for each entity) + - code: AvoidAdditionalProperties + from: AlertRules.json + reason: These properties are unknown and changed frequently (each request can have different values for each entity) + - code: AvoidAdditionalProperties + from: Recommendations.json + reason: These properties are unknown and changed frequently (each request can have different values for each entity) + - code: AvoidAnonymousTypes + from: Recommendations.json + reason: These properties are unknown (each request can have different values for each entity) + - code: AvoidAdditionalProperties + from: TriggeredAnalyticsRuleRuns.json + reason: TriggeredAnalyticsRuleRun does not include a property called "additionalProperties", it is only used to mark that 'ruleRunAdditionalData' is a dictionary or string to object. + - code: AvoidAdditionalProperties + from: ThreatIntelligenceQuery.json + reason: These properties are required in current API. The team is working on a new version of API to resolve it in the future release. + - code: GetCollectionOnlyHasValueAndNextLink + from: Entities.json + reason: This API is published to customers and we have not changed it in the past year, nor will we be able to change it without breaking changes to customers. + - code: DefinitionsPropertiesNamesCamelCase + from: Entities.json + reason: This API is published to customers and we have not changed it in the past year, nor will we be able to change it without breaking changes to customers. + - code: RequiredPropertiesMissingInResourceModel + from: Entities.json + reason: This API is published to customers and we have not changed it in the past year, nor will we be able to change it without breaking changes to customers. + - code: PutRequestResponseSchemeArm + from: EntityQueries.json + reason: This API is published to customers and we have not changed it in the past year, nor will we be able to change it without breaking changes to customers. + - code: DeleteResponseCodes + from: FileImports.json + reason: This API is published to customers and we have not changed it in the past year, nor will we be able to change it without breaking changes to customers. +``` + ### Tag: package-2025-09-01 These settings apply only when `--tag=package-2025-09-01` is specified on the command line. From 5595a63fef2f535a7b50da4e8fb3fbca17b3b694 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Wed, 3 Jun 2026 16:52:38 +0300 Subject: [PATCH 10/38] Revert AATP/MCAS/MDATP/MSTI model names to PascalCase to fix casing-style lint --- .../SecurityInsights/back-compatible.tsp | 32 ++++++++--------- .../SecurityInsights/models.tsp | 34 +++++++++---------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp index ff4e1d6e055a..0995c9fd6a99 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp @@ -81,7 +81,7 @@ using Microsoft.SecurityInsights; @@Legacy.flattenProperty(AADCheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -@@Legacy.flattenProperty(AATPCheckRequirements.properties); +@@Legacy.flattenProperty(AatpCheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @@Legacy.flattenProperty(ASCCheckRequirements.properties); @@ -90,13 +90,13 @@ using Microsoft.SecurityInsights; @@Legacy.flattenProperty(Dynamics365CheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -@@Legacy.flattenProperty(MCASCheckRequirements.properties); +@@Legacy.flattenProperty(McasCheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -@@Legacy.flattenProperty(MDATPCheckRequirements.properties); +@@Legacy.flattenProperty(MdatpCheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -@@Legacy.flattenProperty(MSTICheckRequirements.properties); +@@Legacy.flattenProperty(MstiCheckRequirements.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @@Legacy.flattenProperty(MtpCheckRequirements.properties); @@ -134,7 +134,7 @@ using Microsoft.SecurityInsights; @@Legacy.flattenProperty(AADDataConnector.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -@@Legacy.flattenProperty(MSTIDataConnector.properties); +@@Legacy.flattenProperty(MstiDataConnector.properties); #suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @@Legacy.flattenProperty( @@ -693,24 +693,24 @@ using Microsoft.SecurityInsights; @@clientName(OutputType, "outputType"); @@clientName(JobItem, "jobItem"); -@@clientName(MCASCheckRequirements, "MCASCheckRequirements"); +@@clientName(McasCheckRequirements, "MCASCheckRequirements"); @@clientName( - MCASCheckRequirementsProperties, + McasCheckRequirementsProperties, "MCASCheckRequirementsProperties" ); -@@clientName(MDATPCheckRequirements, "MDATPCheckRequirements"); +@@clientName(MdatpCheckRequirements, "MDATPCheckRequirements"); @@clientName( - MDATPCheckRequirementsProperties, + MdatpCheckRequirementsProperties, "MDATPCheckRequirementsProperties" ); -@@clientName(MSTICheckRequirements, "MSTICheckRequirements"); +@@clientName(MstiCheckRequirements, "MSTICheckRequirements"); @@clientName( - MSTICheckRequirementsProperties, + MstiCheckRequirementsProperties, "MSTICheckRequirementsProperties" ); -@@clientName(MSTIDataConnector, "MSTIDataConnector"); -@@clientName(MSTIDataConnectorProperties, "MSTIDataConnectorProperties"); -@@clientName(MSTIDataConnectorDataTypes, "MSTIDataConnectorDataTypes"); +@@clientName(MstiDataConnector, "MSTIDataConnector"); +@@clientName(MstiDataConnectorProperties, "MSTIDataConnectorProperties"); +@@clientName(MstiDataConnectorDataTypes, "MSTIDataConnectorDataTypes"); @@clientName(AssignmentItem, "assignmentItem"); @@clientName(Error, "error"); @@clientName( @@ -722,9 +722,9 @@ using Microsoft.SecurityInsights; ThreatIntelligenceIndicatorOperationGroup.queryIndicators::parameters.body, "ThreatIntelligenceFilteringCriteria" ); -@@clientName(AATPCheckRequirements, "AATPCheckRequirements"); +@@clientName(AatpCheckRequirements, "AATPCheckRequirements"); @@clientName( - AATPCheckRequirementsProperties, + AatpCheckRequirementsProperties, "AATPCheckRequirementsProperties" ); @@clientName(BookmarkRelations.createOrUpdate::parameters.resource, "relation"); diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 239905dfbaf4..ea7726cdb190 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -10763,11 +10763,11 @@ model DataConnectorTenantId { * Represents AATP (Azure Advanced Threat Protection) requirements check request. */ @added(Versions.v2025_10_01_preview) -model AATPCheckRequirements extends DataConnectorsCheckRequirements { +model AatpCheckRequirements extends DataConnectorsCheckRequirements { /** * AATP (Azure Advanced Threat Protection) requirements check properties. */ - properties?: AATPCheckRequirementsProperties; + properties?: AatpCheckRequirementsProperties; /** * Describes the kind of connector to be checked. @@ -10781,7 +10781,7 @@ model AATPCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @added(Versions.v2025_10_01_preview) -model AATPCheckRequirementsProperties extends DataConnectorTenantId {} +model AatpCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents ASC (Azure Security Center) requirements check request. @@ -10862,11 +10862,11 @@ model Dynamics365CheckRequirementsProperties extends DataConnectorTenantId {} * Represents MCAS (Microsoft Cloud App Security) requirements check request. */ @added(Versions.v2025_10_01_preview) -model MCASCheckRequirements extends DataConnectorsCheckRequirements { +model McasCheckRequirements extends DataConnectorsCheckRequirements { /** * MCAS (Microsoft Cloud App Security) requirements check properties. */ - properties?: MCASCheckRequirementsProperties; + properties?: McasCheckRequirementsProperties; /** * Describes the kind of connector to be checked. @@ -10880,17 +10880,17 @@ model MCASCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @added(Versions.v2025_10_01_preview) -model MCASCheckRequirementsProperties extends DataConnectorTenantId {} +model McasCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. */ @added(Versions.v2025_10_01_preview) -model MDATPCheckRequirements extends DataConnectorsCheckRequirements { +model MdatpCheckRequirements extends DataConnectorsCheckRequirements { /** * MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. */ - properties?: MDATPCheckRequirementsProperties; + properties?: MdatpCheckRequirementsProperties; /** * Describes the kind of connector to be checked. @@ -10904,17 +10904,17 @@ model MDATPCheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @added(Versions.v2025_10_01_preview) -model MDATPCheckRequirementsProperties extends DataConnectorTenantId {} +model MdatpCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents Microsoft Threat Intelligence requirements check request. */ @added(Versions.v2025_10_01_preview) -model MSTICheckRequirements extends DataConnectorsCheckRequirements { +model MstiCheckRequirements extends DataConnectorsCheckRequirements { /** * Microsoft Threat Intelligence requirements check properties. */ - properties?: MSTICheckRequirementsProperties; + properties?: MstiCheckRequirementsProperties; /** * Describes the kind of connector to be checked. @@ -10928,7 +10928,7 @@ model MSTICheckRequirements extends DataConnectorsCheckRequirements { #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @added(Versions.v2025_10_01_preview) -model MSTICheckRequirementsProperties extends DataConnectorTenantId {} +model MstiCheckRequirementsProperties extends DataConnectorTenantId {} /** * Represents MTP (Microsoft Threat Protection) requirements check request. @@ -11246,11 +11246,11 @@ model DataConnectorDataTypeCommon { /** * Represents Microsoft Threat Intelligence data connector. */ -model MSTIDataConnector extends DataConnector { +model MstiDataConnector extends DataConnector { /** * Microsoft Threat Intelligence data connector properties. */ - properties?: MSTIDataConnectorProperties; + properties?: MstiDataConnectorProperties; /** * The data connector kind @@ -11262,17 +11262,17 @@ model MSTIDataConnector extends DataConnector { * Microsoft Threat Intelligence data connector properties. */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -model MSTIDataConnectorProperties extends DataConnectorTenantId { +model MstiDataConnectorProperties extends DataConnectorTenantId { /** * The available data types for the connector. */ - dataTypes: MSTIDataConnectorDataTypes; + dataTypes: MstiDataConnectorDataTypes; } /** * The available data types for Microsoft Threat Intelligence Platforms data connector. */ -model MSTIDataConnectorDataTypes { +model MstiDataConnectorDataTypes { /** * Data type for Microsoft Threat Intelligence Platforms data connector. */ From 2f96edc501b4e9496554bc70df0f505483ae199c Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Wed, 3 Jun 2026 17:03:25 +0300 Subject: [PATCH 11/38] Run tsp format (remove trailing blank line in Entity.tsp) --- .../Microsoft.SecurityInsights/SecurityInsights/Entity.tsp | 1 - 1 file changed, 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp index 3d498298d037..d3a2db664849 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Entity.tsp @@ -148,4 +148,3 @@ interface Entities { Entities.entitiesGetTimelineList::parameters.body, "The parameters required to execute an timeline operation on the given entity." ); - From 74886e662edde872e86bdc8c5500df5374e46e19 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 7 Jun 2026 11:05:56 +0300 Subject: [PATCH 12/38] Fix api-version in 2025-10-01-preview examples --- .../2025-10-01-preview/actions/CreateActionOfAlertRule.json | 2 +- .../2025-10-01-preview/actions/DeleteActionOfAlertRule.json | 2 +- .../2025-10-01-preview/actions/GetActionOfAlertRuleById.json | 2 +- .../2025-10-01-preview/actions/GetAllActionsByAlertRule.json | 2 +- .../alertRuleTemplates/GetAlertRuleTemplateById.json | 2 +- .../alertRuleTemplates/GetAlertRuleTemplates.json | 2 +- .../2025-10-01-preview/alertRules/CreateFusionAlertRule.json | 2 +- .../CreateFusionAlertRuleWithFusionScenarioExclusion.json | 2 +- .../CreateMicrosoftSecurityIncidentCreationAlertRule.json | 2 +- .../2025-10-01-preview/alertRules/CreateNrtAlertRule.json | 2 +- .../alertRules/CreateScheduledAlertRule.json | 2 +- .../2025-10-01-preview/alertRules/DeleteAlertRule.json | 2 +- .../2025-10-01-preview/alertRules/GetAllAlertRules.json | 2 +- .../2025-10-01-preview/alertRules/GetFusionAlertRule.json | 2 +- .../GetMicrosoftSecurityIncidentCreationAlertRule.json | 2 +- .../2025-10-01-preview/alertRules/GetNrtAlertRule.json | 2 +- .../2025-10-01-preview/alertRules/GetScheduledAlertRule.json | 2 +- .../automationRules/AutomationRules_CreateOrUpdate.json | 2 +- .../automationRules/AutomationRules_Delete.json | 2 +- .../automationRules/AutomationRules_Get.json | 2 +- .../automationRules/AutomationRules_List.json | 2 +- .../billingStatistics/GetAllBillingStatistics.json | 2 +- .../billingStatistics/GetBillingStatistic.json | 2 +- .../examples/2025-10-01-preview/bookmarks/CreateBookmark.json | 2 +- .../examples/2025-10-01-preview/bookmarks/DeleteBookmark.json | 2 +- .../2025-10-01-preview/bookmarks/GetBookmarkById.json | 2 +- .../examples/2025-10-01-preview/bookmarks/GetBookmarks.json | 2 +- .../bookmarks/expand/PostExpandBookmark.json | 2 +- .../bookmarks/relations/CreateBookmarkRelation.json | 2 +- .../bookmarks/relations/DeleteBookmarkRelation.json | 2 +- .../bookmarks/relations/GetAllBookmarkRelations.json | 2 +- .../bookmarks/relations/GetBookmarkRelationByName.json | 2 +- .../2025-10-01-preview/contentPackages/GetPackageById.json | 2 +- .../2025-10-01-preview/contentPackages/GetPackages.json | 2 +- .../contentPackages/GetProductPackageById.json | 2 +- .../contentPackages/GetProductPackages.json | 2 +- .../2025-10-01-preview/contentPackages/InstallPackage.json | 2 +- .../2025-10-01-preview/contentPackages/UninstallPackage.json | 2 +- .../2025-10-01-preview/contentTemplates/DeleteTemplate.json | 2 +- .../contentTemplates/GetProductTemplateById.json | 2 +- .../contentTemplates/GetProductTemplates.json | 2 +- .../2025-10-01-preview/contentTemplates/GetTemplateById.json | 2 +- .../2025-10-01-preview/contentTemplates/GetTemplates.json | 2 +- .../2025-10-01-preview/contentTemplates/InstallTemplate.json | 2 +- .../CreateCustomizableDataConnectorDefinition.json | 2 +- .../DeleteDataConnectorDefinitionById.json | 2 +- .../GetCustomizableDataConnectorDefinitionById.json | 2 +- .../dataConnectorDefinitions/GetDataConnectorDefinitions.json | 2 +- .../dataConnectors/CheckRequirementsAzureActiveDirectory.json | 2 +- .../CheckRequirementsAzureActiveDirectoryNoAuthorization.json | 2 +- .../CheckRequirementsAzureActiveDirectoryNoLicense.json | 2 +- .../dataConnectors/CheckRequirementsAzureSecurityCenter.json | 2 +- .../dataConnectors/CheckRequirementsDynamics365.json | 2 +- .../dataConnectors/CheckRequirementsIoT.json | 2 +- .../dataConnectors/CheckRequirementsMdatp.json | 2 +- .../CheckRequirementsMicrosoftCloudAppSecurity.json | 2 +- ...heckRequirementsMicrosoftPurviewInformationProtection.json | 2 +- .../CheckRequirementsMicrosoftThreatIntelligence.json | 2 +- .../CheckRequirementsMicrosoftThreatProtection.json | 2 +- .../dataConnectors/CheckRequirementsOffice365Project.json | 2 +- .../dataConnectors/CheckRequirementsOfficeATP.json | 2 +- .../dataConnectors/CheckRequirementsOfficeIRM.json | 2 +- .../dataConnectors/CheckRequirementsOfficePowerBI.json | 2 +- .../dataConnectors/CheckRequirementsPurviewAudit.json | 2 +- .../dataConnectors/CheckRequirementsThreatIntelligence.json | 2 +- .../CheckRequirementsThreatIntelligenceTaxii.json | 2 +- .../2025-10-01-preview/dataConnectors/ConnectAPIPolling.json | 2 +- .../dataConnectors/ConnectAPIPollingV2Logs.json | 2 +- .../2025-10-01-preview/dataConnectors/CreateAPIPolling.json | 2 +- .../dataConnectors/CreateDynamics365DataConnetor.json | 2 +- .../2025-10-01-preview/dataConnectors/CreateGenericUI.json | 2 +- .../dataConnectors/CreateGoogleCloudPlatform.json | 2 +- ...eateMicrosoftPurviewInformationProtectionDataConnetor.json | 2 +- .../CreateMicrosoftThreatIntelligenceDataConnector.json | 2 +- .../CreateMicrosoftThreatProtectionDataConnetor.json | 2 +- .../dataConnectors/CreateOffice365ProjectDataConnetor.json | 2 +- .../dataConnectors/CreateOfficeDataConnetor.json | 2 +- .../dataConnectors/CreateOfficePowerBIDataConnector.json | 2 +- ...umMicrosoftDefenderForThreatIntelligenceDataConnector.json | 2 +- .../dataConnectors/CreatePurviewAuditDataConnector.json | 2 +- .../dataConnectors/CreateThreatIntelligenceDataConnector.json | 2 +- .../CreateThreatIntelligenceTaxiiDataConnector.json | 2 +- .../2025-10-01-preview/dataConnectors/DeleteAPIPolling.json | 2 +- .../2025-10-01-preview/dataConnectors/DeleteGenericUI.json | 2 +- .../dataConnectors/DeleteGoogleCloudPlatform.json | 2 +- ...leteMicrosoftPurviewInformationProtectionDataConnetor.json | 2 +- .../DeleteMicrosoftThreatIntelligenceDataConnector.json | 2 +- .../dataConnectors/DeleteOffice365ProjectDataConnetor.json | 2 +- .../dataConnectors/DeleteOfficeDataConnetor.json | 2 +- .../dataConnectors/DeleteOfficePowerBIDataConnetor.json | 2 +- ...umMicrosoftDefenderForThreatIntelligenceDataConnector.json | 2 +- .../dataConnectors/DeletePurviewAuditDataConnector.json | 2 +- .../dataConnectors/DisconnectAPIPolling.json | 2 +- .../2025-10-01-preview/dataConnectors/GetAPIPolling.json | 2 +- .../dataConnectors/GetAmazonWebServicesCloudTrailById.json | 2 +- .../dataConnectors/GetAmazonWebServicesS3ById.json | 2 +- .../dataConnectors/GetAzureActiveDirectoryById.json | 2 +- .../dataConnectors/GetAzureAdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetAzureSecurityCenterById.json | 2 +- .../2025-10-01-preview/dataConnectors/GetDataConnectors.json | 2 +- .../dataConnectors/GetDynamics365DataConnectorById.json | 2 +- .../2025-10-01-preview/dataConnectors/GetGenericUI.json | 2 +- .../dataConnectors/GetGoogleCloudPlatformById.json | 2 +- .../2025-10-01-preview/dataConnectors/GetIoTById.json | 2 +- .../dataConnectors/GetMicrosoftCloudAppSecurityById.json | 2 +- .../GetMicrosoftDefenderAdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetMicrosoftInsiderRiskManagementById.json | 2 +- ...MicrosoftPurviewInformationProtectionDataConnetorById.json | 2 +- .../dataConnectors/GetMicrosoftThreatIntelligenceById.json | 2 +- .../dataConnectors/GetMicrosoftThreatProtectionById.json | 2 +- .../GetOffice365AdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetOffice365ProjectDataConnetorById.json | 2 +- .../dataConnectors/GetOfficeDataConnetorById.json | 2 +- .../dataConnectors/GetOfficePowerBIDataConnetorById.json | 2 +- .../GetPremiumMicrosoftDefenderForThreatIntelligenceById.json | 2 +- .../dataConnectors/GetPurviewAuditDataConnectorById.json | 2 +- .../dataConnectors/GetRestApiPollerById.json | 2 +- .../dataConnectors/GetThreatIntelligenceById.json | 2 +- .../dataConnectors/GetThreatIntelligenceTaxiiById.json | 2 +- .../enrichment/GetGeodataWithWorkspaceByIp.json | 2 +- .../enrichment/GetWhoisWithWorkspaceByDomainName.json | 2 +- .../2025-10-01-preview/entities/GetAccountEntityById.json | 2 +- .../entities/GetAzureResourceEntityById.json | 2 +- .../entities/GetCloudApplicationEntityById.json | 2 +- .../2025-10-01-preview/entities/GetDnsEntityById.json | 2 +- .../examples/2025-10-01-preview/entities/GetEntities.json | 2 +- .../2025-10-01-preview/entities/GetFileEntityById.json | 2 +- .../2025-10-01-preview/entities/GetFileHashEntityById.json | 2 +- .../2025-10-01-preview/entities/GetHostEntityById.json | 2 +- .../2025-10-01-preview/entities/GetIoTDeviceEntityById.json | 2 +- .../examples/2025-10-01-preview/entities/GetIpEntityById.json | 2 +- .../2025-10-01-preview/entities/GetMailClusterEntityById.json | 2 +- .../2025-10-01-preview/entities/GetMailMessageEntityById.json | 2 +- .../2025-10-01-preview/entities/GetMailboxEntityById.json | 2 +- .../2025-10-01-preview/entities/GetMalwareEntityById.json | 2 +- .../2025-10-01-preview/entities/GetProcessEntityById.json | 2 +- .../examples/2025-10-01-preview/entities/GetQueries.json | 2 +- .../2025-10-01-preview/entities/GetRegistryKeyEntityById.json | 2 +- .../entities/GetRegistryValueEntityById.json | 2 +- .../entities/GetSecurityAlertEntityById.json | 2 +- .../entities/GetSecurityGroupEntityById.json | 2 +- .../entities/GetSubmissionMailEntityById.json | 2 +- .../2025-10-01-preview/entities/GetUrlEntityById.json | 2 +- .../2025-10-01-preview/entities/expand/PostExpandEntity.json | 2 +- .../2025-10-01-preview/entities/insights/PostGetInsights.json | 2 +- .../entities/relations/GetAllEntityRelations.json | 2 +- .../entities/relations/GetEntityRelationByName.json | 2 +- .../entities/timeline/PostTimelineEntity.json | 2 +- .../entityQueries/CreateEntityQueryActivity.json | 2 +- .../2025-10-01-preview/entityQueries/DeleteEntityQuery.json | 2 +- .../entityQueries/GetActivityEntityQueryById.json | 2 +- .../2025-10-01-preview/entityQueries/GetEntityQueries.json | 2 +- .../entityQueries/GetExpansionEntityQueryById.json | 2 +- .../GetActivityEntityQueryTemplateById.json | 2 +- .../entityQueryTemplates/GetEntityQueryTemplates.json | 2 +- .../2025-10-01-preview/fileImports/CreateFileImport.json | 2 +- .../2025-10-01-preview/fileImports/DeleteFileImport.json | 2 +- .../2025-10-01-preview/fileImports/GetFileImportById.json | 2 +- .../2025-10-01-preview/fileImports/GetFileImports.json | 2 +- .../examples/2025-10-01-preview/hunts/CreateHunt.json | 2 +- .../examples/2025-10-01-preview/hunts/CreateHuntComment.json | 2 +- .../examples/2025-10-01-preview/hunts/CreateHuntRelation.json | 2 +- .../examples/2025-10-01-preview/hunts/DeleteHunt.json | 2 +- .../examples/2025-10-01-preview/hunts/DeleteHuntComment.json | 2 +- .../examples/2025-10-01-preview/hunts/DeleteHuntRelation.json | 2 +- .../examples/2025-10-01-preview/hunts/GetHuntById.json | 2 +- .../examples/2025-10-01-preview/hunts/GetHuntCommentById.json | 2 +- .../examples/2025-10-01-preview/hunts/GetHuntComments.json | 2 +- .../2025-10-01-preview/hunts/GetHuntRelationById.json | 2 +- .../examples/2025-10-01-preview/hunts/GetHuntRelations.json | 2 +- .../examples/2025-10-01-preview/hunts/GetHunts.json | 2 +- .../incidents/IncidentAlerts/Incidents_ListAlerts.json | 2 +- .../incidents/IncidentBookmarks/Incidents_ListBookmarks.json | 2 +- .../IncidentComments/IncidentComments_CreateOrUpdate.json | 2 +- .../incidents/IncidentComments/IncidentComments_Delete.json | 2 +- .../incidents/IncidentComments/IncidentComments_Get.json | 2 +- .../incidents/IncidentComments/IncidentComments_List.json | 2 +- .../incidents/IncidentEntities/Incidents_ListEntities.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_Delete.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_Get.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_List.json | 2 +- .../incidents/Incidents_CreateOrUpdate.json | 2 +- .../2025-10-01-preview/incidents/Incidents_Delete.json | 2 +- .../examples/2025-10-01-preview/incidents/Incidents_Get.json | 2 +- .../examples/2025-10-01-preview/incidents/Incidents_List.json | 2 +- .../incidents/relations/CreateIncidentRelation.json | 2 +- .../incidents/relations/DeleteIncidentRelation.json | 2 +- .../incidents/relations/GetAllIncidentRelations.json | 2 +- .../incidents/relations/GetIncidentRelationByName.json | 2 +- .../manualTrigger/Entities_RunPlaybook.json | 2 +- .../manualTrigger/Incidents_RunPlaybook.json | 2 +- .../examples/2025-10-01-preview/metadata/DeleteMetadata.json | 2 +- .../examples/2025-10-01-preview/metadata/GetAllMetadata.json | 2 +- .../2025-10-01-preview/metadata/GetAllMetadataOData.json | 2 +- .../examples/2025-10-01-preview/metadata/GetMetadata.json | 2 +- .../examples/2025-10-01-preview/metadata/PatchMetadata.json | 2 +- .../examples/2025-10-01-preview/metadata/PutMetadata.json | 2 +- .../2025-10-01-preview/metadata/PutMetadataMinimal.json | 2 +- .../officeConsents/DeleteOfficeConsents.json | 2 +- .../2025-10-01-preview/officeConsents/GetOfficeConsents.json | 2 +- .../officeConsents/GetOfficeConsentsById.json | 2 +- .../onboardingStates/CreateSentinelOnboardingState.json | 2 +- .../onboardingStates/DeleteSentinelOnboardingState.json | 2 +- .../onboardingStates/GetAllSentinelOnboardingStates.json | 2 +- .../onboardingStates/GetSentinelOnboardingState.json | 2 +- .../2025-10-01-preview/operations/ListOperations.json | 2 +- .../2025-10-01-preview/recommendations/GetRecommendation.json | 2 +- .../recommendations/GetRecommendations.json | 2 +- .../recommendations/PatchRecommendation.json | 2 +- .../recommendations/ReevaluateRecommendation.json | 2 +- .../2025-10-01-preview/repositories/GetRepositories.json | 2 +- .../CreateAnomalySecurityMLAnalyticsSetting.json | 2 +- .../DeleteSecurityMLAnalyticsSetting.json | 2 +- .../GetAllSecurityMLAnalyticsSettings.json | 2 +- .../GetAnomalySecurityMLAnalyticsSetting.json | 2 +- .../2025-10-01-preview/settings/DeleteEyesOnSetting.json | 2 +- .../examples/2025-10-01-preview/settings/GetAllSettings.json | 2 +- .../2025-10-01-preview/settings/GetEyesOnSetting.json | 2 +- .../2025-10-01-preview/settings/UpdateEyesOnSetting.json | 2 +- .../sourcecontrols/CreateSourceControl.json | 2 +- .../sourcecontrols/DeleteSourceControl.json | 2 +- .../sourcecontrols/GetSourceControlById.json | 2 +- .../2025-10-01-preview/sourcecontrols/GetSourceControls.json | 2 +- .../threatintelligence/AppendTagsThreatIntelligence.json | 2 +- .../threatintelligence/CollectThreatIntelligenceMetrics.json | 2 +- .../threatintelligence/CreateThreatIntelligence.json | 2 +- .../threatintelligence/DeleteThreatIntelligence.json | 2 +- .../threatintelligence/GetThreatIntelligence.json | 2 +- .../threatintelligence/GetThreatIntelligenceById.json | 2 +- .../threatintelligence/PostThreatIntelligenceCount.json | 2 +- .../threatintelligence/PostThreatIntelligenceQuery.json | 2 +- .../threatintelligence/QueryThreatIntelligence.json | 2 +- .../threatintelligence/ReplaceTagsThreatIntelligence.json | 2 +- .../threatintelligence/UpdateThreatIntelligence.json | 2 +- .../triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json | 4 ++-- .../triggeredAnalyticsRuleRun_Get.json | 2 +- .../triggeredAnalyticsRuleRuns_Get.json | 2 +- .../2025-10-01-preview/watchlists/CreateWatchlist.json | 2 +- .../watchlists/CreateWatchlistAndWatchlistItems.json | 2 +- .../2025-10-01-preview/watchlists/CreateWatchlistItem.json | 2 +- .../2025-10-01-preview/watchlists/DeleteWatchlist.json | 4 ++-- .../2025-10-01-preview/watchlists/DeleteWatchlistItem.json | 2 +- .../2025-10-01-preview/watchlists/GetWatchlistByAlias.json | 2 +- .../2025-10-01-preview/watchlists/GetWatchlistItemById.json | 2 +- .../2025-10-01-preview/watchlists/GetWatchlistItems.json | 2 +- .../examples/2025-10-01-preview/watchlists/GetWatchlists.json | 2 +- .../workspaceManagerAssignments/CreateJob.json | 2 +- .../CreateOrUpdateWorkspaceManagerAssignment.json | 2 +- .../workspaceManagerAssignments/DeleteJob.json | 2 +- .../DeleteWorkspaceManagerAssignment.json | 2 +- .../workspaceManagerAssignments/GetAllJobs.json | 2 +- .../GetAllWorkspaceManagerAssignments.json | 2 +- .../workspaceManagerAssignments/GetJob.json | 2 +- .../GetWorkspaceManagerAssignment.json | 2 +- .../CreateOrUpdateWorkspaceManagerConfiguration.json | 2 +- .../DeleteWorkspaceManagerConfiguration.json | 2 +- .../GetAllWorkspaceManagerConfigurations.json | 2 +- .../GetWorkspaceManagerConfiguration.json | 2 +- .../CreateOrUpdateWorkspaceManagerGroup.json | 2 +- .../workspaceManagerGroups/DeleteWorkspaceManagerGroup.json | 2 +- .../workspaceManagerGroups/GetAllWorkspaceManagerGroups.json | 2 +- .../workspaceManagerGroups/GetWorkspaceManagerGroup.json | 2 +- .../CreateOrUpdateWorkspaceManagerMember.json | 2 +- .../workspaceManagerMembers/DeleteWorkspaceManagerMember.json | 2 +- .../GetAllWorkspaceManagerMembers.json | 2 +- .../workspaceManagerMembers/GetWorkspaceManagerMember.json | 2 +- .../examples/actions/CreateActionOfAlertRule.json | 2 +- .../examples/actions/DeleteActionOfAlertRule.json | 2 +- .../examples/actions/GetActionOfAlertRuleById.json | 2 +- .../examples/actions/GetAllActionsByAlertRule.json | 2 +- .../examples/alertRuleTemplates/GetAlertRuleTemplateById.json | 2 +- .../examples/alertRuleTemplates/GetAlertRuleTemplates.json | 2 +- .../examples/alertRules/CreateFusionAlertRule.json | 2 +- .../CreateFusionAlertRuleWithFusionScenarioExclusion.json | 2 +- .../CreateMicrosoftSecurityIncidentCreationAlertRule.json | 2 +- .../examples/alertRules/CreateNrtAlertRule.json | 2 +- .../examples/alertRules/CreateScheduledAlertRule.json | 2 +- .../examples/alertRules/DeleteAlertRule.json | 2 +- .../examples/alertRules/GetAllAlertRules.json | 2 +- .../examples/alertRules/GetFusionAlertRule.json | 2 +- .../GetMicrosoftSecurityIncidentCreationAlertRule.json | 2 +- .../examples/alertRules/GetNrtAlertRule.json | 2 +- .../examples/alertRules/GetScheduledAlertRule.json | 2 +- .../automationRules/AutomationRules_CreateOrUpdate.json | 2 +- .../examples/automationRules/AutomationRules_Delete.json | 2 +- .../examples/automationRules/AutomationRules_Get.json | 2 +- .../examples/automationRules/AutomationRules_List.json | 2 +- .../examples/billingStatistics/GetAllBillingStatistics.json | 2 +- .../examples/billingStatistics/GetBillingStatistic.json | 2 +- .../2025-10-01-preview/examples/bookmarks/CreateBookmark.json | 2 +- .../2025-10-01-preview/examples/bookmarks/DeleteBookmark.json | 2 +- .../examples/bookmarks/GetBookmarkById.json | 2 +- .../2025-10-01-preview/examples/bookmarks/GetBookmarks.json | 2 +- .../examples/bookmarks/expand/PostExpandBookmark.json | 2 +- .../examples/bookmarks/relations/CreateBookmarkRelation.json | 2 +- .../examples/bookmarks/relations/DeleteBookmarkRelation.json | 2 +- .../examples/bookmarks/relations/GetAllBookmarkRelations.json | 2 +- .../bookmarks/relations/GetBookmarkRelationByName.json | 2 +- .../examples/contentPackages/GetPackageById.json | 2 +- .../examples/contentPackages/GetPackages.json | 2 +- .../examples/contentPackages/GetProductPackageById.json | 2 +- .../examples/contentPackages/GetProductPackages.json | 2 +- .../examples/contentPackages/InstallPackage.json | 2 +- .../examples/contentPackages/UninstallPackage.json | 2 +- .../examples/contentTemplates/DeleteTemplate.json | 2 +- .../examples/contentTemplates/GetProductTemplateById.json | 2 +- .../examples/contentTemplates/GetProductTemplates.json | 2 +- .../examples/contentTemplates/GetTemplateById.json | 2 +- .../examples/contentTemplates/GetTemplates.json | 2 +- .../examples/contentTemplates/InstallTemplate.json | 2 +- .../CreateCustomizableDataConnectorDefinition.json | 2 +- .../DeleteDataConnectorDefinitionById.json | 2 +- .../GetCustomizableDataConnectorDefinitionById.json | 2 +- .../dataConnectorDefinitions/GetDataConnectorDefinitions.json | 2 +- .../dataConnectors/CheckRequirementsAzureActiveDirectory.json | 2 +- .../CheckRequirementsAzureActiveDirectoryNoAuthorization.json | 2 +- .../CheckRequirementsAzureActiveDirectoryNoLicense.json | 2 +- .../dataConnectors/CheckRequirementsAzureSecurityCenter.json | 2 +- .../examples/dataConnectors/CheckRequirementsDynamics365.json | 2 +- .../examples/dataConnectors/CheckRequirementsIoT.json | 2 +- .../examples/dataConnectors/CheckRequirementsMdatp.json | 2 +- .../CheckRequirementsMicrosoftCloudAppSecurity.json | 2 +- ...heckRequirementsMicrosoftPurviewInformationProtection.json | 2 +- .../CheckRequirementsMicrosoftThreatIntelligence.json | 2 +- .../CheckRequirementsMicrosoftThreatProtection.json | 2 +- .../dataConnectors/CheckRequirementsOffice365Project.json | 2 +- .../examples/dataConnectors/CheckRequirementsOfficeATP.json | 2 +- .../examples/dataConnectors/CheckRequirementsOfficeIRM.json | 2 +- .../dataConnectors/CheckRequirementsOfficePowerBI.json | 2 +- .../dataConnectors/CheckRequirementsPurviewAudit.json | 2 +- .../dataConnectors/CheckRequirementsThreatIntelligence.json | 2 +- .../CheckRequirementsThreatIntelligenceTaxii.json | 2 +- .../examples/dataConnectors/ConnectAPIPolling.json | 2 +- .../examples/dataConnectors/ConnectAPIPollingV2Logs.json | 2 +- .../examples/dataConnectors/CreateAPIPolling.json | 2 +- .../dataConnectors/CreateDynamics365DataConnetor.json | 2 +- .../examples/dataConnectors/CreateGenericUI.json | 2 +- .../examples/dataConnectors/CreateGoogleCloudPlatform.json | 2 +- ...eateMicrosoftPurviewInformationProtectionDataConnetor.json | 2 +- .../CreateMicrosoftThreatIntelligenceDataConnector.json | 2 +- .../CreateMicrosoftThreatProtectionDataConnetor.json | 2 +- .../dataConnectors/CreateOffice365ProjectDataConnetor.json | 2 +- .../examples/dataConnectors/CreateOfficeDataConnetor.json | 2 +- .../dataConnectors/CreateOfficePowerBIDataConnector.json | 2 +- ...umMicrosoftDefenderForThreatIntelligenceDataConnector.json | 2 +- .../dataConnectors/CreatePurviewAuditDataConnector.json | 2 +- .../dataConnectors/CreateThreatIntelligenceDataConnector.json | 2 +- .../CreateThreatIntelligenceTaxiiDataConnector.json | 2 +- .../examples/dataConnectors/DeleteAPIPolling.json | 2 +- .../examples/dataConnectors/DeleteGenericUI.json | 2 +- .../examples/dataConnectors/DeleteGoogleCloudPlatform.json | 2 +- ...leteMicrosoftPurviewInformationProtectionDataConnetor.json | 2 +- .../DeleteMicrosoftThreatIntelligenceDataConnector.json | 2 +- .../dataConnectors/DeleteOffice365ProjectDataConnetor.json | 2 +- .../examples/dataConnectors/DeleteOfficeDataConnetor.json | 2 +- .../dataConnectors/DeleteOfficePowerBIDataConnetor.json | 2 +- ...umMicrosoftDefenderForThreatIntelligenceDataConnector.json | 2 +- .../dataConnectors/DeletePurviewAuditDataConnector.json | 2 +- .../examples/dataConnectors/DisconnectAPIPolling.json | 2 +- .../examples/dataConnectors/GetAPIPolling.json | 2 +- .../dataConnectors/GetAmazonWebServicesCloudTrailById.json | 2 +- .../examples/dataConnectors/GetAmazonWebServicesS3ById.json | 2 +- .../examples/dataConnectors/GetAzureActiveDirectoryById.json | 2 +- .../dataConnectors/GetAzureAdvancedThreatProtectionById.json | 2 +- .../examples/dataConnectors/GetAzureSecurityCenterById.json | 2 +- .../examples/dataConnectors/GetDataConnectors.json | 2 +- .../dataConnectors/GetDynamics365DataConnectorById.json | 2 +- .../examples/dataConnectors/GetGenericUI.json | 2 +- .../examples/dataConnectors/GetGoogleCloudPlatformById.json | 2 +- .../examples/dataConnectors/GetIoTById.json | 2 +- .../dataConnectors/GetMicrosoftCloudAppSecurityById.json | 2 +- .../GetMicrosoftDefenderAdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetMicrosoftInsiderRiskManagementById.json | 2 +- ...MicrosoftPurviewInformationProtectionDataConnetorById.json | 2 +- .../dataConnectors/GetMicrosoftThreatIntelligenceById.json | 2 +- .../dataConnectors/GetMicrosoftThreatProtectionById.json | 2 +- .../GetOffice365AdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetOffice365ProjectDataConnetorById.json | 2 +- .../examples/dataConnectors/GetOfficeDataConnetorById.json | 2 +- .../dataConnectors/GetOfficePowerBIDataConnetorById.json | 2 +- .../GetPremiumMicrosoftDefenderForThreatIntelligenceById.json | 2 +- .../dataConnectors/GetPurviewAuditDataConnectorById.json | 2 +- .../examples/dataConnectors/GetRestApiPollerById.json | 2 +- .../examples/dataConnectors/GetThreatIntelligenceById.json | 2 +- .../dataConnectors/GetThreatIntelligenceTaxiiById.json | 2 +- .../examples/enrichment/GetGeodataWithWorkspaceByIp.json | 2 +- .../enrichment/GetWhoisWithWorkspaceByDomainName.json | 2 +- .../examples/entities/GetAccountEntityById.json | 2 +- .../examples/entities/GetAzureResourceEntityById.json | 2 +- .../examples/entities/GetCloudApplicationEntityById.json | 2 +- .../examples/entities/GetDnsEntityById.json | 2 +- .../2025-10-01-preview/examples/entities/GetEntities.json | 2 +- .../examples/entities/GetFileEntityById.json | 2 +- .../examples/entities/GetFileHashEntityById.json | 2 +- .../examples/entities/GetHostEntityById.json | 2 +- .../examples/entities/GetIoTDeviceEntityById.json | 2 +- .../2025-10-01-preview/examples/entities/GetIpEntityById.json | 2 +- .../examples/entities/GetMailClusterEntityById.json | 2 +- .../examples/entities/GetMailMessageEntityById.json | 2 +- .../examples/entities/GetMailboxEntityById.json | 2 +- .../examples/entities/GetMalwareEntityById.json | 2 +- .../examples/entities/GetProcessEntityById.json | 2 +- .../2025-10-01-preview/examples/entities/GetQueries.json | 2 +- .../examples/entities/GetRegistryKeyEntityById.json | 2 +- .../examples/entities/GetRegistryValueEntityById.json | 2 +- .../examples/entities/GetSecurityAlertEntityById.json | 2 +- .../examples/entities/GetSecurityGroupEntityById.json | 2 +- .../examples/entities/GetSubmissionMailEntityById.json | 2 +- .../examples/entities/GetUrlEntityById.json | 2 +- .../examples/entities/expand/PostExpandEntity.json | 2 +- .../examples/entities/insights/PostGetInsights.json | 2 +- .../examples/entities/relations/GetAllEntityRelations.json | 2 +- .../examples/entities/relations/GetEntityRelationByName.json | 2 +- .../examples/entities/timeline/PostTimelineEntity.json | 2 +- .../examples/entityQueries/CreateEntityQueryActivity.json | 2 +- .../examples/entityQueries/DeleteEntityQuery.json | 2 +- .../examples/entityQueries/GetActivityEntityQueryById.json | 2 +- .../examples/entityQueries/GetEntityQueries.json | 2 +- .../examples/entityQueries/GetExpansionEntityQueryById.json | 2 +- .../GetActivityEntityQueryTemplateById.json | 2 +- .../entityQueryTemplates/GetEntityQueryTemplates.json | 2 +- .../examples/fileImports/CreateFileImport.json | 2 +- .../examples/fileImports/DeleteFileImport.json | 2 +- .../examples/fileImports/GetFileImportById.json | 2 +- .../examples/fileImports/GetFileImports.json | 2 +- .../preview/2025-10-01-preview/examples/hunts/CreateHunt.json | 2 +- .../2025-10-01-preview/examples/hunts/CreateHuntComment.json | 2 +- .../2025-10-01-preview/examples/hunts/CreateHuntRelation.json | 2 +- .../preview/2025-10-01-preview/examples/hunts/DeleteHunt.json | 2 +- .../2025-10-01-preview/examples/hunts/DeleteHuntComment.json | 2 +- .../2025-10-01-preview/examples/hunts/DeleteHuntRelation.json | 2 +- .../2025-10-01-preview/examples/hunts/GetHuntById.json | 2 +- .../2025-10-01-preview/examples/hunts/GetHuntCommentById.json | 2 +- .../2025-10-01-preview/examples/hunts/GetHuntComments.json | 2 +- .../examples/hunts/GetHuntRelationById.json | 2 +- .../2025-10-01-preview/examples/hunts/GetHuntRelations.json | 2 +- .../preview/2025-10-01-preview/examples/hunts/GetHunts.json | 2 +- .../incidents/IncidentAlerts/Incidents_ListAlerts.json | 2 +- .../incidents/IncidentBookmarks/Incidents_ListBookmarks.json | 2 +- .../IncidentComments/IncidentComments_CreateOrUpdate.json | 2 +- .../incidents/IncidentComments/IncidentComments_Delete.json | 2 +- .../incidents/IncidentComments/IncidentComments_Get.json | 2 +- .../incidents/IncidentComments/IncidentComments_List.json | 2 +- .../incidents/IncidentEntities/Incidents_ListEntities.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_Delete.json | 2 +- .../examples/incidents/IncidentTasks/IncidentTasks_Get.json | 2 +- .../examples/incidents/IncidentTasks/IncidentTasks_List.json | 2 +- .../examples/incidents/Incidents_CreateOrUpdate.json | 2 +- .../examples/incidents/Incidents_Delete.json | 2 +- .../2025-10-01-preview/examples/incidents/Incidents_Get.json | 2 +- .../2025-10-01-preview/examples/incidents/Incidents_List.json | 2 +- .../examples/incidents/relations/CreateIncidentRelation.json | 2 +- .../examples/incidents/relations/DeleteIncidentRelation.json | 2 +- .../examples/incidents/relations/GetAllIncidentRelations.json | 2 +- .../incidents/relations/GetIncidentRelationByName.json | 2 +- .../examples/manualTrigger/Entities_RunPlaybook.json | 2 +- .../examples/manualTrigger/Incidents_RunPlaybook.json | 2 +- .../2025-10-01-preview/examples/metadata/DeleteMetadata.json | 2 +- .../2025-10-01-preview/examples/metadata/GetAllMetadata.json | 2 +- .../examples/metadata/GetAllMetadataOData.json | 2 +- .../2025-10-01-preview/examples/metadata/GetMetadata.json | 2 +- .../2025-10-01-preview/examples/metadata/PatchMetadata.json | 2 +- .../2025-10-01-preview/examples/metadata/PutMetadata.json | 2 +- .../examples/metadata/PutMetadataMinimal.json | 2 +- .../examples/officeConsents/DeleteOfficeConsents.json | 2 +- .../examples/officeConsents/GetOfficeConsents.json | 2 +- .../examples/officeConsents/GetOfficeConsentsById.json | 2 +- .../onboardingStates/CreateSentinelOnboardingState.json | 2 +- .../onboardingStates/DeleteSentinelOnboardingState.json | 2 +- .../onboardingStates/GetAllSentinelOnboardingStates.json | 2 +- .../examples/onboardingStates/GetSentinelOnboardingState.json | 2 +- .../examples/operations/ListOperations.json | 2 +- .../examples/recommendations/GetRecommendation.json | 2 +- .../examples/recommendations/GetRecommendations.json | 2 +- .../examples/recommendations/PatchRecommendation.json | 2 +- .../examples/recommendations/ReevaluateRecommendation.json | 2 +- .../examples/repositories/GetRepositories.json | 2 +- .../CreateAnomalySecurityMLAnalyticsSetting.json | 2 +- .../DeleteSecurityMLAnalyticsSetting.json | 2 +- .../GetAllSecurityMLAnalyticsSettings.json | 2 +- .../GetAnomalySecurityMLAnalyticsSetting.json | 2 +- .../examples/settings/DeleteEyesOnSetting.json | 2 +- .../2025-10-01-preview/examples/settings/GetAllSettings.json | 2 +- .../examples/settings/GetEyesOnSetting.json | 2 +- .../examples/settings/UpdateEyesOnSetting.json | 2 +- .../examples/sourcecontrols/CreateSourceControl.json | 2 +- .../examples/sourcecontrols/DeleteSourceControl.json | 2 +- .../examples/sourcecontrols/GetSourceControlById.json | 2 +- .../examples/sourcecontrols/GetSourceControls.json | 2 +- .../threatintelligence/AppendTagsThreatIntelligence.json | 2 +- .../threatintelligence/CollectThreatIntelligenceMetrics.json | 2 +- .../examples/threatintelligence/CreateThreatIntelligence.json | 2 +- .../examples/threatintelligence/DeleteThreatIntelligence.json | 2 +- .../examples/threatintelligence/GetThreatIntelligence.json | 2 +- .../threatintelligence/GetThreatIntelligenceById.json | 2 +- .../threatintelligence/PostThreatIntelligenceCount.json | 2 +- .../threatintelligence/PostThreatIntelligenceQuery.json | 2 +- .../examples/threatintelligence/QueryThreatIntelligence.json | 2 +- .../threatintelligence/ReplaceTagsThreatIntelligence.json | 2 +- .../examples/threatintelligence/UpdateThreatIntelligence.json | 2 +- .../triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json | 4 ++-- .../triggeredAnalyticsRuleRun_Get.json | 2 +- .../triggeredAnalyticsRuleRuns_Get.json | 2 +- .../examples/watchlists/CreateWatchlist.json | 2 +- .../examples/watchlists/CreateWatchlistAndWatchlistItems.json | 2 +- .../examples/watchlists/CreateWatchlistItem.json | 2 +- .../examples/watchlists/DeleteWatchlist.json | 4 ++-- .../examples/watchlists/DeleteWatchlistItem.json | 2 +- .../examples/watchlists/GetWatchlistByAlias.json | 2 +- .../examples/watchlists/GetWatchlistItemById.json | 2 +- .../examples/watchlists/GetWatchlistItems.json | 2 +- .../2025-10-01-preview/examples/watchlists/GetWatchlists.json | 2 +- .../examples/workspaceManagerAssignments/CreateJob.json | 2 +- .../CreateOrUpdateWorkspaceManagerAssignment.json | 2 +- .../examples/workspaceManagerAssignments/DeleteJob.json | 2 +- .../DeleteWorkspaceManagerAssignment.json | 2 +- .../examples/workspaceManagerAssignments/GetAllJobs.json | 2 +- .../GetAllWorkspaceManagerAssignments.json | 2 +- .../examples/workspaceManagerAssignments/GetJob.json | 2 +- .../GetWorkspaceManagerAssignment.json | 2 +- .../CreateOrUpdateWorkspaceManagerConfiguration.json | 2 +- .../DeleteWorkspaceManagerConfiguration.json | 2 +- .../GetAllWorkspaceManagerConfigurations.json | 2 +- .../GetWorkspaceManagerConfiguration.json | 2 +- .../CreateOrUpdateWorkspaceManagerGroup.json | 2 +- .../workspaceManagerGroups/DeleteWorkspaceManagerGroup.json | 2 +- .../workspaceManagerGroups/GetAllWorkspaceManagerGroups.json | 2 +- .../workspaceManagerGroups/GetWorkspaceManagerGroup.json | 2 +- .../CreateOrUpdateWorkspaceManagerMember.json | 2 +- .../workspaceManagerMembers/DeleteWorkspaceManagerMember.json | 2 +- .../GetAllWorkspaceManagerMembers.json | 2 +- .../workspaceManagerMembers/GetWorkspaceManagerMember.json | 2 +- 534 files changed, 538 insertions(+), 538 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/CreateActionOfAlertRule.json index 904a708a9307..17d489bec531 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/CreateActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/CreateActionOfAlertRule.json @@ -8,7 +8,7 @@ } }, "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/DeleteActionOfAlertRule.json index 50a35e1faa08..03d7d207db49 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/DeleteActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/DeleteActionOfAlertRule.json @@ -1,7 +1,7 @@ { "parameters": { "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetActionOfAlertRuleById.json index e20a17f7e113..fbceaa7be1c0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetActionOfAlertRuleById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetActionOfAlertRuleById.json @@ -1,7 +1,7 @@ { "parameters": { "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetAllActionsByAlertRule.json index c714a8c19cbb..55b9b68e0e1f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetAllActionsByAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/actions/GetAllActionsByAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplateById.json index 496c91335378..094b366525ee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -1,7 +1,7 @@ { "parameters": { "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplates.json index c668f6fb25b5..b535ed0c5b43 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRuleTemplates/GetAlertRuleTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRule.json index de859447a683..0ba92d4c5dfc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRule.json @@ -256,7 +256,7 @@ ] } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "myFirstFusionRule", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json index 8704695ada31..b9a45e94a0a1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json @@ -256,7 +256,7 @@ ] } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "myFirstFusionRule", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json index 8a4dc53bdcde..1786824a1139 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -9,7 +9,7 @@ "productFilter": "Microsoft Cloud App Security" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "microsoftSecurityIncidentCreationRuleExample", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateNrtAlertRule.json index 0dcb19cffe8f..89a8611024d7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateNrtAlertRule.json @@ -37,7 +37,7 @@ ] } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateScheduledAlertRule.json index fcdf6f051351..f9f2747df458 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/CreateScheduledAlertRule.json @@ -94,7 +94,7 @@ "triggerThreshold": 0 } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/DeleteAlertRule.json index e36b7ad6cf72..16ebe59535b7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/DeleteAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/DeleteAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetAllAlertRules.json index 6898cf34c528..ada86b924a69 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetAllAlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetAllAlertRules.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetFusionAlertRule.json index a197f6d4b2cc..8c15102c7d66 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetFusionAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "myFirstFusionRule", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json index 255c88719473..106184c02752 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "microsoftSecurityIncidentCreationRuleExample", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetNrtAlertRule.json index 1c442acce98a..b32f5e0eca1b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetNrtAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetScheduledAlertRule.json index 20b0d6faffd4..8602c662dade 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/alertRules/GetScheduledAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_CreateOrUpdate.json index bc9e6ba3ba25..48b240a0052f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "automationRule": { "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "type": "Microsoft.SecurityInsights/automationRules", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Delete.json index 30b0a0750183..5628c16a2e76 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Get.json index 25dd678a62c1..47da489a7097 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_List.json index 06938a8edaf3..141f8e25bad3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/automationRules/AutomationRules_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetAllBillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetAllBillingStatistics.json index c313c69cd08b..3e802033740e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetAllBillingStatistics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetAllBillingStatistics.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetBillingStatistic.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetBillingStatistic.json index b87f2405268d..917c306da5d7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetBillingStatistic.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/billingStatistics/GetBillingStatistic.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "billingStatisticName": "sapSolutionUsage", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/CreateBookmark.json index e4cd4ee0d9e0..fedad2d076c0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/CreateBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/CreateBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmark": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/DeleteBookmark.json index 7267218ea596..9dd082e1dc10 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/DeleteBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/DeleteBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarkById.json index 42e7903ad67e..9356e1957e69 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarkById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarkById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarks.json index 1245a2723ee0..a4932c502d06 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/GetBookmarks.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/expand/PostExpandBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/expand/PostExpandBookmark.json index 86aaaa2f7efd..fdde04717875 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/expand/PostExpandBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/expand/PostExpandBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "parameters": { "endTime": "2020-01-24T17:21:00.000Z", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/CreateBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/CreateBookmarkRelation.json index 1098ef7804b8..30e0ee0d82ae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/CreateBookmarkRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/CreateBookmarkRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "relation": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/DeleteBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/DeleteBookmarkRelation.json index a5df79a55a5f..d8c975641b6f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/DeleteBookmarkRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/DeleteBookmarkRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetAllBookmarkRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetAllBookmarkRelations.json index dd54eb3403f5..bd32a55c814d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetAllBookmarkRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetAllBookmarkRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetBookmarkRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetBookmarkRelationByName.json index f62ee44a9e95..1e8c5319b541 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetBookmarkRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/bookmarks/relations/GetBookmarkRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackageById.json index 27e5dcd98604..0f4d2acd9931 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackageById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "packageId": "str.azure-sentinel-solution-str", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackages.json index 93c2dcf43017..bfefd7ba3862 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetPackages.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "packageId": "str.azure-sentinel-solution-str", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackageById.json index 22893b851531..ca08586bcd29 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackageById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "packageId": "str.azure-sentinel-solution-str", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackages.json index aca44ad14b43..bea2f5c55811 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/GetProductPackages.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/InstallPackage.json index efb0fb10a224..c923c3b5b96e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/InstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/InstallPackage.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "packageId": "str.azure-sentinel-solution-str", "packageInstallationProperties": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/UninstallPackage.json index eabb93b3efdf..b1d24ac3bce3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/UninstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentPackages/UninstallPackage.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "packageId": "str.azure-sentinel-solution-str", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/DeleteTemplate.json index f7db695affcd..8633ffb99561 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/DeleteTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/DeleteTemplate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplateById.json index 3100fa1caa9f..ca4086c4b209 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplates.json index 1d5ea99396f8..8645c0b50f3a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetProductTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplateById.json index f08c78ea65e4..ff6d3d660e8a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplates.json index e6cda61f8ab2..8db11f8f875e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/GetTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/InstallTemplate.json index 570e582f4123..99d0626c0018 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/InstallTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/contentTemplates/InstallTemplate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "templateId": "str.azure-sentinel-solution-str", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json index 276d43278fcf..5a1f6df5cd84 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "connectorDefinitionInput": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "Customizable", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json index 3f018795ab7f..c571059d71c2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json index de82ef598b4d..51c76f906c89 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorDefinitionName": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetDataConnectorDefinitions.json index 0695b0478edc..385247972301 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetDataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectory.json index a17ed7b55380..46dffdd55342 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectory.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json index 33b0fdcebfc1..7f6c6663e7f8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json index a65a42e1a9a8..c77eaf9eba47 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureSecurityCenter.json index c3eba3a6f79b..a810e8bcf0ab 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureSecurityCenter.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -6,7 +6,7 @@ "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsDynamics365.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsDynamics365.json index 25fdc437183e..11016f0614fc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsDynamics365.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsDynamics365.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsIoT.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsIoT.json index 96d65519068f..b54aa46c4aa5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsIoT.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsIoT.json @@ -6,7 +6,7 @@ "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMdatp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMdatp.json index 7f29906a1ce4..a86e3f5eecb4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMdatp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMdatp.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json index 81d953de9389..7442ec638c68 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json index a652570cce55..d873c4c57199 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json index 18e55f0d1888..10e50df79278 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -6,7 +6,7 @@ "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json index 8a1edf169f78..7420f4173c17 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOffice365Project.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOffice365Project.json index a82a9104c54b..70d66196c8d0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOffice365Project.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOffice365Project.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeATP.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeATP.json index f3700725beae..6e406ac44c43 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeATP.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeATP.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeIRM.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeIRM.json index b3528f491472..b0f0fee9776b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeIRM.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficeIRM.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficePowerBI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficePowerBI.json index 56a1de0cd2d4..059c99c6a36c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficePowerBI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsOfficePowerBI.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsPurviewAudit.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsPurviewAudit.json index c48c1c30ee20..1e203c20ee7b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsPurviewAudit.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsPurviewAudit.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligence.json index 5a7e0877f770..686e58eb78f2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json index ff35b1c6e3e4..7c11a3e2f3ba 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPolling.json index 706796c34271..969a067895ed 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "connectBody": { "apiKey": "123456789", "kind": "APIKey", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPollingV2Logs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPollingV2Logs.json index 3d0746c25c48..d01902a6459d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPollingV2Logs.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/ConnectAPIPollingV2Logs.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "connectBody": { "apiKey": "123456789", "dataCollectionEndpoint": "https://test.eastus.ingest.monitor.azure.com", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateAPIPolling.json index 18ffab7d617b..484e1602b0a9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "APIPolling", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateDynamics365DataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateDynamics365DataConnetor.json index ba1162e6ff90..142c5a3590bf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateDynamics365DataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateDynamics365DataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "Dynamics365", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGenericUI.json index b88373152062..e28e6e7af16f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "GenericUI", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGoogleCloudPlatform.json index 013828b0db9e..4bc2587aaa62 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGoogleCloudPlatform.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateGoogleCloudPlatform.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "GCP", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json index 36b05de8f57e..c0346975ff85 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "MicrosoftPurviewInformationProtection", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json index bfe4029ef57c..3dbd6ab13ef7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "MicrosoftThreatIntelligence", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json index e0d8c784b0db..cda2a01abb98 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "MicrosoftThreatProtection", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOffice365ProjectDataConnetor.json index c52fa5e303a9..8878ac99b5d5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOffice365ProjectDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOffice365ProjectDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "Office365Project", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficeDataConnetor.json index 5bbc97a44fdb..c2e157cfc2cb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficeDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "Office365", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficePowerBIDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficePowerBIDataConnector.json index 9a6eb564bab0..5441584c914b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficePowerBIDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateOfficePowerBIDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "OfficePowerBI", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json index 042a6d8d0eb8..78b14e58011d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "PremiumMicrosoftDefenderForThreatIntelligence", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePurviewAuditDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePurviewAuditDataConnector.json index cdeeed502215..68340a07e8e7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePurviewAuditDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreatePurviewAuditDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "PurviewAudit", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceDataConnector.json index fd604155a11b..e0ccf96ac298 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "ThreatIntelligence", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json index ffbf6247cef8..ada3fb8ca630 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", "kind": "ThreatIntelligenceTaxii", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteAPIPolling.json index 133a3dfa341d..991e711407f2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGenericUI.json index 953a92a9e054..c1099effa4b8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGoogleCloudPlatform.json index dc5648def492..c7143227bb46 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGoogleCloudPlatform.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteGoogleCloudPlatform.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json index 87a923780d9a..ca30436bf201 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json index 993e741d87f1..91ef088dd77b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOffice365ProjectDataConnetor.json index 072360884a5b..fd62ae5deb90 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOffice365ProjectDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOffice365ProjectDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficeDataConnetor.json index e6366574dbf6..4c0dca3c9682 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficeDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficePowerBIDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficePowerBIDataConnetor.json index 0f697fb5bab7..34927104cbff 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficePowerBIDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeleteOfficePowerBIDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json index ef5fd2b3fcd0..28c912e03083 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", "resourceGroupName": "myRg", "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePurviewAuditDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePurviewAuditDataConnector.json index a75742fcd00a..543b503cc666 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePurviewAuditDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DeletePurviewAuditDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DisconnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DisconnectAPIPolling.json index 566a535f329a..93572571b9be 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DisconnectAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/DisconnectAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", "disconnectBody": {}, "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAPIPolling.json index 5454f3b02034..5fdb2d599526 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesCloudTrailById.json index f09d00672ba1..939af4288c0f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesCloudTrailById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesS3ById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesS3ById.json index 4c66c3e77416..c7ed681c2998 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesS3ById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAmazonWebServicesS3ById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "afef3743-0c88-469c-84ff-ca2e87dc1e48", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureActiveDirectoryById.json index e1bb71fe8ef9..3e1409edd72b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureActiveDirectoryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureActiveDirectoryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureAdvancedThreatProtectionById.json index e78ee70d0c7c..aacf6f30c148 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureSecurityCenterById.json index a703927809af..9012541f4bf1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureSecurityCenterById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetAzureSecurityCenterById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDataConnectors.json index 4764fd4e2720..fcca3abd77b3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDataConnectors.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDynamics365DataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDynamics365DataConnectorById.json index 5fa1f3f4e081..fb12691715e4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDynamics365DataConnectorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetDynamics365DataConnectorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGenericUI.json index 56f2bd9f6b66..521f69a3ac69 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGoogleCloudPlatformById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGoogleCloudPlatformById.json index c13e6713d5f7..6261a9f5bf96 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGoogleCloudPlatformById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetGoogleCloudPlatformById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetIoTById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetIoTById.json index 15e0c7ef86b8..d9e6315d1452 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetIoTById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetIoTById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftCloudAppSecurityById.json index a7d731f16965..1297792780c3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json index f9c359e48ccd..70365cbdf438 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftInsiderRiskManagementById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftInsiderRiskManagementById.json index 589c84e48df7..1cee90a4fe65 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftInsiderRiskManagementById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftInsiderRiskManagementById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json index 2c8ddc5321ad..20e5aa1d6f11 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatIntelligenceById.json index de5e448c5321..23958fb1a797 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatProtectionById.json index 7f6a4865694d..75649673ce02 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365AdvancedThreatProtectionById.json index 0af1417f716f..4ae3e25bd32e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365AdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365ProjectDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365ProjectDataConnetorById.json index 215594eeab46..cac63eaf1b2b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365ProjectDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOffice365ProjectDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficeDataConnetorById.json index 01486ac3c6ed..7ae9a3a1475e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficeDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficeDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficePowerBIDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficePowerBIDataConnetorById.json index 1c06fc94e372..059324fa8f35 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficePowerBIDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetOfficePowerBIDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json index 549b92b7dccb..f884f19d5d07 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", "resourceGroupName": "myRg", "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPurviewAuditDataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPurviewAuditDataConnectorById.json index f8479de0daf7..91b1ff4209e2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPurviewAuditDataConnectorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetPurviewAuditDataConnectorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetRestApiPollerById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetRestApiPollerById.json index 68853ae70016..2f1133d3bb46 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetRestApiPollerById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetRestApiPollerById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "RestApiPoller_fce27b90-d6f5-4d30-991a-af509a2b50a1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceById.json index 4afc00f7709b..86f594520509 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceTaxiiById.json index fc6bce29fc75..b841ddfc524a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceTaxiiById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetGeodataWithWorkspaceByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetGeodataWithWorkspaceByIp.json index 65e9ecde256c..815314b2ddfc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetGeodataWithWorkspaceByIp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetGeodataWithWorkspaceByIp.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "enrichmentType": "main", "ipAddressBody": { "ipAddress": "1.2.3.4" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetWhoisWithWorkspaceByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetWhoisWithWorkspaceByDomainName.json index 8fffd157fcd0..4f9b03c73700 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetWhoisWithWorkspaceByDomainName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/enrichment/GetWhoisWithWorkspaceByDomainName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "domainBody": { "domain": "microsoft.com" }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAccountEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAccountEntityById.json index 18384d06a41d..9df188c53798 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAccountEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAccountEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAzureResourceEntityById.json index 5f75c80c157a..cbe4c1798dcd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAzureResourceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetAzureResourceEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetCloudApplicationEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetCloudApplicationEntityById.json index 6fbcf4dfc2a5..9a233d020916 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetCloudApplicationEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetCloudApplicationEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetDnsEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetDnsEntityById.json index 67caffabe17b..034197682d9a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetDnsEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetDnsEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetEntities.json index 0a2a9715c814..849c41c16f59 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetEntities.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileEntityById.json index d8b9d15b57d6..b4e54ebf0ced 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileHashEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileHashEntityById.json index 146bdf4137eb..e57d0287d7b2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileHashEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetFileHashEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "ea359fa6-c1e5-f878-e105-6344f3e399a1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetHostEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetHostEntityById.json index 7933acdd0cee..c4afb55f954c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetHostEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetHostEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIoTDeviceEntityById.json index dc1bf231340a..93c077a4956a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIoTDeviceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIoTDeviceEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIpEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIpEntityById.json index facf3c88998b..7640cda5df70 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIpEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetIpEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailClusterEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailClusterEntityById.json index 4061962acf8b..3754cbc7ab31 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailClusterEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailClusterEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailMessageEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailMessageEntityById.json index 21cfe5b46dec..de1c36cb6819 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailMessageEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailMessageEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailboxEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailboxEntityById.json index b746ebacbab2..920528f323fa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailboxEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMailboxEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMalwareEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMalwareEntityById.json index 1379e3c0c026..1f409370d992 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMalwareEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetMalwareEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetProcessEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetProcessEntityById.json index 767493a80ad0..4a73834cb280 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetProcessEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetProcessEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "7264685c-038c-42c6-948c-38e14ef1fb98", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetQueries.json index 589b412b6acd..08559b67b344 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetQueries.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "kind": "Insight", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryKeyEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryKeyEntityById.json index 97b0af202cc2..369257270f01 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryKeyEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryKeyEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryValueEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryValueEntityById.json index 1ea4061210fb..f320374d5eb6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryValueEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetRegistryValueEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "dc44bd11-b348-4d76-ad29-37bf7aa41356", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityAlertEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityAlertEntityById.json index ec2ef6b36d2f..7564694dea94 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityAlertEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityAlertEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityGroupEntityById.json index 61c65e82fea6..e0180949e397 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityGroupEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSecurityGroupEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSubmissionMailEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSubmissionMailEntityById.json index c75910cfe173..6402e4966595 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSubmissionMailEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetSubmissionMailEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetUrlEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetUrlEntityById.json index 288ccdadd996..2f2cab7dd862 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetUrlEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/GetUrlEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/expand/PostExpandEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/expand/PostExpandEntity.json index 50ba865db62f..f3af1e247d05 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/expand/PostExpandEntity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/expand/PostExpandEntity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "parameters": { "endTime": "2019-05-26T00:00:00.000Z", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/insights/PostGetInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/insights/PostGetInsights.json index 2d1b6d865efb..99bd965e75d9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/insights/PostGetInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/insights/PostGetInsights.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "parameters": { "addDefaultExtendedTimeRange": false, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetAllEntityRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetAllEntityRelations.json index 4dc687cc4828..a85c73f3a9b3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetAllEntityRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetAllEntityRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetEntityRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetEntityRelationByName.json index 277ac631aead..779bced09ace 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetEntityRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/relations/GetEntityRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/timeline/PostTimelineEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/timeline/PostTimelineEntity.json index 4c55d6896157..9c3c3383885e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/timeline/PostTimelineEntity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entities/timeline/PostTimelineEntity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "parameters": { "endTime": "2021-10-01T00:00:00.000Z", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/CreateEntityQueryActivity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/CreateEntityQueryActivity.json index 771abd7b056a..a2356cbcf3c4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/CreateEntityQueryActivity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/CreateEntityQueryActivity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityQuery": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "Activity", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/DeleteEntityQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/DeleteEntityQuery.json index 097ca34b93ec..19a57a53212e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/DeleteEntityQuery.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/DeleteEntityQuery.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetActivityEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetActivityEntityQueryById.json index 88a6d5caa8fc..127a54f9e64c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetActivityEntityQueryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetActivityEntityQueryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetEntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetEntityQueries.json index ffc121f91ef7..7622fbe517d9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetEntityQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetEntityQueries.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "kind": "Expansion", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetExpansionEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetExpansionEntityQueryById.json index b30861c2762b..47f47d7a10c5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetExpansionEntityQueryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueries/GetExpansionEntityQueryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetActivityEntityQueryTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetActivityEntityQueryTemplateById.json index 8a4bc8db0d4d..15575fff3931 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetActivityEntityQueryTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetActivityEntityQueryTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityQueryTemplateId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetEntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetEntityQueryTemplates.json index 5bafe95375bc..22c1fb7b6af2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetEntityQueryTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/entityQueryTemplates/GetEntityQueryTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "kind": "Activity", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/CreateFileImport.json index 49535a9726c9..d2024e429279 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/CreateFileImport.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/CreateFileImport.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "fileImport": { "properties": { "contentType": "StixIndicator", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/DeleteFileImport.json index cc102b63196f..c7489eb422bc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/DeleteFileImport.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/DeleteFileImport.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImportById.json index f0f0e736620f..a85409a22cd2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImportById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImportById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImports.json index 134a41293012..026f5827ff48 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImports.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/fileImports/GetFileImports.json @@ -2,7 +2,7 @@ "parameters": { "$orderby": "properties/createdTimeUtc desc", "$top": 1, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHunt.json index 6e083f526fd7..93d9892ef265 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHunt.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHunt.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "hunt": { "properties": { "description": "Log4J Hunt Description", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntComment.json index eed52869f4a0..0b7347e573c3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntComment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntComment": { "properties": { "message": "This is a test comment." diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntRelation.json index fb92cd36d507..c2a8c49bee45 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/CreateHuntRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "huntRelation": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHunt.json index 2567eb7cae0e..1cdd7fa74d72 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHunt.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHunt.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntComment.json index a8fc45ed9073..142d15803d58 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntComment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c123456", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntRelation.json index 90c13f3a0f0c..d08df9485717 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/DeleteHuntRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntById.json index 648d0c797dd3..04a13d3cca29 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntCommentById.json index 827bbe4722da..60c0f1128353 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntCommentById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntCommentById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntComments.json index a21748e1174b..0165d58d37a3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntComments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntComments.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelationById.json index c5ac24495f27..e1dcdbdacc42 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelationById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelationById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelations.json index fa3becf05462..19db89d38180 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHuntRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHunts.json index e9aee2f1db91..f787f91d800f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHunts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/hunts/GetHunts.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentAlerts/Incidents_ListAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentAlerts/Incidents_ListAlerts.json index 4e084ad486c0..cfdd52c45454 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentAlerts/Incidents_ListAlerts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentAlerts/Incidents_ListAlerts.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentBookmarks/Incidents_ListBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentBookmarks/Incidents_ListBookmarks.json index 4174fe0e2fb4..d9b065b57a3c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentBookmarks/Incidents_ListBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentBookmarks/Incidents_ListBookmarks.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json index 4489d56a1b5a..faf7aa1210ec 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentComment": { "properties": { "message": "Some message" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Delete.json index 43916a3ca5b2..a78cd59af60d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Get.json index f03d0025da19..ef6bbc73b202 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_List.json index cbd1f139b004..770a535bbabe 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentComments/IncidentComments_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentEntities/Incidents_ListEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentEntities/Incidents_ListEntities.json index 285ef6bd77d7..5a0857a79d5c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentEntities/Incidents_ListEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentEntities/Incidents_ListEntities.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json index fc2e97491beb..91256a518ef4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "incidentTask": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Delete.json index d03a76564479..d6cb8b7e71fc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Get.json index 67839638080e..5bef14297870 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_List.json index cf70ef063fa2..8dffc9fa5668 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/IncidentTasks/IncidentTasks_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_CreateOrUpdate.json index 9feb5c4b6ce0..b4b22c94e0b4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incident": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Delete.json index c0c098b6528f..430b09d5eb4f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Get.json index eb8fb21cbb30..af51c024e8ab 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_List.json index a030f71b61d2..e53267e293a8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/Incidents_List.json @@ -2,7 +2,7 @@ "parameters": { "$orderby": "properties/createdTimeUtc desc", "$top": 1, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/CreateIncidentRelation.json index bd8aa5e22d0a..055800622150 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/CreateIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/CreateIncidentRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "relation": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/DeleteIncidentRelation.json index ee1162ee4af1..5af009cf144f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/DeleteIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/DeleteIncidentRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetAllIncidentRelations.json index a4c096aae44b..e09ba9a99bfd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetAllIncidentRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetAllIncidentRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetIncidentRelationByName.json index 965f54d79df4..5fdfb24a1549 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetIncidentRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/incidents/relations/GetIncidentRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Entities_RunPlaybook.json index 605fa10c8ce9..02c7f8a27f66 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Entities_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Entities_RunPlaybook.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityIdentifier": "72e01a22-5cd2-4139-a149-9f2736ff2ar2", "manualTriggerRequestBody": { "incidentArmId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Incidents_RunPlaybook.json index c1067705d428..5e904107308e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Incidents_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/manualTrigger/Incidents_RunPlaybook.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentIdentifier": "73e01a99-5cd7-4139-a149-9f2736ff2ar4", "manualTriggerRequestBody": { "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/DeleteMetadata.json index 134825dedea2..d772ab534f7a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/DeleteMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/DeleteMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "metadataName": "metadataName", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadata.json index a64076781215..e14bfd6a1bb6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadataOData.json index a03824d80dac..b6f823b5609d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadataOData.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetAllMetadataOData.json @@ -4,7 +4,7 @@ "ODataOrderBy": "properties/parentId desc", "ODataSkip": "2", "ODataTop": "2", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetMetadata.json index 2fffd8881f8f..c1bc13e239e0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/GetMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "metadataName": "metadataName", "resourceGroupName": "myRg", "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PatchMetadata.json index 7afe099fca4f..2abe5dc131d1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PatchMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PatchMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "metadataName": "metadataName", "metadataPatch": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadata.json index ed25f53edb7e..720929c381ba 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "metadata": { "properties": { "author": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadataMinimal.json index 5cf6cfa7b708..4488149aa57f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadataMinimal.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/metadata/PutMetadataMinimal.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "metadata": { "properties": { "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/DeleteOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/DeleteOfficeConsents.json index 433c82f96995..39148fc21d1a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/DeleteOfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/DeleteOfficeConsents.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsents.json index a0dde26a2d68..3df1fe677e9b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsents.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsentsById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsentsById.json index b3bbae88aa4f..e55e361a67bc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsentsById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/officeConsents/GetOfficeConsentsById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/CreateSentinelOnboardingState.json index b7b98d55bbd6..8a4d7f0371d4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/CreateSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/CreateSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "sentinelOnboardingStateName": "default", "sentinelOnboardingStateParameter": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/DeleteSentinelOnboardingState.json index de2bdddfa3fd..697cbad49ecb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/DeleteSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/DeleteSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "sentinelOnboardingStateName": "default", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetAllSentinelOnboardingStates.json index c80511e7bf8b..b0eedcfa70ac 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetAllSentinelOnboardingStates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetAllSentinelOnboardingStates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetSentinelOnboardingState.json index 9c0b1436c694..db19fa980bb9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/onboardingStates/GetSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "sentinelOnboardingStateName": "default", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/operations/ListOperations.json index 721daa53a65a..0d27a14696e5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/operations/ListOperations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/operations/ListOperations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview" + "api-version": "2025-10-01-preview" }, "responses": { "200": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendation.json index 70200a5df457..55a686ca3fb7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendations.json index 26a410cd266e..7f54b283c881 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/GetRecommendations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/PatchRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/PatchRecommendation.json index ebf478498d1d..7a7b17520141 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/PatchRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/PatchRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", "recommendationPatch": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/ReevaluateRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/ReevaluateRecommendation.json index a26c0f89f46e..4c390e36f11a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/ReevaluateRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/recommendations/ReevaluateRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/repositories/GetRepositories.json index b2c20119393a..2bd6a690e7b7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/repositories/GetRepositories.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/repositories/GetRepositories.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "repoType": "Github", "repositoryAccess": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json index 2d5b6cd7cb23..6175f05c5668 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "securityMLAnalyticsSetting": { "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json index 1c10d8407f62..8bb7502b156f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json index b0ec472444c0..dde579d38494 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json index b33055425acb..e7960ff6994f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "settingsResourceName": "myFirstAnomalySettings", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/DeleteEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/DeleteEyesOnSetting.json index 211b8a26d65f..f82149acc578 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/DeleteEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/DeleteEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "settingsName": "EyesOn", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetAllSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetAllSettings.json index 2dd5534726b1..a297cf74826d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetAllSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetAllSettings.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetEyesOnSetting.json index e7f3ac94cf4b..6736fc22de7f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/GetEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "settingsName": "EyesOn", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/UpdateEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/UpdateEyesOnSetting.json index 9a1e5035e535..27bec1060500 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/UpdateEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/settings/UpdateEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "settings": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/CreateSourceControl.json index 79dfa421de1e..9b457752fd3f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/CreateSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/CreateSourceControl.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "sourceControl": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/DeleteSourceControl.json index 2b35676dcefa..197cfffc2a6d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/DeleteSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/DeleteSourceControl.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "repositoryAccess": { "properties": { "repositoryAccess": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControlById.json index 61526607ae5b..81b4267ca268 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControlById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControlById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControls.json index 59fc1d9bf85a..b27a7fce7c1b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/sourcecontrols/GetSourceControls.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/AppendTagsThreatIntelligence.json index 2c48b3fb12a5..707a21ad6b71 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/AppendTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/AppendTagsThreatIntelligence.json @@ -7,7 +7,7 @@ "tag2" ] }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CollectThreatIntelligenceMetrics.json index 6c3e2d3b96e0..f37e13cc8fb4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CollectThreatIntelligenceMetrics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CreateThreatIntelligence.json index 2d0a6fc24189..7381060226c7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CreateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/CreateThreatIntelligence.json @@ -26,7 +26,7 @@ "validUntil": "" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/DeleteThreatIntelligence.json index 66a673697d45..97c985bb808a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/DeleteThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/DeleteThreatIntelligence.json @@ -1,7 +1,7 @@ { "parameters": { "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligence.json index dad44c3dda85..b0582a14f227 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligenceById.json index 3798b2c3a4ca..fe89e3d7390a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/GetThreatIntelligenceById.json @@ -1,7 +1,7 @@ { "parameters": { "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceCount.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceCount.json index 5ec0209a8821..e935e47ee667 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceCount.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceCount.json @@ -14,7 +14,7 @@ "conditionConnective": null } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "tiType": "main", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceQuery.json index 88460bbeff23..f964d916ab4f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceQuery.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/PostThreatIntelligenceQuery.json @@ -21,7 +21,7 @@ "field": "lastUpdatedTimeUtc" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "tiType": "main", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/QueryThreatIntelligence.json index 2c42f3cd56d3..a39ca2f01930 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/QueryThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/QueryThreatIntelligence.json @@ -16,7 +16,7 @@ "Azure Sentinel" ] }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/ReplaceTagsThreatIntelligence.json index e33f149d03e8..9922f06082a7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/ReplaceTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -10,7 +10,7 @@ ] } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/UpdateThreatIntelligence.json index 8342b286cc61..536cb8b33f55 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/UpdateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/threatintelligence/UpdateThreatIntelligence.json @@ -27,7 +27,7 @@ "validUntil": "" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json index 02fe28e037f0..baf42d2a0bee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json @@ -5,7 +5,7 @@ "executionTimeUtc": "2022-12-22T15:37:03.074Z" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", @@ -15,7 +15,7 @@ "202": { "headers": { "Code": "202", - "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2025-07-01-preview", + "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2025-10-01-preview", "Message": "Accepted" } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json index be2e3d433ee8..ed28a919d744 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json index 1bdb624d845a..59a63f69e749 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlist.json index eeeb1477a776..c8594dc1e24e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlist.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "watchlist": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistAndWatchlistItems.json index 0f61393d06a3..f9eddd2e3143 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistAndWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistAndWatchlistItems.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistItem.json index 947301fc9d02..fd4610e1438e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/CreateWatchlistItem.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlist.json index d63c7970b432..1c6ab6b51d86 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlist.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", @@ -10,7 +10,7 @@ "responses": { "202": { "headers": { - "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2025-07-01-preview" + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2025-10-01-preview" } }, "204": {} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlistItem.json index 8dbdf4e4351f..7f51fc80d314 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/DeleteWatchlistItem.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistByAlias.json index 0896000a0d57..d5b15bb34bff 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistByAlias.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistByAlias.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItemById.json index 9586d269d1d5..dae312e215eb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItemById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItemById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItems.json index f9548e237c50..269f37bd0825 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlistItems.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlists.json index 220c68e3422e..d68f63301473 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/watchlists/GetWatchlists.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateJob.json index 9f8551d604b2..35f9aa68c184 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json index 07f98d6688ea..fd615dfc50a2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerAssignment": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteJob.json index 403b32cdd8d8..a4e3c18bb0a6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json index 6ae1d78ab35c..bd996495b7c5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllJobs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllJobs.json index a3e328639e41..c2b94633ae29 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllJobs.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllJobs.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json index 3c095b8b0ea9..ab8813d6a2bd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetJob.json index a97036a1ee94..7ef53d89719a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json index c606338137ed..e79ec34384b2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json index 20d594abfdb2..9a59b0adceed 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerConfiguration": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json index 41eb345d61d6..27aac84558f7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerConfigurationName": "default", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json index 89c01951d8b8..683a7c6a387f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json index 53302cb6bd0e..b6c7d21f74ea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerConfigurationName": "default", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json index eaf4a4754b5e..0a39add9d367 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerGroup": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json index 7b71dc835a9e..1bf69f216183 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json index 163a1cf83020..9f7162d1f5e6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetWorkspaceManagerGroup.json index 99a6b5193f14..3550bac7cd53 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerGroups/GetWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json index 32ac191cf60d..8797b9654272 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerMember": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/DeleteWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/DeleteWorkspaceManagerMember.json index a7e64b8bb0a2..a8dc6c0004f0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/DeleteWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/DeleteWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json index 0a061dd98447..2eef26004d59 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetWorkspaceManagerMember.json index e3b58839f6bf..93dc693f9e5b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/examples/2025-10-01-preview/workspaceManagerMembers/GetWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/CreateActionOfAlertRule.json index 904a708a9307..17d489bec531 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/CreateActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/CreateActionOfAlertRule.json @@ -8,7 +8,7 @@ } }, "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/DeleteActionOfAlertRule.json index 50a35e1faa08..03d7d207db49 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/DeleteActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/DeleteActionOfAlertRule.json @@ -1,7 +1,7 @@ { "parameters": { "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetActionOfAlertRuleById.json index e20a17f7e113..fbceaa7be1c0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetActionOfAlertRuleById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetActionOfAlertRuleById.json @@ -1,7 +1,7 @@ { "parameters": { "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetAllActionsByAlertRule.json index c714a8c19cbb..55b9b68e0e1f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetAllActionsByAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/actions/GetAllActionsByAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json index 496c91335378..094b366525ee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -1,7 +1,7 @@ { "parameters": { "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json index c668f6fb25b5..b535ed0c5b43 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRule.json index de859447a683..0ba92d4c5dfc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRule.json @@ -256,7 +256,7 @@ ] } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "myFirstFusionRule", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json index 8704695ada31..b9a45e94a0a1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json @@ -256,7 +256,7 @@ ] } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "myFirstFusionRule", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json index 8a4dc53bdcde..1786824a1139 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -9,7 +9,7 @@ "productFilter": "Microsoft Cloud App Security" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "microsoftSecurityIncidentCreationRuleExample", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateNrtAlertRule.json index 0dcb19cffe8f..89a8611024d7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateNrtAlertRule.json @@ -37,7 +37,7 @@ ] } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json index fcdf6f051351..f9f2747df458 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json @@ -94,7 +94,7 @@ "triggerThreshold": 0 } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/DeleteAlertRule.json index e36b7ad6cf72..16ebe59535b7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/DeleteAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/DeleteAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetAllAlertRules.json index 6898cf34c528..ada86b924a69 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetAllAlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetAllAlertRules.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetFusionAlertRule.json index a197f6d4b2cc..8c15102c7d66 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetFusionAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "myFirstFusionRule", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json index 255c88719473..106184c02752 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "microsoftSecurityIncidentCreationRuleExample", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetNrtAlertRule.json index 1c442acce98a..b32f5e0eca1b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetNrtAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetScheduledAlertRule.json index 20b0d6faffd4..8602c662dade 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/alertRules/GetScheduledAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index bc9e6ba3ba25..48b240a0052f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "automationRule": { "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "type": "Microsoft.SecurityInsights/automationRules", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Delete.json index 30b0a0750183..5628c16a2e76 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Get.json index 25dd678a62c1..47da489a7097 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_List.json index 06938a8edaf3..141f8e25bad3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json index c313c69cd08b..3e802033740e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetBillingStatistic.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetBillingStatistic.json index b87f2405268d..917c306da5d7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetBillingStatistic.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/billingStatistics/GetBillingStatistic.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "billingStatisticName": "sapSolutionUsage", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/CreateBookmark.json index e4cd4ee0d9e0..fedad2d076c0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/CreateBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/CreateBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmark": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/DeleteBookmark.json index 7267218ea596..9dd082e1dc10 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/DeleteBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/DeleteBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarkById.json index 42e7903ad67e..9356e1957e69 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarkById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarkById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarks.json index 1245a2723ee0..a4932c502d06 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/GetBookmarks.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json index 86aaaa2f7efd..fdde04717875 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "parameters": { "endTime": "2020-01-24T17:21:00.000Z", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json index 1098ef7804b8..30e0ee0d82ae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "relation": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json index a5df79a55a5f..d8c975641b6f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json index dd54eb3403f5..bd32a55c814d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json index f62ee44a9e95..1e8c5319b541 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackageById.json index 27e5dcd98604..0f4d2acd9931 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackageById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "packageId": "str.azure-sentinel-solution-str", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackages.json index 93c2dcf43017..bfefd7ba3862 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetPackages.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "packageId": "str.azure-sentinel-solution-str", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackageById.json index 22893b851531..ca08586bcd29 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackageById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "packageId": "str.azure-sentinel-solution-str", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackages.json index aca44ad14b43..bea2f5c55811 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/GetProductPackages.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/InstallPackage.json index efb0fb10a224..c923c3b5b96e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/InstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/InstallPackage.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "packageId": "str.azure-sentinel-solution-str", "packageInstallationProperties": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/UninstallPackage.json index eabb93b3efdf..b1d24ac3bce3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/UninstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentPackages/UninstallPackage.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "packageId": "str.azure-sentinel-solution-str", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/DeleteTemplate.json index f7db695affcd..8633ffb99561 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/DeleteTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/DeleteTemplate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplateById.json index 3100fa1caa9f..ca4086c4b209 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplates.json index 1d5ea99396f8..8645c0b50f3a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetProductTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplateById.json index f08c78ea65e4..ff6d3d660e8a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplates.json index e6cda61f8ab2..8db11f8f875e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/GetTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/InstallTemplate.json index 570e582f4123..99d0626c0018 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/InstallTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/contentTemplates/InstallTemplate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "templateId": "str.azure-sentinel-solution-str", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json index 276d43278fcf..5a1f6df5cd84 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "connectorDefinitionInput": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "Customizable", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json index 3f018795ab7f..c571059d71c2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json index de82ef598b4d..51c76f906c89 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectorDefinitionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorDefinitionName": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json index 0695b0478edc..385247972301 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json index a17ed7b55380..46dffdd55342 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json index 33b0fdcebfc1..7f6c6663e7f8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json index a65a42e1a9a8..c77eaf9eba47 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json index c3eba3a6f79b..a810e8bcf0ab 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -6,7 +6,7 @@ "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json index 25fdc437183e..11016f0614fc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json index 96d65519068f..b54aa46c4aa5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json @@ -6,7 +6,7 @@ "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json index 7f29906a1ce4..a86e3f5eecb4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json index 81d953de9389..7442ec638c68 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json index a652570cce55..d873c4c57199 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json index 18e55f0d1888..10e50df79278 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -6,7 +6,7 @@ "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json index 8a1edf169f78..7420f4173c17 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json index a82a9104c54b..70d66196c8d0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json index f3700725beae..6e406ac44c43 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json index b3528f491472..b0f0fee9776b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json index 56a1de0cd2d4..059c99c6a36c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsPurviewAudit.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsPurviewAudit.json index c48c1c30ee20..1e203c20ee7b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsPurviewAudit.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsPurviewAudit.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json index 5a7e0877f770..686e58eb78f2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json index ff35b1c6e3e4..7c11a3e2f3ba 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -6,7 +6,7 @@ "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json index 706796c34271..969a067895ed 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "connectBody": { "apiKey": "123456789", "kind": "APIKey", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json index 3d0746c25c48..d01902a6459d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "connectBody": { "apiKey": "123456789", "dataCollectionEndpoint": "https://test.eastus.ingest.monitor.azure.com", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateAPIPolling.json index 18ffab7d617b..484e1602b0a9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "APIPolling", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json index ba1162e6ff90..142c5a3590bf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "Dynamics365", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGenericUI.json index b88373152062..e28e6e7af16f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "GenericUI", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json index 013828b0db9e..4bc2587aaa62 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "GCP", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json index 36b05de8f57e..c0346975ff85 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "MicrosoftPurviewInformationProtection", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json index bfe4029ef57c..3dbd6ab13ef7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "MicrosoftThreatIntelligence", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json index e0d8c784b0db..cda2a01abb98 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "MicrosoftThreatProtection", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json index c52fa5e303a9..8878ac99b5d5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "Office365Project", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json index 5bbc97a44fdb..c2e157cfc2cb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "Office365", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json index 9a6eb564bab0..5441584c914b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "OfficePowerBI", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json index 042a6d8d0eb8..78b14e58011d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "PremiumMicrosoftDefenderForThreatIntelligence", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePurviewAuditDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePurviewAuditDataConnector.json index cdeeed502215..68340a07e8e7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePurviewAuditDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreatePurviewAuditDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "PurviewAudit", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json index fd604155a11b..e0ccf96ac298 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "kind": "ThreatIntelligence", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json index ffbf6247cef8..ada3fb8ca630 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnector": { "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", "kind": "ThreatIntelligenceTaxii", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json index 133a3dfa341d..991e711407f2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGenericUI.json index 953a92a9e054..c1099effa4b8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json index dc5648def492..c7143227bb46 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json index 87a923780d9a..ca30436bf201 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json index 993e741d87f1..91ef088dd77b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json index 072360884a5b..fd62ae5deb90 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json index e6366574dbf6..4c0dca3c9682 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json index 0f697fb5bab7..34927104cbff 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json index ef5fd2b3fcd0..28c912e03083 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePremiumMicrosoftDefenderForThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", "resourceGroupName": "myRg", "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePurviewAuditDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePurviewAuditDataConnector.json index a75742fcd00a..543b503cc666 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePurviewAuditDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DeletePurviewAuditDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json index 566a535f329a..93572571b9be 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", "disconnectBody": {}, "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAPIPolling.json index 5454f3b02034..5fdb2d599526 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json index f09d00672ba1..939af4288c0f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json index 4c66c3e77416..c7ed681c2998 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "afef3743-0c88-469c-84ff-ca2e87dc1e48", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json index e1bb71fe8ef9..3e1409edd72b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json index e78ee70d0c7c..aacf6f30c148 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json index a703927809af..9012541f4bf1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDataConnectors.json index 4764fd4e2720..fcca3abd77b3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json index 5fa1f3f4e081..fb12691715e4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGenericUI.json index 56f2bd9f6b66..521f69a3ac69 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json index c13e6713d5f7..6261a9f5bf96 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetIoTById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetIoTById.json index 15e0c7ef86b8..d9e6315d1452 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetIoTById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetIoTById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json index a7d731f16965..1297792780c3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json index f9c359e48ccd..70365cbdf438 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json index 589c84e48df7..1cee90a4fe65 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json index 2c8ddc5321ad..20e5aa1d6f11 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json index de5e448c5321..23958fb1a797 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json index 7f6a4865694d..75649673ce02 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json index 0af1417f716f..4ae3e25bd32e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json index 215594eeab46..cac63eaf1b2b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json index 01486ac3c6ed..7ae9a3a1475e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json index 1c06fc94e372..059324fa8f35 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json index 549b92b7dccb..f884f19d5d07 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPremiumMicrosoftDefenderForThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "8c569548-a86c-4fb4-8ae4-d1e35a6146f8", "resourceGroupName": "myRg", "subscriptionId": "b66e5c69-e2eb-422a-81c3-002de57059f3", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPurviewAuditDataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPurviewAuditDataConnectorById.json index f8479de0daf7..91b1ff4209e2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPurviewAuditDataConnectorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetPurviewAuditDataConnectorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetRestApiPollerById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetRestApiPollerById.json index 68853ae70016..2f1133d3bb46 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetRestApiPollerById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetRestApiPollerById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "RestApiPoller_fce27b90-d6f5-4d30-991a-af509a2b50a1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json index 4afc00f7709b..86f594520509 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json index fc6bce29fc75..b841ddfc524a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json index 65e9ecde256c..815314b2ddfc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "enrichmentType": "main", "ipAddressBody": { "ipAddress": "1.2.3.4" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json index 8fffd157fcd0..4f9b03c73700 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "domainBody": { "domain": "microsoft.com" }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAccountEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAccountEntityById.json index 18384d06a41d..9df188c53798 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAccountEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAccountEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAzureResourceEntityById.json index 5f75c80c157a..cbe4c1798dcd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAzureResourceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetAzureResourceEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetCloudApplicationEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetCloudApplicationEntityById.json index 6fbcf4dfc2a5..9a233d020916 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetCloudApplicationEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetCloudApplicationEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetDnsEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetDnsEntityById.json index 67caffabe17b..034197682d9a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetDnsEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetDnsEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetEntities.json index 0a2a9715c814..849c41c16f59 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetEntities.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileEntityById.json index d8b9d15b57d6..b4e54ebf0ced 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileHashEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileHashEntityById.json index 146bdf4137eb..e57d0287d7b2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileHashEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetFileHashEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "ea359fa6-c1e5-f878-e105-6344f3e399a1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetHostEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetHostEntityById.json index 7933acdd0cee..c4afb55f954c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetHostEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetHostEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIoTDeviceEntityById.json index dc1bf231340a..93c077a4956a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIoTDeviceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIpEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIpEntityById.json index facf3c88998b..7640cda5df70 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIpEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetIpEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailClusterEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailClusterEntityById.json index 4061962acf8b..3754cbc7ab31 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailClusterEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailClusterEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailMessageEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailMessageEntityById.json index 21cfe5b46dec..de1c36cb6819 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailMessageEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailMessageEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailboxEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailboxEntityById.json index b746ebacbab2..920528f323fa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailboxEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMailboxEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMalwareEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMalwareEntityById.json index 1379e3c0c026..1f409370d992 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMalwareEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetMalwareEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetProcessEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetProcessEntityById.json index 767493a80ad0..4a73834cb280 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetProcessEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetProcessEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "7264685c-038c-42c6-948c-38e14ef1fb98", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetQueries.json index 589b412b6acd..08559b67b344 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetQueries.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "kind": "Insight", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryKeyEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryKeyEntityById.json index 97b0af202cc2..369257270f01 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryKeyEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryKeyEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryValueEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryValueEntityById.json index 1ea4061210fb..f320374d5eb6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryValueEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetRegistryValueEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "dc44bd11-b348-4d76-ad29-37bf7aa41356", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityAlertEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityAlertEntityById.json index ec2ef6b36d2f..7564694dea94 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityAlertEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityAlertEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityGroupEntityById.json index 61c65e82fea6..e0180949e397 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityGroupEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSecurityGroupEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSubmissionMailEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSubmissionMailEntityById.json index c75910cfe173..6402e4966595 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSubmissionMailEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetSubmissionMailEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetUrlEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetUrlEntityById.json index 288ccdadd996..2f2cab7dd862 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetUrlEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/GetUrlEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/expand/PostExpandEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/expand/PostExpandEntity.json index 50ba865db62f..f3af1e247d05 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/expand/PostExpandEntity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/expand/PostExpandEntity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "parameters": { "endTime": "2019-05-26T00:00:00.000Z", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/insights/PostGetInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/insights/PostGetInsights.json index 2d1b6d865efb..99bd965e75d9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/insights/PostGetInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/insights/PostGetInsights.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "parameters": { "addDefaultExtendedTimeRange": false, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetAllEntityRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetAllEntityRelations.json index 4dc687cc4828..a85c73f3a9b3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetAllEntityRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetAllEntityRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetEntityRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetEntityRelationByName.json index 277ac631aead..779bced09ace 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetEntityRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/relations/GetEntityRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/timeline/PostTimelineEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/timeline/PostTimelineEntity.json index 4c55d6896157..9c3c3383885e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/timeline/PostTimelineEntity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entities/timeline/PostTimelineEntity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", "parameters": { "endTime": "2021-10-01T00:00:00.000Z", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json index 771abd7b056a..a2356cbcf3c4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityQuery": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "kind": "Activity", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/DeleteEntityQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/DeleteEntityQuery.json index 097ca34b93ec..19a57a53212e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/DeleteEntityQuery.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/DeleteEntityQuery.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json index 88a6d5caa8fc..127a54f9e64c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetEntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetEntityQueries.json index ffc121f91ef7..7622fbe517d9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetEntityQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetEntityQueries.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "kind": "Expansion", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json index b30861c2762b..47f47d7a10c5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json index 8a4bc8db0d4d..15575fff3931 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityQueryTemplateId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json index 5bafe95375bc..22c1fb7b6af2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "kind": "Activity", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/CreateFileImport.json index 49535a9726c9..d2024e429279 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/CreateFileImport.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/CreateFileImport.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "fileImport": { "properties": { "contentType": "StixIndicator", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/DeleteFileImport.json index cc102b63196f..c7489eb422bc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/DeleteFileImport.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/DeleteFileImport.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImportById.json index f0f0e736620f..a85409a22cd2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImportById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImportById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImports.json index 134a41293012..026f5827ff48 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImports.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/fileImports/GetFileImports.json @@ -2,7 +2,7 @@ "parameters": { "$orderby": "properties/createdTimeUtc desc", "$top": 1, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHunt.json index 6e083f526fd7..93d9892ef265 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHunt.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHunt.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "hunt": { "properties": { "description": "Log4J Hunt Description", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntComment.json index eed52869f4a0..0b7347e573c3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntComment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntComment": { "properties": { "message": "This is a test comment." diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntRelation.json index fb92cd36d507..c2a8c49bee45 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/CreateHuntRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "huntRelation": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHunt.json index 2567eb7cae0e..1cdd7fa74d72 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHunt.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHunt.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntComment.json index a8fc45ed9073..142d15803d58 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntComment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c123456", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntRelation.json index 90c13f3a0f0c..d08df9485717 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/DeleteHuntRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntById.json index 648d0c797dd3..04a13d3cca29 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntCommentById.json index 827bbe4722da..60c0f1128353 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntCommentById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntCommentById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntComments.json index a21748e1174b..0165d58d37a3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntComments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntComments.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelationById.json index c5ac24495f27..e1dcdbdacc42 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelationById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelationById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelations.json index fa3becf05462..19db89d38180 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHuntRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHunts.json index e9aee2f1db91..f787f91d800f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHunts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/hunts/GetHunts.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json index 4e084ad486c0..cfdd52c45454 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json index 4174fe0e2fb4..d9b065b57a3c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json index 4489d56a1b5a..faf7aa1210ec 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentComment": { "properties": { "message": "Some message" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json index 43916a3ca5b2..a78cd59af60d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json index f03d0025da19..ef6bbc73b202 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json index cbd1f139b004..770a535bbabe 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json index 285ef6bd77d7..5a0857a79d5c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json index fc2e97491beb..91256a518ef4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "incidentTask": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json index d03a76564479..d6cb8b7e71fc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json index 67839638080e..5bef14297870 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json index cf70ef063fa2..8dffc9fa5668 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json index 9feb5c4b6ce0..b4b22c94e0b4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incident": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Delete.json index c0c098b6528f..430b09d5eb4f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Get.json index eb8fb21cbb30..af51c024e8ab 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_List.json index a030f71b61d2..e53267e293a8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/Incidents_List.json @@ -2,7 +2,7 @@ "parameters": { "$orderby": "properties/createdTimeUtc desc", "$top": 1, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json index bd8aa5e22d0a..055800622150 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "relation": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json index ee1162ee4af1..5af009cf144f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json index a4c096aae44b..e09ba9a99bfd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json index 965f54d79df4..5fdfb24a1549 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json index 605fa10c8ce9..02c7f8a27f66 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "entityIdentifier": "72e01a22-5cd2-4139-a149-9f2736ff2ar2", "manualTriggerRequestBody": { "incidentArmId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json index c1067705d428..5e904107308e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "incidentIdentifier": "73e01a99-5cd7-4139-a149-9f2736ff2ar4", "manualTriggerRequestBody": { "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/DeleteMetadata.json index 134825dedea2..d772ab534f7a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/DeleteMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/DeleteMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "metadataName": "metadataName", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadata.json index a64076781215..e14bfd6a1bb6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadataOData.json index a03824d80dac..b6f823b5609d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadataOData.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetAllMetadataOData.json @@ -4,7 +4,7 @@ "ODataOrderBy": "properties/parentId desc", "ODataSkip": "2", "ODataTop": "2", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetMetadata.json index 2fffd8881f8f..c1bc13e239e0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/GetMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "metadataName": "metadataName", "resourceGroupName": "myRg", "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PatchMetadata.json index 7afe099fca4f..2abe5dc131d1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PatchMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PatchMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "metadataName": "metadataName", "metadataPatch": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadata.json index ed25f53edb7e..720929c381ba 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "metadata": { "properties": { "author": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadataMinimal.json index 5cf6cfa7b708..4488149aa57f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadataMinimal.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/metadata/PutMetadataMinimal.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "metadata": { "properties": { "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json index 433c82f96995..39148fc21d1a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsents.json index a0dde26a2d68..3df1fe677e9b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsents.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json index b3bbae88aa4f..e55e361a67bc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json index b7b98d55bbd6..8a4d7f0371d4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "sentinelOnboardingStateName": "default", "sentinelOnboardingStateParameter": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json index de2bdddfa3fd..697cbad49ecb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "sentinelOnboardingStateName": "default", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json index c80511e7bf8b..b0eedcfa70ac 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json index 9c0b1436c694..db19fa980bb9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "sentinelOnboardingStateName": "default", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/operations/ListOperations.json index 721daa53a65a..0d27a14696e5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/operations/ListOperations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/operations/ListOperations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview" + "api-version": "2025-10-01-preview" }, "responses": { "200": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendation.json index 70200a5df457..55a686ca3fb7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendations.json index 26a410cd266e..7f54b283c881 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/GetRecommendations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/PatchRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/PatchRecommendation.json index ebf478498d1d..7a7b17520141 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/PatchRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/PatchRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", "recommendationPatch": { "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/ReevaluateRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/ReevaluateRecommendation.json index a26c0f89f46e..4c390e36f11a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/ReevaluateRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/recommendations/ReevaluateRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/repositories/GetRepositories.json index b2c20119393a..2bd6a690e7b7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/repositories/GetRepositories.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/repositories/GetRepositories.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "repoType": "Github", "repositoryAccess": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json index 2d5b6cd7cb23..6175f05c5668 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "securityMLAnalyticsSetting": { "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json index 1c10d8407f62..8bb7502b156f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json index b0ec472444c0..dde579d38494 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json index b33055425acb..e7960ff6994f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "settingsResourceName": "myFirstAnomalySettings", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/DeleteEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/DeleteEyesOnSetting.json index 211b8a26d65f..f82149acc578 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/DeleteEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/DeleteEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "settingsName": "EyesOn", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetAllSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetAllSettings.json index 2dd5534726b1..a297cf74826d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetAllSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetAllSettings.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetEyesOnSetting.json index e7f3ac94cf4b..6736fc22de7f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/GetEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "settingsName": "EyesOn", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/UpdateEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/UpdateEyesOnSetting.json index 9a1e5035e535..27bec1060500 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/UpdateEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/settings/UpdateEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "settings": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/CreateSourceControl.json index 79dfa421de1e..9b457752fd3f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/CreateSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/CreateSourceControl.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "sourceControl": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json index 2b35676dcefa..197cfffc2a6d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "repositoryAccess": { "properties": { "repositoryAccess": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControlById.json index 61526607ae5b..81b4267ca268 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControlById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControlById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControls.json index 59fc1d9bf85a..b27a7fce7c1b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/sourcecontrols/GetSourceControls.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "b28fbe4a-0bb1-4593-960b-061c8655a550", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json index 2c48b3fb12a5..707a21ad6b71 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -7,7 +7,7 @@ "tag2" ] }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json index 6c3e2d3b96e0..f37e13cc8fb4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json index 2d0a6fc24189..7381060226c7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json @@ -26,7 +26,7 @@ "validUntil": "" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json index 66a673697d45..97c985bb808a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json @@ -1,7 +1,7 @@ { "parameters": { "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json index dad44c3dda85..b0582a14f227 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json index 3798b2c3a4ca..fe89e3d7390a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json @@ -1,7 +1,7 @@ { "parameters": { "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceCount.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceCount.json index 5ec0209a8821..e935e47ee667 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceCount.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceCount.json @@ -14,7 +14,7 @@ "conditionConnective": null } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "tiType": "main", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceQuery.json index 88460bbeff23..f964d916ab4f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceQuery.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/PostThreatIntelligenceQuery.json @@ -21,7 +21,7 @@ "field": "lastUpdatedTimeUtc" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "tiType": "main", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json index 2c42f3cd56d3..a39ca2f01930 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json @@ -16,7 +16,7 @@ "Azure Sentinel" ] }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json index e33f149d03e8..9922f06082a7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -10,7 +10,7 @@ ] } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json index 8342b286cc61..536cb8b33f55 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json @@ -27,7 +27,7 @@ "validUntil": "" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json index 02fe28e037f0..baf42d2a0bee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json @@ -5,7 +5,7 @@ "executionTimeUtc": "2022-12-22T15:37:03.074Z" } }, - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", @@ -15,7 +15,7 @@ "202": { "headers": { "Code": "202", - "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2025-07-01-preview", + "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2025-10-01-preview", "Message": "Accepted" } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json index be2e3d433ee8..ed28a919d744 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "ruleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json index 1bdb624d845a..59a63f69e749 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlist.json index eeeb1477a776..c8594dc1e24e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlist.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "watchlist": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json index 0f61393d06a3..f9eddd2e3143 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistItem.json index 947301fc9d02..fd4610e1438e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlist.json index d63c7970b432..1c6ab6b51d86 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlist.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", @@ -10,7 +10,7 @@ "responses": { "202": { "headers": { - "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2025-07-01-preview" + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2025-10-01-preview" } }, "204": {} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlistItem.json index 8dbdf4e4351f..7f51fc80d314 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistByAlias.json index 0896000a0d57..d5b15bb34bff 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistByAlias.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistByAlias.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItemById.json index 9586d269d1d5..dae312e215eb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItemById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItemById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItems.json index f9548e237c50..269f37bd0825 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlistItems.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlists.json index 220c68e3422e..d68f63301473 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/watchlists/GetWatchlists.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json index 9f8551d604b2..35f9aa68c184 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json index 07f98d6688ea..fd615dfc50a2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerAssignment": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json index 403b32cdd8d8..a4e3c18bb0a6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json index 6ae1d78ab35c..bd996495b7c5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json index a3e328639e41..c2b94633ae29 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json index 3c095b8b0ea9..ab8813d6a2bd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetJob.json index a97036a1ee94..7ef53d89719a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json index c606338137ed..e79ec34384b2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json index 20d594abfdb2..9a59b0adceed 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerConfiguration": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json index 41eb345d61d6..27aac84558f7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerConfigurationName": "default", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json index 89c01951d8b8..683a7c6a387f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json index 53302cb6bd0e..b6c7d21f74ea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerConfigurationName": "default", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json index eaf4a4754b5e..0a39add9d367 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerGroup": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json index 7b71dc835a9e..1bf69f216183 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json index 163a1cf83020..9f7162d1f5e6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json index 99a6b5193f14..3550bac7cd53 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json index 32ac191cf60d..8797b9654272 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerMember": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json index a7e64b8bb0a2..a8dc6c0004f0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json index 0a061dd98447..2eef26004d59 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json index e3b58839f6bf..93dc693f9e5b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2025-07-01-preview", + "api-version": "2025-10-01-preview", "resourceGroupName": "myRg", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", From 93c91e4ccc10bc445a4f4f875f0e8f9f6f7c3730 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 7 Jun 2026 11:52:07 +0300 Subject: [PATCH 13/38] Restore stable/2025-09-01/common/1.0/types.json (pre-existing orphan) --- .../stable/2025-09-01/common/1.0/types.json | 231 ++++++++++++++++++ 1 file changed, 231 insertions(+) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json new file mode 100644 index 000000000000..6211a0db155d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json @@ -0,0 +1,231 @@ +{ + "swagger": "2.0", + "info": { + "version": "1.0", + "title": "Common types" + }, + "paths": {}, + "definitions": { + "CloudError": { + "description": "Error response structure.", + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody", + "description": "Error data", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-external": true + }, + "CloudErrorBody": { + "description": "Error details.", + "properties": { + "code": { + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "A message describing the error, intended to be suitable for display in a user interface.", + "readOnly": true, + "type": "string" + } + }, + "type": "object", + "x-ms-external": true + }, + "EntityCommonProperties": { + "description": "Entity common property bag.", + "properties": { + "additionalData": { + "additionalProperties": { + "type": "object" + }, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "readOnly": true, + "type": "object" + }, + "friendlyName": { + "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "ResourceWithEtag": { + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "description": "An azure resource object with an Etag property", + "properties": { + "etag": { + "description": "Etag of the azure resource", + "type": "string" + } + }, + "type": "object" + }, + "Resource": { + "description": "An azure resource object", + "properties": { + "id": { + "description": "Azure resource Id", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "Azure resource name", + "readOnly": true, + "type": "string" + }, + "type": { + "description": "Azure resource type", + "readOnly": true, + "type": "string" + }, + "systemData": { + "readOnly": true, + "type": "object", + "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", + "$ref": "../../../../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" + } + }, + "type": "object", + "x-ms-azure-resource": true + }, + "ClientInfo": { + "description": "Information on the client (user or application) that made some action", + "properties": { + "email": { + "description": "The email of the client.", + "type": "string" + }, + "name": { + "description": "The name of the client.", + "type": "string" + }, + "objectId": { + "description": "The object id of the client.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the client.", + "type": "string" + } + }, + "type": "object" + }, + "UserInfo": { + "description": "User information that made some action", + "properties": { + "email": { + "description": "The email of the user.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the user.", + "readOnly": true, + "type": "string" + }, + "objectId": { + "description": "The object id of the user.", + "format": "uuid", + "type": "string", + "x-nullable": true + } + }, + "type": "object" + }, + "Label": { + "description": "Label that will be used to tag and filter on.", + "type": "string" + } + }, + "parameters": { + "WorkspaceName": { + "description": "The name of the workspace.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "workspaceName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "OperationalInsightsResourceProvider": { + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "in": "path", + "name": "operationalInsightsResourceProvider", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + }, + "ODataFilter": { + "description": "Filters the results, based on a Boolean condition. Optional.", + "in": "query", + "name": "$filter", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataOrderBy": { + "description": "Sorts the results. Optional.", + "in": "query", + "name": "$orderby", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataSkipToken": { + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "in": "query", + "name": "$skipToken", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataTop": { + "description": "Returns only the first n results. Optional.", + "format": "int32", + "in": "query", + "name": "$top", + "required": false, + "type": "integer", + "x-ms-parameter-location": "method" + }, + "ODataSkip": { + "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", + "in": "query", + "name": "$skip", + "required": false, + "type": "integer", + "format": "int32", + "x-ms-parameter-location": "method" + } + } +} From 4d3220a599d4265c60f4a3f6522669e08d305ea6 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 7 Jun 2026 14:38:49 +0300 Subject: [PATCH 14/38] Fix Incidents_RunPlaybook 204 response: remove unknown body --- .../SecurityInsights/Incident.tsp | 6 +----- .../preview/2025-10-01-preview/openapi.json | 3 +-- .../SecurityInsights/stable/2025-09-01/openapi.json | 3 +-- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp index 4403662cea05..e3d111a71851 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp @@ -136,15 +136,11 @@ interface Incidents { /** * Triggers playbook on a specific incident */ - #suppress "@azure-tools/typespec-azure-resource-manager/no-response-body" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @tag("manualTrigger") runPlaybook is IncidentOps.ActionSync< Incident, Request = ManualTriggerRequestBody, - Response = NoContentResponse & { - #suppress "@azure-tools/typespec-azure-core/no-unknown" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" - @body body: unknown; - }, + Response = NoContentResponse, ErrorType = CloudError, OptionalRequestBody = true >; diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 47a32349f074..73c2d2ca080b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -7000,8 +7000,7 @@ ], "responses": { "204": { - "description": "Azure operation completed successfully.", - "schema": {} + "description": "There is no content to send for this request, but the headers may be useful." }, "default": { "description": "An unexpected error response.", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index faf0e80d717d..32e844864013 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -3741,8 +3741,7 @@ ], "responses": { "204": { - "description": "Azure operation completed successfully.", - "schema": {} + "description": "There is no content to send for this request, but the headers may be useful." }, "default": { "description": "An unexpected error response.", From 831d9edb3809f110b4cb866ce3686e2852910c26 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 7 Jun 2026 14:53:13 +0300 Subject: [PATCH 15/38] Revert "Fix Incidents_RunPlaybook 204 response: remove unknown body" This reverts commit 4d3220a599d4265c60f4a3f6522669e08d305ea6. --- .../SecurityInsights/Incident.tsp | 6 +++++- .../preview/2025-10-01-preview/openapi.json | 3 ++- .../SecurityInsights/stable/2025-09-01/openapi.json | 3 ++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp index e3d111a71851..4403662cea05 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp @@ -136,11 +136,15 @@ interface Incidents { /** * Triggers playbook on a specific incident */ + #suppress "@azure-tools/typespec-azure-resource-manager/no-response-body" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" @tag("manualTrigger") runPlaybook is IncidentOps.ActionSync< Incident, Request = ManualTriggerRequestBody, - Response = NoContentResponse, + Response = NoContentResponse & { + #suppress "@azure-tools/typespec-azure-core/no-unknown" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" + @body body: unknown; + }, ErrorType = CloudError, OptionalRequestBody = true >; diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 73c2d2ca080b..47a32349f074 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -7000,7 +7000,8 @@ ], "responses": { "204": { - "description": "There is no content to send for this request, but the headers may be useful." + "description": "Azure operation completed successfully.", + "schema": {} }, "default": { "description": "An unexpected error response.", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index 32e844864013..faf0e80d717d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -3741,7 +3741,8 @@ ], "responses": { "204": { - "description": "There is no content to send for this request, but the headers may be useful." + "description": "Azure operation completed successfully.", + "schema": {} }, "default": { "description": "An unexpected error response.", From 3cd360a39d34f7b737c7915f29ec6d6c486fb0bd Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 7 Jun 2026 14:54:08 +0300 Subject: [PATCH 16/38] Add 204 body to stable Incidents_RunPlaybook example to match spec --- .../examples/manualTrigger/Incidents_RunPlaybook.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json index b4385e860728..ecbcc8bbb888 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json @@ -11,7 +11,9 @@ } }, "responses": { - "204": {} + "204": { + "body": {} + } }, "operationId": "Incidents_RunPlaybook", "title": "Incidents_RunPlaybook" From 2b63a61f241841468a4285529603f0ffc7320021 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 9 Jun 2026 07:29:26 +0000 Subject: [PATCH 17/38] Preserve SecurityInsights schema compatibility Co-authored-by: AdiMegid <277261726+AdiMegid@users.noreply.github.com> --- .../SecurityInsights/models.tsp | 52 ++++++++++++++++--- .../preview/2025-10-01-preview/openapi.json | 44 +++++++++++----- .../stable/2025-09-01/openapi.json | 44 +++++++++++----- 3 files changed, 110 insertions(+), 30 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index ea7726cdb190..6062ad2b3227 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -4898,8 +4898,20 @@ model TemplateAdditionalProperties { /** * Encapsulate the data connector definition object */ -model DataConnectorDefinitionArmCollectionWrapper - is Azure.Core.Page; +model DataConnectorDefinitionArmCollectionWrapper { + /** + * The data connector definitions on this page. + */ + @pageItems + @identifiers(#[]) + value?: DataConnectorDefinition[]; + + /** + * The link to the next page of items. + */ + @nextLink + nextLink?: string; +} /** * List all the data connectors. @@ -6988,7 +7000,27 @@ model Operation { /** * Properties of the operation */ - display?: OperationDisplay; + display?: { + /** + * Description of the operation + */ + description?: string; + + /** + * Operation name + */ + operation?: string; + + /** + * Provider name + */ + provider?: string; + + /** + * Resource name + */ + resource?: string; + }; /** * Name of the operation @@ -10384,6 +10416,14 @@ model SapSolutionUsageStatisticProperties { activeSystemIdCount?: int64; } +/** + * The exposure status of the connector to the customers. + */ +@doc( + "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." +) +scalar AvailabilityStatus extends int32; + /** * The exposure status of the connector to the customers. */ @@ -10391,7 +10431,7 @@ model ConnectorDefinitionsAvailability { /** * The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal). */ - status?: int32; + status?: AvailabilityStatus; /** * Gets or sets a value indicating whether the connector is preview. @@ -10699,8 +10739,8 @@ model InstructionStepDetails { /** * Gets or sets the instruction type parameters settings. */ - #suppress "@azure-tools/typespec-azure-core/no-unknown" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" - parameters: unknown; + #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "Preserve the existing stable Swagger contract as a free-form object." + parameters: {}; /** * Gets or sets the instruction type name. diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 47a32349f074..8b9b1d2fd51a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -14164,6 +14164,11 @@ } } }, + "AvailabilityStatus": { + "type": "integer", + "format": "int32", + "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." + }, "AwsCloudTrailCheckRequirements": { "type": "object", "description": "Amazon Web Services CloudTrail requirements check request.", @@ -15682,8 +15687,7 @@ "description": "The exposure status of the connector to the customers.", "properties": { "status": { - "type": "integer", - "format": "int32", + "$ref": "#/definitions/AvailabilityStatus", "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." }, "isPreview": { @@ -16258,20 +16262,17 @@ "properties": { "value": { "type": "array", - "description": "The DataConnectorDefinition items on this page", + "description": "The data connector definitions on this page.", "items": { "$ref": "#/definitions/DataConnectorDefinition" - } + }, + "x-ms-identifiers": [] }, "nextLink": { "type": "string", - "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items." } - }, - "required": [ - "value" - ] + } }, "DataConnectorDefinitionKind": { "type": "string", @@ -21440,6 +21441,7 @@ "description": "Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.", "properties": { "parameters": { + "type": "object", "description": "Gets or sets the instruction type parameters settings." }, "type": { @@ -24353,8 +24355,26 @@ "description": "Operation provided by provider", "properties": { "display": { - "$ref": "#/definitions/OperationDisplay", - "description": "Properties of the operation" + "type": "object", + "description": "Properties of the operation", + "properties": { + "description": { + "type": "string", + "description": "Description of the operation" + }, + "operation": { + "type": "string", + "description": "Operation name" + }, + "provider": { + "type": "string", + "description": "Provider name" + }, + "resource": { + "type": "string", + "description": "Resource name" + } + } }, "name": { "type": "string", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index faf0e80d717d..99457e5f0dce 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -8160,6 +8160,11 @@ "value" ] }, + "AvailabilityStatus": { + "type": "integer", + "format": "int32", + "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." + }, "AwsCloudTrailDataConnector": { "type": "object", "description": "Represents Amazon Web Services CloudTrail data connector.", @@ -8825,8 +8830,7 @@ "description": "The exposure status of the connector to the customers.", "properties": { "status": { - "type": "integer", - "format": "int32", + "$ref": "#/definitions/AvailabilityStatus", "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." }, "isPreview": { @@ -9236,20 +9240,17 @@ "properties": { "value": { "type": "array", - "description": "The DataConnectorDefinition items on this page", + "description": "The data connector definitions on this page.", "items": { "$ref": "#/definitions/DataConnectorDefinition" - } + }, + "x-ms-identifiers": [] }, "nextLink": { "type": "string", - "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items." } - }, - "required": [ - "value" - ] + } }, "DataConnectorDefinitionKind": { "type": "string", @@ -11635,6 +11636,7 @@ "description": "Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.", "properties": { "parameters": { + "type": "object", "description": "Gets or sets the instruction type parameters settings." }, "type": { @@ -13186,8 +13188,26 @@ "description": "Operation provided by provider", "properties": { "display": { - "$ref": "#/definitions/OperationDisplay", - "description": "Properties of the operation" + "type": "object", + "description": "Properties of the operation", + "properties": { + "description": { + "type": "string", + "description": "Description of the operation" + }, + "operation": { + "type": "string", + "description": "Operation name" + }, + "provider": { + "type": "string", + "description": "Provider name" + }, + "resource": { + "type": "string", + "description": "Resource name" + } + } }, "name": { "type": "string", From 58c1b44812dd4eea02991bc6d7507eb6bd9f5acf Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Tue, 9 Jun 2026 11:38:13 +0300 Subject: [PATCH 18/38] Revert last commit (TSP schema changes) --- .../SecurityInsights/models.tsp | 52 +++---------------- .../preview/2025-10-01-preview/openapi.json | 44 +++++----------- .../stable/2025-09-01/openapi.json | 44 +++++----------- 3 files changed, 30 insertions(+), 110 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 6062ad2b3227..ea7726cdb190 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -4898,20 +4898,8 @@ model TemplateAdditionalProperties { /** * Encapsulate the data connector definition object */ -model DataConnectorDefinitionArmCollectionWrapper { - /** - * The data connector definitions on this page. - */ - @pageItems - @identifiers(#[]) - value?: DataConnectorDefinition[]; - - /** - * The link to the next page of items. - */ - @nextLink - nextLink?: string; -} +model DataConnectorDefinitionArmCollectionWrapper + is Azure.Core.Page; /** * List all the data connectors. @@ -7000,27 +6988,7 @@ model Operation { /** * Properties of the operation */ - display?: { - /** - * Description of the operation - */ - description?: string; - - /** - * Operation name - */ - operation?: string; - - /** - * Provider name - */ - provider?: string; - - /** - * Resource name - */ - resource?: string; - }; + display?: OperationDisplay; /** * Name of the operation @@ -10416,14 +10384,6 @@ model SapSolutionUsageStatisticProperties { activeSystemIdCount?: int64; } -/** - * The exposure status of the connector to the customers. - */ -@doc( - "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." -) -scalar AvailabilityStatus extends int32; - /** * The exposure status of the connector to the customers. */ @@ -10431,7 +10391,7 @@ model ConnectorDefinitionsAvailability { /** * The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal). */ - status?: AvailabilityStatus; + status?: int32; /** * Gets or sets a value indicating whether the connector is preview. @@ -10739,8 +10699,8 @@ model InstructionStepDetails { /** * Gets or sets the instruction type parameters settings. */ - #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "Preserve the existing stable Swagger contract as a free-form object." - parameters: {}; + #suppress "@azure-tools/typespec-azure-core/no-unknown" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" + parameters: unknown; /** * Gets or sets the instruction type name. diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 8b9b1d2fd51a..47a32349f074 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -14164,11 +14164,6 @@ } } }, - "AvailabilityStatus": { - "type": "integer", - "format": "int32", - "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." - }, "AwsCloudTrailCheckRequirements": { "type": "object", "description": "Amazon Web Services CloudTrail requirements check request.", @@ -15687,7 +15682,8 @@ "description": "The exposure status of the connector to the customers.", "properties": { "status": { - "$ref": "#/definitions/AvailabilityStatus", + "type": "integer", + "format": "int32", "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." }, "isPreview": { @@ -16262,17 +16258,20 @@ "properties": { "value": { "type": "array", - "description": "The data connector definitions on this page.", + "description": "The DataConnectorDefinition items on this page", "items": { "$ref": "#/definitions/DataConnectorDefinition" - }, - "x-ms-identifiers": [] + } }, "nextLink": { "type": "string", - "description": "The link to the next page of items." + "format": "uri", + "description": "The link to the next page of items" } - } + }, + "required": [ + "value" + ] }, "DataConnectorDefinitionKind": { "type": "string", @@ -21441,7 +21440,6 @@ "description": "Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.", "properties": { "parameters": { - "type": "object", "description": "Gets or sets the instruction type parameters settings." }, "type": { @@ -24355,26 +24353,8 @@ "description": "Operation provided by provider", "properties": { "display": { - "type": "object", - "description": "Properties of the operation", - "properties": { - "description": { - "type": "string", - "description": "Description of the operation" - }, - "operation": { - "type": "string", - "description": "Operation name" - }, - "provider": { - "type": "string", - "description": "Provider name" - }, - "resource": { - "type": "string", - "description": "Resource name" - } - } + "$ref": "#/definitions/OperationDisplay", + "description": "Properties of the operation" }, "name": { "type": "string", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index 99457e5f0dce..faf0e80d717d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -8160,11 +8160,6 @@ "value" ] }, - "AvailabilityStatus": { - "type": "integer", - "format": "int32", - "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." - }, "AwsCloudTrailDataConnector": { "type": "object", "description": "Represents Amazon Web Services CloudTrail data connector.", @@ -8830,7 +8825,8 @@ "description": "The exposure status of the connector to the customers.", "properties": { "status": { - "$ref": "#/definitions/AvailabilityStatus", + "type": "integer", + "format": "int32", "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal)." }, "isPreview": { @@ -9240,17 +9236,20 @@ "properties": { "value": { "type": "array", - "description": "The data connector definitions on this page.", + "description": "The DataConnectorDefinition items on this page", "items": { "$ref": "#/definitions/DataConnectorDefinition" - }, - "x-ms-identifiers": [] + } }, "nextLink": { "type": "string", - "description": "The link to the next page of items." + "format": "uri", + "description": "The link to the next page of items" } - } + }, + "required": [ + "value" + ] }, "DataConnectorDefinitionKind": { "type": "string", @@ -11636,7 +11635,6 @@ "description": "Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.", "properties": { "parameters": { - "type": "object", "description": "Gets or sets the instruction type parameters settings." }, "type": { @@ -13188,26 +13186,8 @@ "description": "Operation provided by provider", "properties": { "display": { - "type": "object", - "description": "Properties of the operation", - "properties": { - "description": { - "type": "string", - "description": "Description of the operation" - }, - "operation": { - "type": "string", - "description": "Operation name" - }, - "provider": { - "type": "string", - "description": "Provider name" - }, - "resource": { - "type": "string", - "description": "Resource name" - } - } + "$ref": "#/definitions/OperationDisplay", + "description": "Properties of the operation" }, "name": { "type": "string", From d373ecb38ddae2c3bdc4ae58aa565da8871636c4 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 14 Jun 2026 13:01:11 +0300 Subject: [PATCH 19/38] Fix Watchlist headers --- .../SecurityInsights/Watchlist.tsp | 4 ++-- .../preview/2025-10-01-preview/openapi.json | 18 ++---------------- .../manualTrigger/Incidents_RunPlaybook.json | 4 +--- .../stable/2025-09-01/openapi.json | 18 ++---------------- 4 files changed, 7 insertions(+), 37 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Watchlist.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Watchlist.tsp index 15f2b2e73d8a..593222be65cc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Watchlist.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Watchlist.tsp @@ -42,6 +42,7 @@ interface Watchlists { createOrUpdate is Extension.CreateOrReplaceAsync< OperationalInsights, Watchlist, + LroHeaders = ArmAsyncOperationHeader, Error = ErrorResponse >; @@ -53,8 +54,7 @@ interface Watchlists { delete is Extension.DeleteWithoutOkAsync< OperationalInsights, Watchlist, - LroHeaders = ArmCombinedLroHeaders & - Azure.Core.Foundations.RetryAfterHeader, + LroHeaders = ArmAsyncOperationHeader, Error = ErrorResponse >; diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 47a32349f074..a04dcfc538ea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -10001,11 +10001,6 @@ "Azure-AsyncOperation": { "type": "string", "description": "A link to the status monitor" - }, - "Retry-After": { - "type": "integer", - "format": "int32", - "description": "The Retry-After header can indicate how long the client should wait before polling the operation status." } } }, @@ -10070,17 +10065,7 @@ "headers": { "Azure-AsyncOperation": { "type": "string", - "format": "uri", "description": "A link to the status monitor" - }, - "Location": { - "type": "string", - "description": "The Location header contains the URL where the status of the long running operation can be checked." - }, - "Retry-After": { - "type": "integer", - "format": "int32", - "description": "The Retry-After header can indicate how long the client should wait before polling the operation status." } } }, @@ -10100,7 +10085,8 @@ } }, "x-ms-long-running-operation-options": { - "final-state-via": "azure-async-operation" + "final-state-via": "azure-async-operation", + "final-state-schema": "#/definitions/Watchlist" }, "x-ms-long-running-operation": true } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json index ecbcc8bbb888..b4385e860728 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json @@ -11,9 +11,7 @@ } }, "responses": { - "204": { - "body": {} - } + "204": {} }, "operationId": "Incidents_RunPlaybook", "title": "Incidents_RunPlaybook" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index faf0e80d717d..e64bf331f56a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -5847,11 +5847,6 @@ "Azure-AsyncOperation": { "type": "string", "description": "A link to the status monitor" - }, - "Retry-After": { - "type": "integer", - "format": "int32", - "description": "The Retry-After header can indicate how long the client should wait before polling the operation status." } } }, @@ -5916,17 +5911,7 @@ "headers": { "Azure-AsyncOperation": { "type": "string", - "format": "uri", "description": "A link to the status monitor" - }, - "Location": { - "type": "string", - "description": "The Location header contains the URL where the status of the long running operation can be checked." - }, - "Retry-After": { - "type": "integer", - "format": "int32", - "description": "The Retry-After header can indicate how long the client should wait before polling the operation status." } } }, @@ -5946,7 +5931,8 @@ } }, "x-ms-long-running-operation-options": { - "final-state-via": "azure-async-operation" + "final-state-via": "azure-async-operation", + "final-state-schema": "#/definitions/Watchlist" }, "x-ms-long-running-operation": true } From 0251220c1d442da52ff233ddf2381f78484dd20d Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 14 Jun 2026 15:57:46 +0300 Subject: [PATCH 20/38] Add 204 body to Incidents_RunPlaybook example to match schema --- .../examples/manualTrigger/Incidents_RunPlaybook.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json index b4385e860728..ecbcc8bbb888 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json @@ -11,7 +11,9 @@ } }, "responses": { - "204": {} + "204": { + "body": {} + } }, "operationId": "Incidents_RunPlaybook", "title": "Incidents_RunPlaybook" From 3594f6bda34e21a31d3506c764403ab3b47e38fc Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 14 Jun 2026 16:52:49 +0300 Subject: [PATCH 21/38] fix headers --- .../SecurityInsights/Incident.tsp | 5 ++++- .../SecurityInsights/Watchlist.tsp | 2 +- .../preview/2025-10-01-preview/openapi.json | 5 +++++ .../examples/manualTrigger/Incidents_RunPlaybook.json | 4 +--- .../SecurityInsights/stable/2025-09-01/openapi.json | 8 ++++++-- 5 files changed, 17 insertions(+), 7 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp index 4403662cea05..ec6a58145907 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Incident.tsp @@ -8,6 +8,7 @@ import "./VirtualResource.tsp"; using TypeSpec.Rest; using Azure.ResourceManager; using TypeSpec.Http; +using TypeSpec.Versioning; namespace Microsoft.SecurityInsights; /** @@ -143,7 +144,9 @@ interface Incidents { Request = ManualTriggerRequestBody, Response = NoContentResponse & { #suppress "@azure-tools/typespec-azure-core/no-unknown" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" - @body body: unknown; + @added(Versions.v2025_10_01_preview) + @body + body: unknown; }, ErrorType = CloudError, OptionalRequestBody = true diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Watchlist.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Watchlist.tsp index 593222be65cc..f87fa11ade3d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Watchlist.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/Watchlist.tsp @@ -54,7 +54,7 @@ interface Watchlists { delete is Extension.DeleteWithoutOkAsync< OperationalInsights, Watchlist, - LroHeaders = ArmAsyncOperationHeader, + LroHeaders = ArmCombinedLroHeaders, Error = ErrorResponse >; diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index a04dcfc538ea..21e3d4b54c72 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -10065,7 +10065,12 @@ "headers": { "Azure-AsyncOperation": { "type": "string", + "format": "uri", "description": "A link to the status monitor" + }, + "Location": { + "type": "string", + "description": "The Location header contains the URL where the status of the long running operation can be checked." } } }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json index ecbcc8bbb888..b4385e860728 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/examples/manualTrigger/Incidents_RunPlaybook.json @@ -11,9 +11,7 @@ } }, "responses": { - "204": { - "body": {} - } + "204": {} }, "operationId": "Incidents_RunPlaybook", "title": "Incidents_RunPlaybook" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index e64bf331f56a..82cdd7adb6d9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -3741,8 +3741,7 @@ ], "responses": { "204": { - "description": "Azure operation completed successfully.", - "schema": {} + "description": "Azure operation completed successfully." }, "default": { "description": "An unexpected error response.", @@ -5911,7 +5910,12 @@ "headers": { "Azure-AsyncOperation": { "type": "string", + "format": "uri", "description": "A link to the status monitor" + }, + "Location": { + "type": "string", + "description": "The Location header contains the URL where the status of the long running operation can be checked." } } }, From 7c5a495ee0faa739990f94ba131c6a39edfb2da4 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Tue, 16 Jun 2026 15:28:58 +0300 Subject: [PATCH 22/38] fix required status changes for Package/Template/ScheduledAlertRule models - Move required fields from PackageBaseProperties to PackageProperties and ProductPackageProperties - Move required fields from TemplateBaseProperties to TemplateProperties and ProductTemplateProperties - Restore ScheduledAlertRuleCommonProperties fields as required (no @madeOptional) - Remove unused stable/2025-09-01/common folder --- .../SecurityInsights/models.tsp | 147 ++++++--- .../preview/2025-10-01-preview/openapi.json | 288 +++++++++--------- .../stable/2025-09-01/common/1.0/types.json | 231 -------------- .../stable/2025-09-01/openapi.json | 288 +++++++++--------- 4 files changed, 402 insertions(+), 552 deletions(-) delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index ea7726cdb190..d1996fec37ae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -4434,27 +4434,37 @@ model PackageList is Azure.Core.Page; #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -model PackageProperties extends PackageBaseProperties {} - -/** - * Describes package properties - */ -model PackageBaseProperties { +model PackageProperties extends PackageBaseProperties { /** * The content id of the package */ - contentId?: string; + contentId: string; /** * Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package */ - contentProductId?: string; + contentProductId: string; /** * The package kind */ - contentKind?: PackageKind; + contentKind: PackageKind; + + /** + * the latest version number of the package + */ + version: string; + + /** + * The display name of the package + */ + displayName: string; +} +/** + * Describes package properties + */ +model PackageBaseProperties { /** * The version of the content schema. */ @@ -4480,16 +4490,6 @@ model PackageBaseProperties { */ isDeprecated?: Flag; - /** - * the latest version number of the package - */ - version?: string; - - /** - * The display name of the package - */ - displayName?: string; - /** * The description of the package */ @@ -4683,6 +4683,32 @@ model ProductPackageList is Azure.Core.Page; #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" model ProductPackageProperties { ...PackageBaseProperties; + + /** + * The content id of the package + */ + contentId: string; + + /** + * The package kind + */ + contentKind: PackageKind; + + /** + * the latest version number of the package + */ + version: string; + + /** + * The display name of the package + */ + displayName: string; + + /** + * Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package + */ + contentProductId?: string; + ...ProductPackageAdditionalProperties; } @@ -4719,16 +4745,11 @@ model ProductTemplateList is Azure.Core.Page; model ProductTemplateProperties { ...TemplateBaseProperties; ...ProductTemplateAdditionalProperties; -} -/** - * Template property bag. - */ -model TemplateBaseProperties { - /** + /** * Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name */ - contentId?: string; + contentId: string; /** * Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template @@ -4743,23 +4764,33 @@ model TemplateBaseProperties { /** * Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks */ - version?: string; + version: string; /** * The display name of the template */ - displayName?: string; + displayName: string; /** * The kind of content the template is for. */ - contentKind?: Kind; + contentKind: Kind; /** * Source of the content. This is where/how it was created. */ - source?: MetadataSource; + source: MetadataSource; + /** + * the package Id contains this template + */ + packageId?: string; +} + +/** + * Template property bag. + */ +model TemplateBaseProperties { /** * The creator of the content item. */ @@ -4830,11 +4861,6 @@ model TemplateBaseProperties { */ previewImagesDark?: string[]; - /** - * the package Id contains this template - */ - packageId?: string; - /** * the packageKind of the package contains this template */ @@ -4875,6 +4901,45 @@ model TemplateList is Azure.Core.Page; model TemplateProperties { ...TemplateBaseProperties; ...TemplateAdditionalProperties; + /** + * Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name + */ + contentId: string; + + /** + * Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template + */ + contentProductId: string; + + /** + * Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks + */ + packageVersion: string; + + /** + * Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks + */ + version: string; + + /** + * The display name of the template + */ + displayName: string; + + /** + * The kind of content the template is for. + */ + contentKind: Kind; + + /** + * Source of the content. This is where/how it was created. + */ + source: MetadataSource; + + /** + * the package Id contains this template + */ + packageId: string; } /** @@ -9781,32 +9846,32 @@ model ScheduledAlertRuleCommonProperties { /** * The query that creates alerts for this rule. */ - query?: string; + query: string; /** * The frequency (in ISO 8601 duration format) for this alert rule to run. */ - queryFrequency?: duration; + queryFrequency: duration; /** * The period (in ISO 8601 duration format) that this alert rule looks at. */ - queryPeriod?: duration; + queryPeriod: duration; /** * The severity for alerts created by this alert rule. */ - severity?: AlertSeverity; + severity: AlertSeverity; /** * The operation against the threshold that triggers alert rule. */ - triggerOperator?: TriggerOperator; + triggerOperator: TriggerOperator; /** * The threshold triggers this alert rule. */ - triggerThreshold?: int32; + triggerThreshold: int32; /** * The event grouping settings. diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 21e3d4b54c72..fa9b9acc9671 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -26629,7 +26629,15 @@ "$ref": "#/definitions/SentinelEntityMapping" } } - } + }, + "required": [ + "query", + "queryFrequency", + "queryPeriod", + "severity", + "triggerOperator", + "triggerThreshold" + ] }, "ScheduledAlertRuleProperties": { "type": "object", @@ -28207,34 +28215,6 @@ "type": "object", "description": "Template property bag.", "properties": { - "contentId": { - "type": "string", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "type": "string", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "type": "string", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "type": "string", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/Kind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -28308,10 +28288,6 @@ "type": "string" } }, - "packageId": { - "type": "string", - "description": "the package Id contains this template" - }, "packageKind": { "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" @@ -30724,18 +30700,6 @@ "type": "object", "description": "Describes package properties", "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, - "contentKind": { - "$ref": "#/definitions/PackageKind", - "description": "The package kind" - }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -30756,14 +30720,6 @@ "$ref": "#/definitions/Flag", "description": "Flag indicates if this template is deprecated" }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, "description": { "type": "string", "description": "The description of the package" @@ -30873,6 +30829,35 @@ "packageProperties": { "type": "object", "description": "Describes package properties", + "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/PackageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + } + }, + "required": [ + "contentId", + "contentProductId", + "contentKind", + "version", + "displayName" + ], "allOf": [ { "$ref": "#/definitions/packageBaseProperties" @@ -30942,18 +30927,6 @@ "type": "object", "description": "Describes package properties", "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, - "contentKind": { - "$ref": "#/definitions/PackageKind", - "description": "The package kind" - }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -30974,14 +30947,6 @@ "$ref": "#/definitions/Flag", "description": "Flag indicates if this template is deprecated" }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, "description": { "type": "string", "description": "The description of the package" @@ -31045,6 +31010,26 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" }, + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentKind": { + "$ref": "#/definitions/PackageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, "installedVersion": { "type": "string", "description": "The version of the installed package, null or absent means not installed." @@ -31057,7 +31042,13 @@ "packagedContent": { "description": "The json of the ARM template to deploy. Expandable." } - } + }, + "required": [ + "contentId", + "contentKind", + "version", + "displayName" + ] }, "productTemplateAdditionalProperties": { "type": "object", @@ -31113,34 +31104,6 @@ "type": "object", "description": "Template property bag.", "properties": { - "contentId": { - "type": "string", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "type": "string", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "type": "string", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "type": "string", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/Kind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -31214,10 +31177,6 @@ "type": "string" } }, - "packageId": { - "type": "string", - "description": "the package Id contains this template" - }, "packageKind": { "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" @@ -31233,8 +31192,47 @@ }, "packagedContent": { "description": "The json of the ARM template to deploy" + }, + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/Kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" } - } + }, + "required": [ + "contentId", + "version", + "displayName", + "contentKind", + "source" + ] }, "templateAdditionalProperties": { "type": "object", @@ -31301,34 +31299,6 @@ "type": "object", "description": "Template property bag.", "properties": { - "contentId": { - "type": "string", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "type": "string", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "type": "string", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "type": "string", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/Kind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -31402,10 +31372,6 @@ "type": "string" } }, - "packageId": { - "type": "string", - "description": "the package Id contains this template" - }, "packageKind": { "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" @@ -31432,8 +31398,50 @@ "x-ms-identifiers": [ "contentId" ] + }, + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/Kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" } - } + }, + "required": [ + "contentId", + "contentProductId", + "packageVersion", + "version", + "displayName", + "contentKind", + "source", + "packageId" + ] }, "threatIntelligence": { "type": "object", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json deleted file mode 100644 index 6211a0db155d..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/common/1.0/types.json +++ /dev/null @@ -1,231 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "version": "1.0", - "title": "Common types" - }, - "paths": {}, - "definitions": { - "CloudError": { - "description": "Error response structure.", - "properties": { - "error": { - "$ref": "#/definitions/CloudErrorBody", - "description": "Error data", - "x-ms-client-flatten": true - } - }, - "type": "object", - "x-ms-external": true - }, - "CloudErrorBody": { - "description": "Error details.", - "properties": { - "code": { - "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", - "readOnly": true, - "type": "string" - }, - "message": { - "description": "A message describing the error, intended to be suitable for display in a user interface.", - "readOnly": true, - "type": "string" - } - }, - "type": "object", - "x-ms-external": true - }, - "EntityCommonProperties": { - "description": "Entity common property bag.", - "properties": { - "additionalData": { - "additionalProperties": { - "type": "object" - }, - "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", - "readOnly": true, - "type": "object" - }, - "friendlyName": { - "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", - "readOnly": true, - "type": "string" - } - }, - "type": "object" - }, - "ResourceWithEtag": { - "allOf": [ - { - "$ref": "#/definitions/Resource" - } - ], - "description": "An azure resource object with an Etag property", - "properties": { - "etag": { - "description": "Etag of the azure resource", - "type": "string" - } - }, - "type": "object" - }, - "Resource": { - "description": "An azure resource object", - "properties": { - "id": { - "description": "Azure resource Id", - "readOnly": true, - "type": "string" - }, - "name": { - "description": "Azure resource name", - "readOnly": true, - "type": "string" - }, - "type": { - "description": "Azure resource type", - "readOnly": true, - "type": "string" - }, - "systemData": { - "readOnly": true, - "type": "object", - "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", - "$ref": "../../../../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" - } - }, - "type": "object", - "x-ms-azure-resource": true - }, - "ClientInfo": { - "description": "Information on the client (user or application) that made some action", - "properties": { - "email": { - "description": "The email of the client.", - "type": "string" - }, - "name": { - "description": "The name of the client.", - "type": "string" - }, - "objectId": { - "description": "The object id of the client.", - "format": "uuid", - "type": "string" - }, - "userPrincipalName": { - "description": "The user principal name of the client.", - "type": "string" - } - }, - "type": "object" - }, - "UserInfo": { - "description": "User information that made some action", - "properties": { - "email": { - "description": "The email of the user.", - "readOnly": true, - "type": "string" - }, - "name": { - "description": "The name of the user.", - "readOnly": true, - "type": "string" - }, - "objectId": { - "description": "The object id of the user.", - "format": "uuid", - "type": "string", - "x-nullable": true - } - }, - "type": "object" - }, - "Label": { - "description": "Label that will be used to tag and filter on.", - "type": "string" - } - }, - "parameters": { - "WorkspaceName": { - "description": "The name of the workspace.", - "in": "path", - "maxLength": 90, - "minLength": 1, - "name": "workspaceName", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "OperationalInsightsResourceProvider": { - "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", - "in": "path", - "name": "operationalInsightsResourceProvider", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ResourceGroupName": { - "description": "The name of the resource group within the user's subscription. The name is case insensitive.", - "in": "path", - "maxLength": 90, - "minLength": 1, - "name": "resourceGroupName", - "pattern": "^[-\\w\\._\\(\\)]+$", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - }, - "SubscriptionId": { - "description": "Azure subscription ID", - "in": "path", - "name": "subscriptionId", - "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", - "required": true, - "type": "string" - }, - "ODataFilter": { - "description": "Filters the results, based on a Boolean condition. Optional.", - "in": "query", - "name": "$filter", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataOrderBy": { - "description": "Sorts the results. Optional.", - "in": "query", - "name": "$orderby", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataSkipToken": { - "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", - "in": "query", - "name": "$skipToken", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ODataTop": { - "description": "Returns only the first n results. Optional.", - "format": "int32", - "in": "query", - "name": "$top", - "required": false, - "type": "integer", - "x-ms-parameter-location": "method" - }, - "ODataSkip": { - "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", - "in": "query", - "name": "$skip", - "required": false, - "type": "integer", - "format": "int32", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index 82cdd7adb6d9..ba71cec0054c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -14595,7 +14595,15 @@ "$ref": "#/definitions/AlertDetailsOverride", "description": "The alert details override settings" } - } + }, + "required": [ + "query", + "queryFrequency", + "queryPeriod", + "severity", + "triggerOperator", + "triggerThreshold" + ] }, "ScheduledAlertRuleProperties": { "type": "object", @@ -15616,34 +15624,6 @@ "type": "object", "description": "Template property bag.", "properties": { - "contentId": { - "type": "string", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "type": "string", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "type": "string", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "type": "string", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/Kind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -15717,10 +15697,6 @@ "type": "string" } }, - "packageId": { - "type": "string", - "description": "the package Id contains this template" - }, "packageKind": { "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" @@ -17253,18 +17229,6 @@ "type": "object", "description": "Describes package properties", "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, - "contentKind": { - "$ref": "#/definitions/PackageKind", - "description": "The package kind" - }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -17285,14 +17249,6 @@ "$ref": "#/definitions/Flag", "description": "Flag indicates if this template is deprecated" }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, "description": { "type": "string", "description": "The description of the package" @@ -17402,6 +17358,35 @@ "packageProperties": { "type": "object", "description": "Describes package properties", + "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/PackageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + } + }, + "required": [ + "contentId", + "contentProductId", + "contentKind", + "version", + "displayName" + ], "allOf": [ { "$ref": "#/definitions/packageBaseProperties" @@ -17471,18 +17456,6 @@ "type": "object", "description": "Describes package properties", "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, - "contentKind": { - "$ref": "#/definitions/PackageKind", - "description": "The package kind" - }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -17503,14 +17476,6 @@ "$ref": "#/definitions/Flag", "description": "Flag indicates if this template is deprecated" }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, "description": { "type": "string", "description": "The description of the package" @@ -17574,6 +17539,26 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" }, + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentKind": { + "$ref": "#/definitions/PackageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, "installedVersion": { "type": "string", "description": "The version of the installed package, null or absent means not installed." @@ -17586,7 +17571,13 @@ "packagedContent": { "description": "The json of the ARM template to deploy. Expandable." } - } + }, + "required": [ + "contentId", + "contentKind", + "version", + "displayName" + ] }, "productTemplateAdditionalProperties": { "type": "object", @@ -17642,34 +17633,6 @@ "type": "object", "description": "Template property bag.", "properties": { - "contentId": { - "type": "string", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "type": "string", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "type": "string", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "type": "string", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/Kind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -17743,10 +17706,6 @@ "type": "string" } }, - "packageId": { - "type": "string", - "description": "the package Id contains this template" - }, "packageKind": { "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" @@ -17762,8 +17721,47 @@ }, "packagedContent": { "description": "The json of the ARM template to deploy" + }, + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/Kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" } - } + }, + "required": [ + "contentId", + "version", + "displayName", + "contentKind", + "source" + ] }, "templateAdditionalProperties": { "type": "object", @@ -17830,34 +17828,6 @@ "type": "object", "description": "Template property bag.", "properties": { - "contentId": { - "type": "string", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "type": "string", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "type": "string", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "type": "string", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/Kind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -17931,10 +17901,6 @@ "type": "string" } }, - "packageId": { - "type": "string", - "description": "the package Id contains this template" - }, "packageKind": { "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" @@ -17961,8 +17927,50 @@ "x-ms-identifiers": [ "contentId" ] + }, + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/Kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" } - } + }, + "required": [ + "contentId", + "contentProductId", + "packageVersion", + "version", + "displayName", + "contentKind", + "source", + "packageId" + ] }, "threatIntelligence": { "type": "object", From ee5350a5112c410967a59477fff06e5eb417f27c Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Tue, 16 Jun 2026 17:09:35 +0300 Subject: [PATCH 23/38] fix required status for ScheduledAlertRuleCommonProperties and Page models --- .../SecurityInsights/models.tsp | 85 ++++++++++++++++--- .../preview/2025-10-01-preview/openapi.json | 68 +++++++++------ .../stable/2025-09-01/openapi.json | 68 +++++++++------ 3 files changed, 155 insertions(+), 66 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index d1996fec37ae..7404f2b2d9f4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -4042,7 +4042,19 @@ model ClientInfo { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -model AutomationRulesList is Azure.Core.Page; +model AutomationRulesList { + /** + * List of automation rules. + */ + @pageItems + value?: AutomationRule[]; + + /** + * The link to the next page of items + */ + @nextLink + nextLink?: string; +} /** * Describes the request body for triggering a playbook on an entity. @@ -4963,8 +4975,19 @@ model TemplateAdditionalProperties { /** * Encapsulate the data connector definition object */ -model DataConnectorDefinitionArmCollectionWrapper - is Azure.Core.Page; +model DataConnectorDefinitionArmCollectionWrapper { + /** + * List of data connector definitions. + */ + @pageItems + value?: DataConnectorDefinition[]; + + /** + * The link to the next page of items + */ + @nextLink + nextLink?: string; +} /** * List all the data connectors. @@ -6737,7 +6760,19 @@ model IncidentEntitiesResultsMetadata { /** * List of incident tasks */ -model IncidentTaskList is Azure.Core.Page; +model IncidentTaskList { + /** + * List of incident tasks. + */ + @pageItems + value?: IncidentTask[]; + + /** + * The link to the next page of items + */ + @nextLink + nextLink?: string; +} /** * Describes the properties of an incident task @@ -9720,6 +9755,36 @@ model MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" model ScheduledAlertRuleProperties extends ScheduledAlertRuleCommonProperties { + /** + * The query that creates alerts for this rule. + */ + query: string; + + /** + * The frequency (in ISO 8601 duration format) for this alert rule to run. + */ + queryFrequency: duration; + + /** + * The period (in ISO 8601 duration format) that this alert rule looks at. + */ + queryPeriod: duration; + + /** + * The severity for alerts created by this alert rule. + */ + severity: AlertSeverity; + + /** + * The operation against the threshold that triggers alert rule. + */ + triggerOperator: TriggerOperator; + + /** + * The threshold triggers this alert rule. + */ + triggerThreshold: int32; + /** * The Name of the alert rule template used to create this rule. */ @@ -9846,32 +9911,32 @@ model ScheduledAlertRuleCommonProperties { /** * The query that creates alerts for this rule. */ - query: string; + query?: string; /** * The frequency (in ISO 8601 duration format) for this alert rule to run. */ - queryFrequency: duration; + queryFrequency?: duration; /** * The period (in ISO 8601 duration format) that this alert rule looks at. */ - queryPeriod: duration; + queryPeriod?: duration; /** * The severity for alerts created by this alert rule. */ - severity: AlertSeverity; + severity?: AlertSeverity; /** * The operation against the threshold that triggers alert rule. */ - triggerOperator: TriggerOperator; + triggerOperator?: TriggerOperator; /** * The threshold triggers this alert rule. */ - triggerThreshold: int32; + triggerThreshold?: int32; /** * The event grouping settings. diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index fa9b9acc9671..ff2fd177e8b1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -14119,24 +14119,19 @@ }, "AutomationRulesList": { "type": "object", - "description": "Paged collection of AutomationRule items", "properties": { "value": { "type": "array", - "description": "The AutomationRule items on this page", + "description": "List of automation rules.", "items": { "$ref": "#/definitions/AutomationRule" } }, "nextLink": { "type": "string", - "format": "uri", "description": "The link to the next page of items" } - }, - "required": [ - "value" - ] + } }, "Availability": { "type": "object", @@ -16249,20 +16244,16 @@ "properties": { "value": { "type": "array", - "description": "The DataConnectorDefinition items on this page", + "description": "List of data connector definitions.", "items": { "$ref": "#/definitions/DataConnectorDefinition" } }, "nextLink": { "type": "string", - "format": "uri", "description": "The link to the next page of items" } - }, - "required": [ - "value" - ] + } }, "DataConnectorDefinitionKind": { "type": "string", @@ -21042,20 +21033,16 @@ "properties": { "value": { "type": "array", - "description": "The IncidentTask items on this page", + "description": "List of incident tasks.", "items": { "$ref": "#/definitions/IncidentTask" } }, "nextLink": { "type": "string", - "format": "uri", "description": "The link to the next page of items" } - }, - "required": [ - "value" - ] + } }, "IncidentTaskProperties": { "type": "object", @@ -26629,20 +26616,39 @@ "$ref": "#/definitions/SentinelEntityMapping" } } - }, - "required": [ - "query", - "queryFrequency", - "queryPeriod", - "severity", - "triggerOperator", - "triggerThreshold" - ] + } }, "ScheduledAlertRuleProperties": { "type": "object", "description": "Scheduled alert rule base property bag.", "properties": { + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "queryFrequency": { + "type": "string", + "format": "duration", + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." + }, + "queryPeriod": { + "type": "string", + "format": "duration", + "description": "The period (in ISO 8601 duration format) that this alert rule looks at." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/TriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "type": "integer", + "format": "int32", + "description": "The threshold triggers this alert rule." + }, "alertRuleTemplateName": { "type": "string", "description": "The Name of the alert rule template used to create this rule." @@ -26705,6 +26711,12 @@ } }, "required": [ + "query", + "queryFrequency", + "queryPeriod", + "severity", + "triggerOperator", + "triggerThreshold", "displayName", "enabled", "suppressionDuration", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index ba71cec0054c..e759419992ef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -8131,24 +8131,19 @@ }, "AutomationRulesList": { "type": "object", - "description": "Paged collection of AutomationRule items", "properties": { "value": { "type": "array", - "description": "The AutomationRule items on this page", + "description": "List of automation rules.", "items": { "$ref": "#/definitions/AutomationRule" } }, "nextLink": { "type": "string", - "format": "uri", "description": "The link to the next page of items" } - }, - "required": [ - "value" - ] + } }, "AwsCloudTrailDataConnector": { "type": "object", @@ -9226,20 +9221,16 @@ "properties": { "value": { "type": "array", - "description": "The DataConnectorDefinition items on this page", + "description": "List of data connector definitions.", "items": { "$ref": "#/definitions/DataConnectorDefinition" } }, "nextLink": { "type": "string", - "format": "uri", "description": "The link to the next page of items" } - }, - "required": [ - "value" - ] + } }, "DataConnectorDefinitionKind": { "type": "string", @@ -11509,20 +11500,16 @@ "properties": { "value": { "type": "array", - "description": "The IncidentTask items on this page", + "description": "List of incident tasks.", "items": { "$ref": "#/definitions/IncidentTask" } }, "nextLink": { "type": "string", - "format": "uri", "description": "The link to the next page of items" } - }, - "required": [ - "value" - ] + } }, "IncidentTaskProperties": { "type": "object", @@ -14595,20 +14582,39 @@ "$ref": "#/definitions/AlertDetailsOverride", "description": "The alert details override settings" } - }, - "required": [ - "query", - "queryFrequency", - "queryPeriod", - "severity", - "triggerOperator", - "triggerThreshold" - ] + } }, "ScheduledAlertRuleProperties": { "type": "object", "description": "Scheduled alert rule base property bag.", "properties": { + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "queryFrequency": { + "type": "string", + "format": "duration", + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." + }, + "queryPeriod": { + "type": "string", + "format": "duration", + "description": "The period (in ISO 8601 duration format) that this alert rule looks at." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/TriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "type": "integer", + "format": "int32", + "description": "The threshold triggers this alert rule." + }, "alertRuleTemplateName": { "type": "string", "description": "The Name of the alert rule template used to create this rule." @@ -14664,6 +14670,12 @@ } }, "required": [ + "query", + "queryFrequency", + "queryPeriod", + "severity", + "triggerOperator", + "triggerThreshold", "displayName", "enabled", "suppressionDuration", From 6ab0a970bbe263efde114478485790518dab940a Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Wed, 17 Jun 2026 15:24:23 +0300 Subject: [PATCH 24/38] fix x-ms-enum names for flag and triggerWhen --- .../SecurityInsights/models.tsp | 17 ++++++- .../preview/2025-10-01-preview/openapi.json | 50 +++++++++---------- .../stable/2025-09-01/openapi.json | 50 +++++++++---------- 3 files changed, 65 insertions(+), 52 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 7404f2b2d9f4..5c7156dcdca2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -1,5 +1,6 @@ import "@typespec/rest"; import "@typespec/http"; +import "@typespec/openapi"; import "@azure-tools/typespec-azure-core"; import "@azure-tools/typespec-azure-resource-manager"; @@ -94,7 +95,7 @@ union TriggersOn { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -union TriggersWhen { +union triggersWhen { string, /** @@ -430,6 +431,18 @@ union PackageKind { /** * The boolean value the metadata is for. */ +#suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released stable 2025-09-01 x-ms-enum name for backward compatibility" +@OpenAPI.extension( + "x-ms-enum", + #{ + name: "flag", + modelAsString: true, + values: #[ + #{ name: "true", value: "true", description: "true" }, + #{ name: "false", value: "false", description: "false" } + ] + } +) union Flag { string, @@ -3983,7 +3996,7 @@ model AutomationRuleTriggeringLogic { #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" triggersOn: TriggersOn; #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" - triggersWhen: TriggersWhen; + triggersWhen: triggersWhen; /** * The conditions to evaluate to determine if the automation rule should be triggered on a given object. diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index ff2fd177e8b1..702079f301c6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -14097,7 +14097,7 @@ "$ref": "#/definitions/TriggersOn" }, "triggersWhen": { - "$ref": "#/definitions/TriggersWhen" + "$ref": "#/definitions/triggersWhen" }, "conditions": { "type": "array", @@ -19028,7 +19028,7 @@ "false" ], "x-ms-enum": { - "name": "Flag", + "name": "flag", "modelAsString": true, "values": [ { @@ -29408,29 +29408,6 @@ ] } }, - "TriggersWhen": { - "type": "string", - "enum": [ - "Created", - "Updated" - ], - "x-ms-enum": { - "name": "TriggersWhen", - "modelAsString": true, - "values": [ - { - "name": "Created", - "value": "Created", - "description": "Trigger on created objects" - }, - { - "name": "Updated", - "value": "Updated", - "description": "Trigger on updated objects" - } - ] - } - }, "Ueba": { "type": "object", "description": "Settings with single toggle.", @@ -31491,6 +31468,29 @@ "readOnly": true } } + }, + "triggersWhen": { + "type": "string", + "enum": [ + "Created", + "Updated" + ], + "x-ms-enum": { + "name": "triggersWhen", + "modelAsString": true, + "values": [ + { + "name": "Created", + "value": "Created", + "description": "Trigger on created objects" + }, + { + "name": "Updated", + "value": "Updated", + "description": "Trigger on updated objects" + } + ] + } } }, "parameters": {} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index e759419992ef..c380654ea21d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -8109,7 +8109,7 @@ "$ref": "#/definitions/TriggersOn" }, "triggersWhen": { - "$ref": "#/definitions/TriggersWhen" + "$ref": "#/definitions/triggersWhen" }, "conditions": { "type": "array", @@ -10282,7 +10282,7 @@ "false" ], "x-ms-enum": { - "name": "Flag", + "name": "flag", "modelAsString": true, "values": [ { @@ -16372,29 +16372,6 @@ ] } }, - "TriggersWhen": { - "type": "string", - "enum": [ - "Created", - "Updated" - ], - "x-ms-enum": { - "name": "TriggersWhen", - "modelAsString": true, - "values": [ - { - "name": "Created", - "value": "Created", - "description": "Trigger on created objects" - }, - { - "name": "Updated", - "value": "Updated", - "description": "Trigger on updated objects" - } - ] - } - }, "UrlEntity": { "type": "object", "description": "Represents a url entity.", @@ -18020,6 +17997,29 @@ "readOnly": true } } + }, + "triggersWhen": { + "type": "string", + "enum": [ + "Created", + "Updated" + ], + "x-ms-enum": { + "name": "triggersWhen", + "modelAsString": true, + "values": [ + { + "name": "Created", + "value": "Created", + "description": "Trigger on created objects" + }, + { + "name": "Updated", + "value": "Updated", + "description": "Trigger on updated objects" + } + ] + } } }, "parameters": {} From 36d5580902b948b988b061759d7c1a36b0d35581 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Wed, 17 Jun 2026 18:00:48 +0300 Subject: [PATCH 25/38] fix x-ms-enum names --- .../SecurityInsights/models.tsp | 36 +- .../preview/2025-10-01-preview/openapi.json | 660 +++++++++--------- .../stable/2025-09-01/openapi.json | 648 ++++++++--------- 3 files changed, 672 insertions(+), 672 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 5c7156dcdca2..42554da30030 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -80,7 +80,7 @@ union CreatedByType { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -union TriggersOn { +union triggersOn { string, /** @@ -414,7 +414,7 @@ union EntityKindEnum { /** * The package kind */ -union PackageKind { +union packageKind { string, /** @@ -460,7 +460,7 @@ union Flag { /** * Source type of the content */ -union SourceKind { +union sourceKind { string, /** @@ -487,7 +487,7 @@ union SourceKind { /** * Type of support for content item */ -union SupportTier { +union supportTier { string, /** @@ -509,7 +509,7 @@ union SupportTier { /** * The kind of content the metadata is for. */ -union Kind { +union kind { string, /** @@ -2170,7 +2170,7 @@ union ProvisioningState { /** * The sourceType of the watchlist */ -union SourceType { +union sourceType { string, /** @@ -3076,7 +3076,7 @@ union CcpAuthType { /** * The HTTP method, default value GET. */ -union HttpMethodVerb { +union httpMethodVerb { string, /** @@ -3994,7 +3994,7 @@ model AutomationRuleTriggeringLogic { expirationTimeUtc?: utcDateTime; #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" - triggersOn: TriggersOn; + triggersOn: triggersOn; #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" triggersWhen: triggersWhen; @@ -4473,7 +4473,7 @@ model PackageProperties extends PackageBaseProperties { /** * The package kind */ - contentKind: PackageKind; + contentKind: packageKind; /** * the latest version number of the package @@ -4588,7 +4588,7 @@ model MetadataSource { /** * Source type of the content */ - kind: SourceKind; + kind: sourceKind; /** * Name of the content source. The repo name, solution name, LA workspace name etc. @@ -4628,7 +4628,7 @@ model MetadataSupport { /** * Type of support for content item */ - tier: SupportTier; + tier: supportTier; /** * Name of the support contact. Company or person. @@ -4658,7 +4658,7 @@ model MetadataDependencies { /** * Type of the content item we depend on */ - kind?: Kind; + kind?: kind; /** * Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. @@ -4717,7 +4717,7 @@ model ProductPackageProperties { /** * The package kind */ - contentKind: PackageKind; + contentKind: packageKind; /** * the latest version number of the package @@ -4799,7 +4799,7 @@ model ProductTemplateProperties { /** * The kind of content the template is for. */ - contentKind: Kind; + contentKind: kind; /** * Source of the content. This is where/how it was created. @@ -4889,7 +4889,7 @@ model TemplateBaseProperties { /** * the packageKind of the package contains this template */ - packageKind?: PackageKind; + packageKind?: packageKind; /** * the name of the package contains this template @@ -4954,7 +4954,7 @@ model TemplateProperties { /** * The kind of content the template is for. */ - contentKind: Kind; + contentKind: kind; /** * Source of the content. This is where/how it was created. @@ -8505,7 +8505,7 @@ model WatchlistProperties { /** * The sourceType of the watchlist */ - sourceType?: SourceType; + sourceType?: sourceType; /** * The time the watchlist was created @@ -11836,7 +11836,7 @@ model RestApiPollerRequestConfig { /** * The HTTP method, default value GET. */ - httpMethod?: HttpMethodVerb; + httpMethod?: httpMethodVerb; /** * The query time format. A remote server can have a query to pull data from range 'start' to 'end'. This property indicate what is the expected time format the remote server know to parse. diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 702079f301c6..f27d20ce02f6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -14094,7 +14094,7 @@ "description": "Determines when the automation rule should automatically expire and be disabled." }, "triggersOn": { - "$ref": "#/definitions/TriggersOn" + "$ref": "#/definitions/triggersOn" }, "triggersWhen": { "$ref": "#/definitions/triggersWhen" @@ -19860,42 +19860,6 @@ } ] }, - "HttpMethodVerb": { - "type": "string", - "description": "The HTTP method, default value GET.", - "enum": [ - "GET", - "POST", - "PUT", - "DELETE" - ], - "x-ms-enum": { - "name": "HttpMethodVerb", - "modelAsString": true, - "values": [ - { - "name": "GET", - "value": "GET", - "description": "GET" - }, - { - "name": "POST", - "value": "POST", - "description": "POST" - }, - { - "name": "PUT", - "value": "PUT", - "description": "PUT" - }, - { - "name": "DELETE", - "value": "DELETE", - "description": "DELETE" - } - ] - } - }, "Hunt": { "type": "object", "description": "Represents a Hunt in Azure Security Insights.", @@ -22024,150 +21988,6 @@ ] } }, - "Kind": { - "type": "string", - "description": "The kind of content the metadata is for.", - "enum": [ - "DataConnector", - "DataType", - "Workbook", - "WorkbookTemplate", - "Playbook", - "PlaybookTemplate", - "AnalyticsRuleTemplate", - "AnalyticsRule", - "HuntingQuery", - "InvestigationQuery", - "Parser", - "Watchlist", - "WatchlistTemplate", - "Solution", - "AzureFunction", - "LogicAppsCustomConnector", - "AutomationRule", - "ResourcesDataConnector", - "Notebook", - "Standalone", - "SummaryRule", - "CustomDetection" - ], - "x-ms-enum": { - "name": "Kind", - "modelAsString": true, - "values": [ - { - "name": "DataConnector", - "value": "DataConnector", - "description": "DataConnector" - }, - { - "name": "DataType", - "value": "DataType", - "description": "DataType" - }, - { - "name": "Workbook", - "value": "Workbook", - "description": "Workbook" - }, - { - "name": "WorkbookTemplate", - "value": "WorkbookTemplate", - "description": "WorkbookTemplate" - }, - { - "name": "Playbook", - "value": "Playbook", - "description": "Playbook" - }, - { - "name": "PlaybookTemplate", - "value": "PlaybookTemplate", - "description": "PlaybookTemplate" - }, - { - "name": "AnalyticsRuleTemplate", - "value": "AnalyticsRuleTemplate", - "description": "AnalyticsRuleTemplate" - }, - { - "name": "AnalyticsRule", - "value": "AnalyticsRule", - "description": "AnalyticsRule" - }, - { - "name": "HuntingQuery", - "value": "HuntingQuery", - "description": "HuntingQuery" - }, - { - "name": "InvestigationQuery", - "value": "InvestigationQuery", - "description": "InvestigationQuery" - }, - { - "name": "Parser", - "value": "Parser", - "description": "Parser" - }, - { - "name": "Watchlist", - "value": "Watchlist", - "description": "Watchlist" - }, - { - "name": "WatchlistTemplate", - "value": "WatchlistTemplate", - "description": "WatchlistTemplate" - }, - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "AzureFunction", - "value": "AzureFunction", - "description": "AzureFunction" - }, - { - "name": "LogicAppsCustomConnector", - "value": "LogicAppsCustomConnector", - "description": "LogicAppsCustomConnector" - }, - { - "name": "AutomationRule", - "value": "AutomationRule", - "description": "AutomationRule" - }, - { - "name": "ResourcesDataConnector", - "value": "ResourcesDataConnector", - "description": "ResourcesDataConnector" - }, - { - "name": "Notebook", - "value": "Notebook", - "description": "Notebook" - }, - { - "name": "Standalone", - "value": "Standalone", - "description": "Standalone" - }, - { - "name": "SummaryRule", - "value": "SummaryRule", - "description": "SummaryRule" - }, - { - "name": "CustomDetection", - "value": "CustomDetection", - "description": "Custom detections enable proactive monitoring and automated response actions for various events and system states across your tenant." - } - ] - } - }, "LastDataReceivedDataType": { "type": "object", "description": "Data type for last data received", @@ -24624,30 +24444,6 @@ ] } }, - "PackageKind": { - "type": "string", - "description": "The package kind", - "enum": [ - "Solution", - "Standalone" - ], - "x-ms-enum": { - "name": "PackageKind", - "modelAsString": true, - "values": [ - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "Standalone", - "value": "Standalone", - "description": "Standalone" - } - ] - } - }, "PermissionProviderScope": { "type": "string", "description": "Permission provider scope", @@ -26221,7 +26017,7 @@ "x-nullable": true }, "httpMethod": { - "$ref": "#/definitions/HttpMethodVerb", + "$ref": "#/definitions/httpMethodVerb", "description": "The HTTP method, default value GET." }, "queryTimeFormat": { @@ -27670,66 +27466,6 @@ "repository" ] }, - "SourceKind": { - "type": "string", - "description": "Source type of the content", - "enum": [ - "LocalWorkspace", - "Community", - "Solution", - "SourceRepository" - ], - "x-ms-enum": { - "name": "SourceKind", - "modelAsString": true, - "values": [ - { - "name": "LocalWorkspace", - "value": "LocalWorkspace", - "description": "LocalWorkspace" - }, - { - "name": "Community", - "value": "Community", - "description": "Community" - }, - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "SourceRepository", - "value": "SourceRepository", - "description": "SourceRepository" - } - ] - } - }, - "SourceType": { - "type": "string", - "description": "The sourceType of the watchlist", - "enum": [ - "Local", - "AzureStorage" - ], - "x-ms-enum": { - "name": "SourceType", - "modelAsString": true, - "values": [ - { - "name": "Local", - "value": "Local", - "description": "The source from local file." - }, - { - "name": "AzureStorage", - "value": "AzureStorage", - "description": "The source from Azure storage." - } - ] - } - }, "State": { "type": "string", "description": "State of recommendation.", @@ -27912,36 +27648,6 @@ } ] }, - "SupportTier": { - "type": "string", - "description": "Type of support for content item", - "enum": [ - "Microsoft", - "Partner", - "Community" - ], - "x-ms-enum": { - "name": "SupportTier", - "modelAsString": true, - "values": [ - { - "name": "Microsoft", - "value": "Microsoft", - "description": "Microsoft" - }, - { - "name": "Partner", - "value": "Partner", - "description": "Partner" - }, - { - "name": "Community", - "value": "Community", - "description": "Community" - } - ] - } - }, "TICheckRequirements": { "type": "object", "description": "Threat Intelligence Platforms data connector check requirements", @@ -28301,7 +28007,7 @@ } }, "packageKind": { - "$ref": "#/definitions/PackageKind", + "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" }, "packageName": { @@ -29385,29 +29091,6 @@ "value" ] }, - "TriggersOn": { - "type": "string", - "enum": [ - "Incidents", - "Alerts" - ], - "x-ms-enum": { - "name": "TriggersOn", - "modelAsString": true, - "values": [ - { - "name": "Incidents", - "value": "Incidents", - "description": "Trigger on Incidents" - }, - { - "name": "Alerts", - "value": "Alerts", - "description": "Trigger on Alerts" - } - ] - } - }, "Ueba": { "type": "object", "description": "Settings with single toggle.", @@ -29800,7 +29483,7 @@ "description": "The filename of the watchlist, called 'source'" }, "sourceType": { - "$ref": "#/definitions/SourceType", + "$ref": "#/definitions/sourceType", "description": "The sourceType of the watchlist" }, "created": { @@ -30282,6 +29965,42 @@ "errorMessage" ] }, + "httpMethodVerb": { + "type": "string", + "description": "The HTTP method, default value GET.", + "enum": [ + "GET", + "POST", + "PUT", + "DELETE" + ], + "x-ms-enum": { + "name": "httpMethodVerb", + "modelAsString": true, + "values": [ + { + "name": "GET", + "value": "GET", + "description": "GET" + }, + { + "name": "POST", + "value": "POST", + "description": "POST" + }, + { + "name": "PUT", + "value": "PUT", + "description": "PUT" + }, + { + "name": "DELETE", + "value": "DELETE", + "description": "DELETE" + } + ] + } + }, "jobItem": { "type": "object", "description": "An entity describing the publish status of a content item.", @@ -30311,6 +30030,150 @@ } } }, + "kind": { + "type": "string", + "description": "The kind of content the metadata is for.", + "enum": [ + "DataConnector", + "DataType", + "Workbook", + "WorkbookTemplate", + "Playbook", + "PlaybookTemplate", + "AnalyticsRuleTemplate", + "AnalyticsRule", + "HuntingQuery", + "InvestigationQuery", + "Parser", + "Watchlist", + "WatchlistTemplate", + "Solution", + "AzureFunction", + "LogicAppsCustomConnector", + "AutomationRule", + "ResourcesDataConnector", + "Notebook", + "Standalone", + "SummaryRule", + "CustomDetection" + ], + "x-ms-enum": { + "name": "kind", + "modelAsString": true, + "values": [ + { + "name": "DataConnector", + "value": "DataConnector", + "description": "DataConnector" + }, + { + "name": "DataType", + "value": "DataType", + "description": "DataType" + }, + { + "name": "Workbook", + "value": "Workbook", + "description": "Workbook" + }, + { + "name": "WorkbookTemplate", + "value": "WorkbookTemplate", + "description": "WorkbookTemplate" + }, + { + "name": "Playbook", + "value": "Playbook", + "description": "Playbook" + }, + { + "name": "PlaybookTemplate", + "value": "PlaybookTemplate", + "description": "PlaybookTemplate" + }, + { + "name": "AnalyticsRuleTemplate", + "value": "AnalyticsRuleTemplate", + "description": "AnalyticsRuleTemplate" + }, + { + "name": "AnalyticsRule", + "value": "AnalyticsRule", + "description": "AnalyticsRule" + }, + { + "name": "HuntingQuery", + "value": "HuntingQuery", + "description": "HuntingQuery" + }, + { + "name": "InvestigationQuery", + "value": "InvestigationQuery", + "description": "InvestigationQuery" + }, + { + "name": "Parser", + "value": "Parser", + "description": "Parser" + }, + { + "name": "Watchlist", + "value": "Watchlist", + "description": "Watchlist" + }, + { + "name": "WatchlistTemplate", + "value": "WatchlistTemplate", + "description": "WatchlistTemplate" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "AzureFunction", + "value": "AzureFunction", + "description": "AzureFunction" + }, + { + "name": "LogicAppsCustomConnector", + "value": "LogicAppsCustomConnector", + "description": "LogicAppsCustomConnector" + }, + { + "name": "AutomationRule", + "value": "AutomationRule", + "description": "AutomationRule" + }, + { + "name": "ResourcesDataConnector", + "value": "ResourcesDataConnector", + "description": "ResourcesDataConnector" + }, + { + "name": "Notebook", + "value": "Notebook", + "description": "Notebook" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + }, + { + "name": "SummaryRule", + "value": "SummaryRule", + "description": "SummaryRule" + }, + { + "name": "CustomDetection", + "value": "CustomDetection", + "description": "Custom detections enable proactive monitoring and automated response actions for various events and system states across your tenant." + } + ] + } + }, "metadataAuthor": { "type": "object", "description": "Publisher or creator of the content item.", @@ -30358,7 +30221,7 @@ "description": "Id of the content item we depend on" }, "kind": { - "$ref": "#/definitions/Kind", + "$ref": "#/definitions/kind", "description": "Type of the content item we depend on" }, "version": { @@ -30608,7 +30471,7 @@ "description": "The original source of the content item, where it comes from.", "properties": { "kind": { - "$ref": "#/definitions/SourceKind", + "$ref": "#/definitions/sourceKind", "description": "Source type of the content" }, "name": { @@ -30629,7 +30492,7 @@ "description": "Support information for the content item.", "properties": { "tier": { - "$ref": "#/definitions/SupportTier", + "$ref": "#/definitions/supportTier", "description": "Type of support for content item" }, "name": { @@ -30774,6 +30637,30 @@ } } }, + "packageKind": { + "type": "string", + "description": "The package kind", + "enum": [ + "Solution", + "Standalone" + ], + "x-ms-enum": { + "name": "packageKind", + "modelAsString": true, + "values": [ + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + } + ] + } + }, "packageList": { "type": "object", "description": "List available packages.", @@ -30828,7 +30715,7 @@ "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" }, "contentKind": { - "$ref": "#/definitions/PackageKind", + "$ref": "#/definitions/packageKind", "description": "The package kind" }, "version": { @@ -31004,7 +30891,7 @@ "description": "The content id of the package" }, "contentKind": { - "$ref": "#/definitions/PackageKind", + "$ref": "#/definitions/packageKind", "description": "The package kind" }, "version": { @@ -31167,7 +31054,7 @@ } }, "packageKind": { - "$ref": "#/definitions/PackageKind", + "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" }, "packageName": { @@ -31203,7 +31090,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/Kind", + "$ref": "#/definitions/kind", "description": "The kind of content the template is for." }, "source": { @@ -31223,6 +31110,96 @@ "source" ] }, + "sourceKind": { + "type": "string", + "description": "Source type of the content", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "name": "sourceKind", + "modelAsString": true, + "values": [ + { + "name": "LocalWorkspace", + "value": "LocalWorkspace", + "description": "LocalWorkspace" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "SourceRepository", + "value": "SourceRepository", + "description": "SourceRepository" + } + ] + } + }, + "sourceType": { + "type": "string", + "description": "The sourceType of the watchlist", + "enum": [ + "Local", + "AzureStorage" + ], + "x-ms-enum": { + "name": "sourceType", + "modelAsString": true, + "values": [ + { + "name": "Local", + "value": "Local", + "description": "The source from local file." + }, + { + "name": "AzureStorage", + "value": "AzureStorage", + "description": "The source from Azure storage." + } + ] + } + }, + "supportTier": { + "type": "string", + "description": "Type of support for content item", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "name": "supportTier", + "modelAsString": true, + "values": [ + { + "name": "Microsoft", + "value": "Microsoft", + "description": "Microsoft" + }, + { + "name": "Partner", + "value": "Partner", + "description": "Partner" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + } + ] + } + }, "templateAdditionalProperties": { "type": "object", "description": "additional properties of product template.", @@ -31362,7 +31339,7 @@ } }, "packageKind": { - "$ref": "#/definitions/PackageKind", + "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" }, "packageName": { @@ -31409,7 +31386,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/Kind", + "$ref": "#/definitions/kind", "description": "The kind of content the template is for." }, "source": { @@ -31469,6 +31446,29 @@ } } }, + "triggersOn": { + "type": "string", + "enum": [ + "Incidents", + "Alerts" + ], + "x-ms-enum": { + "name": "triggersOn", + "modelAsString": true, + "values": [ + { + "name": "Incidents", + "value": "Incidents", + "description": "Trigger on Incidents" + }, + { + "name": "Alerts", + "value": "Alerts", + "description": "Trigger on Alerts" + } + ] + } + }, "triggersWhen": { "type": "string", "enum": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index c380654ea21d..6fdd80fd784a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -8106,7 +8106,7 @@ "description": "Determines when the automation rule should automatically expire and be disabled." }, "triggersOn": { - "$ref": "#/definitions/TriggersOn" + "$ref": "#/definitions/triggersOn" }, "triggersWhen": { "$ref": "#/definitions/triggersWhen" @@ -10718,42 +10718,6 @@ } ] }, - "HttpMethodVerb": { - "type": "string", - "description": "The HTTP method, default value GET.", - "enum": [ - "GET", - "POST", - "PUT", - "DELETE" - ], - "x-ms-enum": { - "name": "HttpMethodVerb", - "modelAsString": true, - "values": [ - { - "name": "GET", - "value": "GET", - "description": "GET" - }, - { - "name": "POST", - "value": "POST", - "description": "POST" - }, - { - "name": "PUT", - "value": "PUT", - "description": "PUT" - }, - { - "name": "DELETE", - "value": "DELETE", - "description": "DELETE" - } - ] - } - }, "HuntingBookmark": { "type": "object", "description": "Represents a Hunting bookmark entity.", @@ -11956,144 +11920,6 @@ ] } }, - "Kind": { - "type": "string", - "description": "The kind of content the metadata is for.", - "enum": [ - "DataConnector", - "DataType", - "Workbook", - "WorkbookTemplate", - "Playbook", - "PlaybookTemplate", - "AnalyticsRuleTemplate", - "AnalyticsRule", - "HuntingQuery", - "InvestigationQuery", - "Parser", - "Watchlist", - "WatchlistTemplate", - "Solution", - "AzureFunction", - "LogicAppsCustomConnector", - "AutomationRule", - "ResourcesDataConnector", - "Notebook", - "Standalone", - "SummaryRule" - ], - "x-ms-enum": { - "name": "Kind", - "modelAsString": true, - "values": [ - { - "name": "DataConnector", - "value": "DataConnector", - "description": "DataConnector" - }, - { - "name": "DataType", - "value": "DataType", - "description": "DataType" - }, - { - "name": "Workbook", - "value": "Workbook", - "description": "Workbook" - }, - { - "name": "WorkbookTemplate", - "value": "WorkbookTemplate", - "description": "WorkbookTemplate" - }, - { - "name": "Playbook", - "value": "Playbook", - "description": "Playbook" - }, - { - "name": "PlaybookTemplate", - "value": "PlaybookTemplate", - "description": "PlaybookTemplate" - }, - { - "name": "AnalyticsRuleTemplate", - "value": "AnalyticsRuleTemplate", - "description": "AnalyticsRuleTemplate" - }, - { - "name": "AnalyticsRule", - "value": "AnalyticsRule", - "description": "AnalyticsRule" - }, - { - "name": "HuntingQuery", - "value": "HuntingQuery", - "description": "HuntingQuery" - }, - { - "name": "InvestigationQuery", - "value": "InvestigationQuery", - "description": "InvestigationQuery" - }, - { - "name": "Parser", - "value": "Parser", - "description": "Parser" - }, - { - "name": "Watchlist", - "value": "Watchlist", - "description": "Watchlist" - }, - { - "name": "WatchlistTemplate", - "value": "WatchlistTemplate", - "description": "WatchlistTemplate" - }, - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "AzureFunction", - "value": "AzureFunction", - "description": "AzureFunction" - }, - { - "name": "LogicAppsCustomConnector", - "value": "LogicAppsCustomConnector", - "description": "LogicAppsCustomConnector" - }, - { - "name": "AutomationRule", - "value": "AutomationRule", - "description": "AutomationRule" - }, - { - "name": "ResourcesDataConnector", - "value": "ResourcesDataConnector", - "description": "ResourcesDataConnector" - }, - { - "name": "Notebook", - "value": "Notebook", - "description": "Notebook" - }, - { - "name": "Standalone", - "value": "Standalone", - "description": "Standalone" - }, - { - "name": "SummaryRule", - "value": "SummaryRule", - "description": "SummaryRule" - } - ] - } - }, "MCASDataConnector": { "type": "object", "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", @@ -13288,30 +13114,6 @@ ] } }, - "PackageKind": { - "type": "string", - "description": "The package kind", - "enum": [ - "Solution", - "Standalone" - ], - "x-ms-enum": { - "name": "PackageKind", - "modelAsString": true, - "values": [ - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "Standalone", - "value": "Standalone", - "description": "Standalone" - } - ] - } - }, "PlaybookActionProperties": { "type": "object", "properties": { @@ -14237,7 +14039,7 @@ "x-nullable": true }, "httpMethod": { - "$ref": "#/definitions/HttpMethodVerb", + "$ref": "#/definitions/httpMethodVerb", "description": "The HTTP method, default value GET." }, "queryTimeFormat": { @@ -15399,66 +15201,6 @@ "repository" ] }, - "SourceKind": { - "type": "string", - "description": "Source type of the content", - "enum": [ - "LocalWorkspace", - "Community", - "Solution", - "SourceRepository" - ], - "x-ms-enum": { - "name": "SourceKind", - "modelAsString": true, - "values": [ - { - "name": "LocalWorkspace", - "value": "LocalWorkspace", - "description": "LocalWorkspace" - }, - { - "name": "Community", - "value": "Community", - "description": "Community" - }, - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "SourceRepository", - "value": "SourceRepository", - "description": "SourceRepository" - } - ] - } - }, - "SourceType": { - "type": "string", - "description": "The sourceType of the watchlist", - "enum": [ - "Local", - "AzureStorage" - ], - "x-ms-enum": { - "name": "SourceType", - "modelAsString": true, - "values": [ - { - "name": "Local", - "value": "Local", - "description": "The source from local file." - }, - { - "name": "AzureStorage", - "value": "AzureStorage", - "description": "The source from Azure storage." - } - ] - } - }, "SubmissionMailEntity": { "type": "object", "description": "Represents a submission mail entity.", @@ -15539,36 +15281,6 @@ } ] }, - "SupportTier": { - "type": "string", - "description": "Type of support for content item", - "enum": [ - "Microsoft", - "Partner", - "Community" - ], - "x-ms-enum": { - "name": "SupportTier", - "modelAsString": true, - "values": [ - { - "name": "Microsoft", - "value": "Microsoft", - "description": "Microsoft" - }, - { - "name": "Partner", - "value": "Partner", - "description": "Partner" - }, - { - "name": "Community", - "value": "Community", - "description": "Community" - } - ] - } - }, "TIDataConnector": { "type": "object", "description": "Represents threat intelligence data connector.", @@ -15710,7 +15422,7 @@ } }, "packageKind": { - "$ref": "#/definitions/PackageKind", + "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" }, "packageName": { @@ -16349,29 +16061,6 @@ ] } }, - "TriggersOn": { - "type": "string", - "enum": [ - "Incidents", - "Alerts" - ], - "x-ms-enum": { - "name": "TriggersOn", - "modelAsString": true, - "values": [ - { - "name": "Incidents", - "value": "Incidents", - "description": "Trigger on Incidents" - }, - { - "name": "Alerts", - "value": "Alerts", - "description": "Trigger on Alerts" - } - ] - } - }, "UrlEntity": { "type": "object", "description": "Represents a url entity.", @@ -16679,7 +16368,7 @@ "description": "The filename of the watchlist, called 'source'" }, "sourceType": { - "$ref": "#/definitions/SourceType", + "$ref": "#/definitions/sourceType", "description": "The sourceType of the watchlist" }, "created": { @@ -16876,6 +16565,180 @@ } } }, + "httpMethodVerb": { + "type": "string", + "description": "The HTTP method, default value GET.", + "enum": [ + "GET", + "POST", + "PUT", + "DELETE" + ], + "x-ms-enum": { + "name": "httpMethodVerb", + "modelAsString": true, + "values": [ + { + "name": "GET", + "value": "GET", + "description": "GET" + }, + { + "name": "POST", + "value": "POST", + "description": "POST" + }, + { + "name": "PUT", + "value": "PUT", + "description": "PUT" + }, + { + "name": "DELETE", + "value": "DELETE", + "description": "DELETE" + } + ] + } + }, + "kind": { + "type": "string", + "description": "The kind of content the metadata is for.", + "enum": [ + "DataConnector", + "DataType", + "Workbook", + "WorkbookTemplate", + "Playbook", + "PlaybookTemplate", + "AnalyticsRuleTemplate", + "AnalyticsRule", + "HuntingQuery", + "InvestigationQuery", + "Parser", + "Watchlist", + "WatchlistTemplate", + "Solution", + "AzureFunction", + "LogicAppsCustomConnector", + "AutomationRule", + "ResourcesDataConnector", + "Notebook", + "Standalone", + "SummaryRule" + ], + "x-ms-enum": { + "name": "kind", + "modelAsString": true, + "values": [ + { + "name": "DataConnector", + "value": "DataConnector", + "description": "DataConnector" + }, + { + "name": "DataType", + "value": "DataType", + "description": "DataType" + }, + { + "name": "Workbook", + "value": "Workbook", + "description": "Workbook" + }, + { + "name": "WorkbookTemplate", + "value": "WorkbookTemplate", + "description": "WorkbookTemplate" + }, + { + "name": "Playbook", + "value": "Playbook", + "description": "Playbook" + }, + { + "name": "PlaybookTemplate", + "value": "PlaybookTemplate", + "description": "PlaybookTemplate" + }, + { + "name": "AnalyticsRuleTemplate", + "value": "AnalyticsRuleTemplate", + "description": "AnalyticsRuleTemplate" + }, + { + "name": "AnalyticsRule", + "value": "AnalyticsRule", + "description": "AnalyticsRule" + }, + { + "name": "HuntingQuery", + "value": "HuntingQuery", + "description": "HuntingQuery" + }, + { + "name": "InvestigationQuery", + "value": "InvestigationQuery", + "description": "InvestigationQuery" + }, + { + "name": "Parser", + "value": "Parser", + "description": "Parser" + }, + { + "name": "Watchlist", + "value": "Watchlist", + "description": "Watchlist" + }, + { + "name": "WatchlistTemplate", + "value": "WatchlistTemplate", + "description": "WatchlistTemplate" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "AzureFunction", + "value": "AzureFunction", + "description": "AzureFunction" + }, + { + "name": "LogicAppsCustomConnector", + "value": "LogicAppsCustomConnector", + "description": "LogicAppsCustomConnector" + }, + { + "name": "AutomationRule", + "value": "AutomationRule", + "description": "AutomationRule" + }, + { + "name": "ResourcesDataConnector", + "value": "ResourcesDataConnector", + "description": "ResourcesDataConnector" + }, + { + "name": "Notebook", + "value": "Notebook", + "description": "Notebook" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + }, + { + "name": "SummaryRule", + "value": "SummaryRule", + "description": "SummaryRule" + } + ] + } + }, "metadataAuthor": { "type": "object", "description": "Publisher or creator of the content item.", @@ -16923,7 +16786,7 @@ "description": "Id of the content item we depend on" }, "kind": { - "$ref": "#/definitions/Kind", + "$ref": "#/definitions/kind", "description": "Type of the content item we depend on" }, "version": { @@ -17173,7 +17036,7 @@ "description": "The original source of the content item, where it comes from.", "properties": { "kind": { - "$ref": "#/definitions/SourceKind", + "$ref": "#/definitions/sourceKind", "description": "Source type of the content" }, "name": { @@ -17194,7 +17057,7 @@ "description": "Support information for the content item.", "properties": { "tier": { - "$ref": "#/definitions/SupportTier", + "$ref": "#/definitions/supportTier", "description": "Type of support for content item" }, "name": { @@ -17303,6 +17166,30 @@ } } }, + "packageKind": { + "type": "string", + "description": "The package kind", + "enum": [ + "Solution", + "Standalone" + ], + "x-ms-enum": { + "name": "packageKind", + "modelAsString": true, + "values": [ + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + } + ] + } + }, "packageList": { "type": "object", "description": "List available packages.", @@ -17357,7 +17244,7 @@ "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" }, "contentKind": { - "$ref": "#/definitions/PackageKind", + "$ref": "#/definitions/packageKind", "description": "The package kind" }, "version": { @@ -17533,7 +17420,7 @@ "description": "The content id of the package" }, "contentKind": { - "$ref": "#/definitions/PackageKind", + "$ref": "#/definitions/packageKind", "description": "The package kind" }, "version": { @@ -17696,7 +17583,7 @@ } }, "packageKind": { - "$ref": "#/definitions/PackageKind", + "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" }, "packageName": { @@ -17732,7 +17619,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/Kind", + "$ref": "#/definitions/kind", "description": "The kind of content the template is for." }, "source": { @@ -17752,6 +17639,96 @@ "source" ] }, + "sourceKind": { + "type": "string", + "description": "Source type of the content", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "name": "sourceKind", + "modelAsString": true, + "values": [ + { + "name": "LocalWorkspace", + "value": "LocalWorkspace", + "description": "LocalWorkspace" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "SourceRepository", + "value": "SourceRepository", + "description": "SourceRepository" + } + ] + } + }, + "sourceType": { + "type": "string", + "description": "The sourceType of the watchlist", + "enum": [ + "Local", + "AzureStorage" + ], + "x-ms-enum": { + "name": "sourceType", + "modelAsString": true, + "values": [ + { + "name": "Local", + "value": "Local", + "description": "The source from local file." + }, + { + "name": "AzureStorage", + "value": "AzureStorage", + "description": "The source from Azure storage." + } + ] + } + }, + "supportTier": { + "type": "string", + "description": "Type of support for content item", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "name": "supportTier", + "modelAsString": true, + "values": [ + { + "name": "Microsoft", + "value": "Microsoft", + "description": "Microsoft" + }, + { + "name": "Partner", + "value": "Partner", + "description": "Partner" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + } + ] + } + }, "templateAdditionalProperties": { "type": "object", "description": "additional properties of product template.", @@ -17891,7 +17868,7 @@ } }, "packageKind": { - "$ref": "#/definitions/PackageKind", + "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" }, "packageName": { @@ -17938,7 +17915,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/Kind", + "$ref": "#/definitions/kind", "description": "The kind of content the template is for." }, "source": { @@ -17998,6 +17975,29 @@ } } }, + "triggersOn": { + "type": "string", + "enum": [ + "Incidents", + "Alerts" + ], + "x-ms-enum": { + "name": "triggersOn", + "modelAsString": true, + "values": [ + { + "name": "Incidents", + "value": "Incidents", + "description": "Trigger on Incidents" + }, + { + "name": "Alerts", + "value": "Alerts", + "description": "Trigger on Alerts" + } + ] + } + }, "triggersWhen": { "type": "string", "enum": [ From f09a2a919e3bbc747a1ab620e3a4bfe1abb8d7ef Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 21 Jun 2026 14:51:13 +0300 Subject: [PATCH 26/38] fix x-ms-enum names for (MetadataDependencyOperator, PullRequestState, WatchlistProvisioningState, JobProvisioningState) --- .../SecurityInsights/models.tsp | 55 +++++++++++++++++++ .../preview/2025-10-01-preview/openapi.json | 38 ++++++------- .../stable/2025-09-01/openapi.json | 20 +++---- 3 files changed, 84 insertions(+), 29 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 42554da30030..08fe398593d6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -627,6 +627,18 @@ union kind { /** * Operator used for list of dependencies in criteria array. */ +#suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released stable 2025-09-01 x-ms-enum name for backward compatibility" +@OpenAPI.extension( + "x-ms-enum", + #{ + name: "operator", + modelAsString: true, + values: #[ + #{ name: "AND", value: "AND", description: "AND" }, + #{ name: "OR", value: "OR", description: "OR" } + ] + } +) union MetadataDependencyOperator { string, @@ -1667,6 +1679,18 @@ union IncidentTaskStatus { /** * Status of the pull request. */ +#suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released stable 2025-09-01 x-ms-enum name for backward compatibility" +@OpenAPI.extension( + "x-ms-enum", + #{ + name: "state", + modelAsString: true, + values: #[ + #{ name: "Open", value: "Open", description: "Open" }, + #{ name: "Closed", value: "Closed", description: "Closed" } + ] + } +) union PullRequestState { string, @@ -2067,6 +2091,23 @@ union TIObjectKind { /** * The provisioning state of the watchlist */ +#suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released stable 2025-09-01 x-ms-enum name for backward compatibility" +@OpenAPI.extension( + "x-ms-enum", + #{ + name: "ProvisioningState", + modelAsString: true, + values: #[ + #{ name: "New", value: "New", description: "The New provisioning state." }, + #{ name: "InProgress", value: "InProgress", description: "The InProgress provisioning state." }, + #{ name: "Uploading", value: "Uploading", description: "The Uploading provisioning state." }, + #{ name: "Deleting", value: "Deleting", description: "The Deleting provisioning state." }, + #{ name: "Succeeded", value: "Succeeded", description: "The Succeeded provisioning state." }, + #{ name: "Failed", value: "Failed", description: "The Failed provisioning state." }, + #{ name: "Canceled", value: "Canceled", description: "The Canceled provisioning state." } + ] + } +) union WatchlistProvisioningState { string, @@ -2110,6 +2151,20 @@ union WatchlistProvisioningState { * The provisioning state of the workspace manager job */ @added(Versions.v2025_10_01_preview) +#suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released preview x-ms-enum name for backward compatibility" +@OpenAPI.extension( + "x-ms-enum", + #{ + name: "provisioningState", + modelAsString: true, + values: #[ + #{ name: "Succeeded", value: "Succeeded", description: "The job succeeded" }, + #{ name: "Canceled", value: "Canceled", description: "The job was canceled" }, + #{ name: "InProgress", value: "InProgress", description: "The job is in progress" }, + #{ name: "Failed", value: "Failed", description: "The job failed" } + ] + } +) union JobProvisioningState { string, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index f27d20ce02f6..926b3ecd1cf7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -21797,28 +21797,28 @@ "Failed" ], "x-ms-enum": { - "name": "JobProvisioningState", + "name": "provisioningState", "modelAsString": true, "values": [ { "name": "Succeeded", "value": "Succeeded", - "description": "Succeeded" - }, - { - "name": "InProgress", - "value": "InProgress", - "description": "InProgress" + "description": "The job succeeded" }, { "name": "Canceled", "value": "Canceled", - "description": "Canceled" + "description": "The job was canceled" + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "The job is in progress" }, { "name": "Failed", "value": "Failed", - "description": "Failed" + "description": "The job failed" } ] } @@ -22849,7 +22849,7 @@ "OR" ], "x-ms-enum": { - "name": "MetadataDependencyOperator", + "name": "operator", "modelAsString": true, "values": [ { @@ -24913,7 +24913,7 @@ "Closed" ], "x-ms-enum": { - "name": "PullRequestState", + "name": "state", "modelAsString": true, "values": [ { @@ -29582,43 +29582,43 @@ "Canceled" ], "x-ms-enum": { - "name": "WatchlistProvisioningState", + "name": "ProvisioningState", "modelAsString": true, "values": [ { "name": "New", "value": "New", - "description": "New" + "description": "The New provisioning state." }, { "name": "InProgress", "value": "InProgress", - "description": "InProgress" + "description": "The InProgress provisioning state." }, { "name": "Uploading", "value": "Uploading", - "description": "Uploading" + "description": "The Uploading provisioning state." }, { "name": "Deleting", "value": "Deleting", - "description": "Deleting" + "description": "The Deleting provisioning state." }, { "name": "Succeeded", "value": "Succeeded", - "description": "Succeeded" + "description": "The Succeeded provisioning state." }, { "name": "Failed", "value": "Failed", - "description": "Failed" + "description": "The Failed provisioning state." }, { "name": "Canceled", "value": "Canceled", - "description": "Canceled" + "description": "The Canceled provisioning state." } ] } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index 6fdd80fd784a..b1f7d4e08a66 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -12491,7 +12491,7 @@ "OR" ], "x-ms-enum": { - "name": "MetadataDependencyOperator", + "name": "operator", "modelAsString": true, "values": [ { @@ -13395,7 +13395,7 @@ "Closed" ], "x-ms-enum": { - "name": "PullRequestState", + "name": "state", "modelAsString": true, "values": [ { @@ -16467,43 +16467,43 @@ "Canceled" ], "x-ms-enum": { - "name": "WatchlistProvisioningState", + "name": "ProvisioningState", "modelAsString": true, "values": [ { "name": "New", "value": "New", - "description": "New" + "description": "The New provisioning state." }, { "name": "InProgress", "value": "InProgress", - "description": "InProgress" + "description": "The InProgress provisioning state." }, { "name": "Uploading", "value": "Uploading", - "description": "Uploading" + "description": "The Uploading provisioning state." }, { "name": "Deleting", "value": "Deleting", - "description": "Deleting" + "description": "The Deleting provisioning state." }, { "name": "Succeeded", "value": "Succeeded", - "description": "Succeeded" + "description": "The Succeeded provisioning state." }, { "name": "Failed", "value": "Failed", - "description": "Failed" + "description": "The Failed provisioning state." }, { "name": "Canceled", "value": "Canceled", - "description": "Canceled" + "description": "The Canceled provisioning state." } ] } From 3a227efa4f29f8ecf661d86f026e302744939944 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 21 Jun 2026 16:34:14 +0300 Subject: [PATCH 27/38] add readOnly to nextLink properties --- .../SecurityInsights/back-compatible.tsp | 18 +++++++ .../preview/2025-10-01-preview/openapi.json | 54 ++++++++++++------- .../stable/2025-09-01/openapi.json | 54 ++++++++++++------- 3 files changed, 90 insertions(+), 36 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp index 0995c9fd6a99..91ef7e7ee069 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/back-compatible.tsp @@ -718,6 +718,24 @@ using Microsoft.SecurityInsights; "productTemplateAdditionalProperties" ); @@visibility(RelationList.nextLink, Lifecycle.Read); +@@visibility(AlertRulesList.nextLink, Lifecycle.Read); +@@visibility(ActionsList.nextLink, Lifecycle.Read); +@@visibility(AlertRuleTemplatesList.nextLink, Lifecycle.Read); +@@visibility(BookmarkList.nextLink, Lifecycle.Read); +@@visibility(PackageList.nextLink, Lifecycle.Read); +@@visibility(ProductPackageList.nextLink, Lifecycle.Read); +@@visibility(ProductTemplateList.nextLink, Lifecycle.Read); +@@visibility(TemplateList.nextLink, Lifecycle.Read); +@@visibility(DataConnectorList.nextLink, Lifecycle.Read); +@@visibility(IncidentList.nextLink, Lifecycle.Read); +@@visibility(IncidentCommentList.nextLink, Lifecycle.Read); +@@visibility(MetadataList.nextLink, Lifecycle.Read); +@@visibility(SecurityMLAnalyticsSettingsList.nextLink, Lifecycle.Read); +@@visibility(RepoList.nextLink, Lifecycle.Read); +@@visibility(SourceControlList.nextLink, Lifecycle.Read); +@@visibility(ThreatIntelligenceInformationList.nextLink, Lifecycle.Read); +@@visibility(WatchlistList.nextLink, Lifecycle.Read); +@@visibility(WatchlistItemList.nextLink, Lifecycle.Read); @@clientName( ThreatIntelligenceIndicatorOperationGroup.queryIndicators::parameters.body, "ThreatIntelligenceFilteringCriteria" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 926b3ecd1cf7..0789a75e60bc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -12071,7 +12071,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -12672,7 +12673,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -12693,7 +12695,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -14548,7 +14551,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -16479,7 +16483,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -20534,7 +20539,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -20707,7 +20713,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -22879,7 +22886,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -25669,7 +25677,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -27036,7 +27045,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -27383,7 +27393,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -28545,7 +28556,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -29385,7 +29397,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -29455,7 +29468,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -30675,7 +30689,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -30772,7 +30787,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -30949,7 +30965,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -31234,7 +31251,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index b1f7d4e08a66..af1c946bc07b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -6548,7 +6548,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -6853,7 +6854,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -6874,7 +6876,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -8318,7 +8321,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -9342,7 +9346,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -11005,7 +11010,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -11178,7 +11184,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -12521,7 +12528,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -13739,7 +13747,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -14915,7 +14924,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -15118,7 +15128,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -15820,7 +15831,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -16270,7 +16282,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -16340,7 +16353,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -17204,7 +17218,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -17301,7 +17316,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -17478,7 +17494,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ @@ -17763,7 +17780,8 @@ "nextLink": { "type": "string", "format": "uri", - "description": "The link to the next page of items" + "description": "The link to the next page of items", + "readOnly": true } }, "required": [ From 0bd9522dcbc3847cb3f306766c231d079fef3c93 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Mon, 22 Jun 2026 12:08:26 +0300 Subject: [PATCH 28/38] restore package base props to PackageBaseProperties --- .../SecurityInsights/models.tsp | 38 +++------ .../preview/2025-10-01-preview/openapi.json | 78 ++++++++++--------- .../stable/2025-09-01/openapi.json | 78 ++++++++++--------- 3 files changed, 89 insertions(+), 105 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 08fe398593d6..78f71bd0b2ef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -4516,14 +4516,19 @@ model PackageList is Azure.Core.Page; #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" model PackageProperties extends PackageBaseProperties { /** - * The content id of the package + * Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package */ - contentId: string; + contentProductId: string; +} +/** + * Describes package properties + */ +model PackageBaseProperties { /** - * Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package + * The content id of the package */ - contentProductId: string; + contentId: string; /** * The package kind @@ -4539,12 +4544,7 @@ model PackageProperties extends PackageBaseProperties { * The display name of the package */ displayName: string; -} -/** - * Describes package properties - */ -model PackageBaseProperties { /** * The version of the content schema. */ @@ -4764,26 +4764,6 @@ model ProductPackageList is Azure.Core.Page; model ProductPackageProperties { ...PackageBaseProperties; - /** - * The content id of the package - */ - contentId: string; - - /** - * The package kind - */ - contentKind: packageKind; - - /** - * the latest version number of the package - */ - version: string; - - /** - * The display name of the package - */ - displayName: string; - /** * Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package */ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 0789a75e60bc..a9b282cda41a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -30566,6 +30566,22 @@ "type": "object", "description": "Describes package properties", "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -30649,7 +30665,13 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" } - } + }, + "required": [ + "contentId", + "contentKind", + "version", + "displayName" + ] }, "packageKind": { "type": "string", @@ -30721,33 +30743,13 @@ "type": "object", "description": "Describes package properties", "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, "contentProductId": { "type": "string", "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" } }, "required": [ - "contentId", - "contentProductId", - "contentKind", - "version", - "displayName" + "contentProductId" ], "allOf": [ { @@ -30819,6 +30821,22 @@ "type": "object", "description": "Describes package properties", "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -30902,22 +30920,6 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" }, - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, "contentProductId": { "type": "string", "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index af1c946bc07b..e2403f4e3445 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -17095,6 +17095,22 @@ "type": "object", "description": "Describes package properties", "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -17178,7 +17194,13 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" } - } + }, + "required": [ + "contentId", + "contentKind", + "version", + "displayName" + ] }, "packageKind": { "type": "string", @@ -17250,33 +17272,13 @@ "type": "object", "description": "Describes package properties", "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, "contentProductId": { "type": "string", "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" } }, "required": [ - "contentId", - "contentProductId", - "contentKind", - "version", - "displayName" + "contentProductId" ], "allOf": [ { @@ -17348,6 +17350,22 @@ "type": "object", "description": "Describes package properties", "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -17431,22 +17449,6 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" }, - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, "contentProductId": { "type": "string", "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" From 2a1c198d86be15d1fd3a8b58751874aa94ca4108 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Mon, 22 Jun 2026 13:43:37 +0300 Subject: [PATCH 29/38] Revert "restore package base props to PackageBaseProperties" --- .../SecurityInsights/models.tsp | 38 ++++++--- .../preview/2025-10-01-preview/openapi.json | 78 +++++++++---------- .../stable/2025-09-01/openapi.json | 78 +++++++++---------- 3 files changed, 105 insertions(+), 89 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 78f71bd0b2ef..08fe398593d6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -4516,19 +4516,14 @@ model PackageList is Azure.Core.Page; #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" model PackageProperties extends PackageBaseProperties { /** - * Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package + * The content id of the package */ - contentProductId: string; -} + contentId: string; -/** - * Describes package properties - */ -model PackageBaseProperties { /** - * The content id of the package + * Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package */ - contentId: string; + contentProductId: string; /** * The package kind @@ -4544,7 +4539,12 @@ model PackageBaseProperties { * The display name of the package */ displayName: string; +} +/** + * Describes package properties + */ +model PackageBaseProperties { /** * The version of the content schema. */ @@ -4764,6 +4764,26 @@ model ProductPackageList is Azure.Core.Page; model ProductPackageProperties { ...PackageBaseProperties; + /** + * The content id of the package + */ + contentId: string; + + /** + * The package kind + */ + contentKind: packageKind; + + /** + * the latest version number of the package + */ + version: string; + + /** + * The display name of the package + */ + displayName: string; + /** * Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package */ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index a9b282cda41a..0789a75e60bc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -30566,22 +30566,6 @@ "type": "object", "description": "Describes package properties", "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -30665,13 +30649,7 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" } - }, - "required": [ - "contentId", - "contentKind", - "version", - "displayName" - ] + } }, "packageKind": { "type": "string", @@ -30743,13 +30721,33 @@ "type": "object", "description": "Describes package properties", "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, "contentProductId": { "type": "string", "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" } }, "required": [ - "contentProductId" + "contentId", + "contentProductId", + "contentKind", + "version", + "displayName" ], "allOf": [ { @@ -30821,22 +30819,6 @@ "type": "object", "description": "Describes package properties", "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -30920,6 +30902,22 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" }, + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, "contentProductId": { "type": "string", "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index e2403f4e3445..af1c946bc07b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -17095,22 +17095,6 @@ "type": "object", "description": "Describes package properties", "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -17194,13 +17178,7 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" } - }, - "required": [ - "contentId", - "contentKind", - "version", - "displayName" - ] + } }, "packageKind": { "type": "string", @@ -17272,13 +17250,33 @@ "type": "object", "description": "Describes package properties", "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, "contentProductId": { "type": "string", "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" } }, "required": [ - "contentProductId" + "contentId", + "contentProductId", + "contentKind", + "version", + "displayName" ], "allOf": [ { @@ -17350,22 +17348,6 @@ "type": "object", "description": "Describes package properties", "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -17449,6 +17431,22 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" }, + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, "contentProductId": { "type": "string", "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" From b03a0c527dc165e02952907e5caced173df31964 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Mon, 22 Jun 2026 14:27:11 +0300 Subject: [PATCH 30/38] rename metadataDependencies kind enum to metadataKind --- .../SecurityInsights/models.tsp | 2 + .../preview/2025-10-01-preview/openapi.json | 154 +++++++++--------- .../stable/2025-09-01/openapi.json | 154 +++++++++--------- 3 files changed, 156 insertions(+), 154 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 08fe398593d6..905ebc861a0f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -509,6 +509,8 @@ union supportTier { /** * The kind of content the metadata is for. */ +#suppress "@azure-tools/typespec-azure-core/friendly-name" "Used to keep the generated definition name (metadataKind) distinct from the property name while preserving the original x-ms-enum name 'kind'." +@friendlyName("metadataKind") union kind { string, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 0789a75e60bc..d8a11f7a13c7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -30044,7 +30044,81 @@ } } }, - "kind": { + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "type": "string", + "description": "Name of the author. Company or person." + }, + "email": { + "type": "string", + "description": "Email of author contact" + }, + "link": { + "type": "string", + "description": "Link for author/vendor page" + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "type": "array", + "description": "domain for the solution content item", + "items": { + "type": "string" + } + }, + "verticals": { + "type": "array", + "description": "Industry verticals for the solution content item", + "items": { + "type": "string" + } + } + } + }, + "metadataDependencies": { + "type": "object", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "properties": { + "contentId": { + "type": "string", + "description": "Id of the content item we depend on" + }, + "kind": { + "$ref": "#/definitions/metadataKind", + "description": "Type of the content item we depend on" + }, + "version": { + "type": "string", + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required." + }, + "name": { + "type": "string", + "description": "Name of the content item" + }, + "operator": { + "$ref": "#/definitions/MetadataDependencyOperator", + "description": "Operator used for list of dependencies in criteria array." + }, + "criteria": { + "type": "array", + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "items": { + "$ref": "#/definitions/metadataDependencies" + }, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, + "metadataKind": { "type": "string", "description": "The kind of content the metadata is for.", "enum": [ @@ -30188,80 +30262,6 @@ ] } }, - "metadataAuthor": { - "type": "object", - "description": "Publisher or creator of the content item.", - "properties": { - "name": { - "type": "string", - "description": "Name of the author. Company or person." - }, - "email": { - "type": "string", - "description": "Email of author contact" - }, - "link": { - "type": "string", - "description": "Link for author/vendor page" - } - } - }, - "metadataCategories": { - "type": "object", - "description": "ies for the solution content item", - "properties": { - "domains": { - "type": "array", - "description": "domain for the solution content item", - "items": { - "type": "string" - } - }, - "verticals": { - "type": "array", - "description": "Industry verticals for the solution content item", - "items": { - "type": "string" - } - } - } - }, - "metadataDependencies": { - "type": "object", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", - "properties": { - "contentId": { - "type": "string", - "description": "Id of the content item we depend on" - }, - "kind": { - "$ref": "#/definitions/kind", - "description": "Type of the content item we depend on" - }, - "version": { - "type": "string", - "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required." - }, - "name": { - "type": "string", - "description": "Name of the content item" - }, - "operator": { - "$ref": "#/definitions/MetadataDependencyOperator", - "description": "Operator used for list of dependencies in criteria array." - }, - "criteria": { - "type": "array", - "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", - "items": { - "$ref": "#/definitions/metadataDependencies" - }, - "x-ms-identifiers": [ - "contentId" - ] - } - } - }, "metadataPatch": { "type": "object", "description": "Metadata patch request body.", @@ -31107,7 +31107,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/metadataKind", "description": "The kind of content the template is for." }, "source": { @@ -31404,7 +31404,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/metadataKind", "description": "The kind of content the template is for." }, "source": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index af1c946bc07b..04723c9c5a98 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -16615,7 +16615,81 @@ ] } }, - "kind": { + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "type": "string", + "description": "Name of the author. Company or person." + }, + "email": { + "type": "string", + "description": "Email of author contact" + }, + "link": { + "type": "string", + "description": "Link for author/vendor page" + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "type": "array", + "description": "domain for the solution content item", + "items": { + "type": "string" + } + }, + "verticals": { + "type": "array", + "description": "Industry verticals for the solution content item", + "items": { + "type": "string" + } + } + } + }, + "metadataDependencies": { + "type": "object", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "properties": { + "contentId": { + "type": "string", + "description": "Id of the content item we depend on" + }, + "kind": { + "$ref": "#/definitions/metadataKind", + "description": "Type of the content item we depend on" + }, + "version": { + "type": "string", + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required." + }, + "name": { + "type": "string", + "description": "Name of the content item" + }, + "operator": { + "$ref": "#/definitions/MetadataDependencyOperator", + "description": "Operator used for list of dependencies in criteria array." + }, + "criteria": { + "type": "array", + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "items": { + "$ref": "#/definitions/metadataDependencies" + }, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, + "metadataKind": { "type": "string", "description": "The kind of content the metadata is for.", "enum": [ @@ -16753,80 +16827,6 @@ ] } }, - "metadataAuthor": { - "type": "object", - "description": "Publisher or creator of the content item.", - "properties": { - "name": { - "type": "string", - "description": "Name of the author. Company or person." - }, - "email": { - "type": "string", - "description": "Email of author contact" - }, - "link": { - "type": "string", - "description": "Link for author/vendor page" - } - } - }, - "metadataCategories": { - "type": "object", - "description": "ies for the solution content item", - "properties": { - "domains": { - "type": "array", - "description": "domain for the solution content item", - "items": { - "type": "string" - } - }, - "verticals": { - "type": "array", - "description": "Industry verticals for the solution content item", - "items": { - "type": "string" - } - } - } - }, - "metadataDependencies": { - "type": "object", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", - "properties": { - "contentId": { - "type": "string", - "description": "Id of the content item we depend on" - }, - "kind": { - "$ref": "#/definitions/kind", - "description": "Type of the content item we depend on" - }, - "version": { - "type": "string", - "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required." - }, - "name": { - "type": "string", - "description": "Name of the content item" - }, - "operator": { - "$ref": "#/definitions/MetadataDependencyOperator", - "description": "Operator used for list of dependencies in criteria array." - }, - "criteria": { - "type": "array", - "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", - "items": { - "$ref": "#/definitions/metadataDependencies" - }, - "x-ms-identifiers": [ - "contentId" - ] - } - } - }, "metadataPatch": { "type": "object", "description": "Metadata patch request body.", @@ -17636,7 +17636,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/metadataKind", "description": "The kind of content the template is for." }, "source": { @@ -17933,7 +17933,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/metadataKind", "description": "The kind of content the template is for." }, "source": { From 88dd614abc150cb117c4131848f83764cc530c75 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Mon, 22 Jun 2026 14:50:37 +0300 Subject: [PATCH 31/38] revert metadataKind rename --- .../SecurityInsights/models.tsp | 2 - .../preview/2025-10-01-preview/openapi.json | 154 +++++++++--------- .../stable/2025-09-01/openapi.json | 154 +++++++++--------- 3 files changed, 154 insertions(+), 156 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 905ebc861a0f..08fe398593d6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -509,8 +509,6 @@ union supportTier { /** * The kind of content the metadata is for. */ -#suppress "@azure-tools/typespec-azure-core/friendly-name" "Used to keep the generated definition name (metadataKind) distinct from the property name while preserving the original x-ms-enum name 'kind'." -@friendlyName("metadataKind") union kind { string, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index d8a11f7a13c7..0789a75e60bc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -30044,81 +30044,7 @@ } } }, - "metadataAuthor": { - "type": "object", - "description": "Publisher or creator of the content item.", - "properties": { - "name": { - "type": "string", - "description": "Name of the author. Company or person." - }, - "email": { - "type": "string", - "description": "Email of author contact" - }, - "link": { - "type": "string", - "description": "Link for author/vendor page" - } - } - }, - "metadataCategories": { - "type": "object", - "description": "ies for the solution content item", - "properties": { - "domains": { - "type": "array", - "description": "domain for the solution content item", - "items": { - "type": "string" - } - }, - "verticals": { - "type": "array", - "description": "Industry verticals for the solution content item", - "items": { - "type": "string" - } - } - } - }, - "metadataDependencies": { - "type": "object", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", - "properties": { - "contentId": { - "type": "string", - "description": "Id of the content item we depend on" - }, - "kind": { - "$ref": "#/definitions/metadataKind", - "description": "Type of the content item we depend on" - }, - "version": { - "type": "string", - "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required." - }, - "name": { - "type": "string", - "description": "Name of the content item" - }, - "operator": { - "$ref": "#/definitions/MetadataDependencyOperator", - "description": "Operator used for list of dependencies in criteria array." - }, - "criteria": { - "type": "array", - "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", - "items": { - "$ref": "#/definitions/metadataDependencies" - }, - "x-ms-identifiers": [ - "contentId" - ] - } - } - }, - "metadataKind": { + "kind": { "type": "string", "description": "The kind of content the metadata is for.", "enum": [ @@ -30262,6 +30188,80 @@ ] } }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "type": "string", + "description": "Name of the author. Company or person." + }, + "email": { + "type": "string", + "description": "Email of author contact" + }, + "link": { + "type": "string", + "description": "Link for author/vendor page" + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "type": "array", + "description": "domain for the solution content item", + "items": { + "type": "string" + } + }, + "verticals": { + "type": "array", + "description": "Industry verticals for the solution content item", + "items": { + "type": "string" + } + } + } + }, + "metadataDependencies": { + "type": "object", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "properties": { + "contentId": { + "type": "string", + "description": "Id of the content item we depend on" + }, + "kind": { + "$ref": "#/definitions/kind", + "description": "Type of the content item we depend on" + }, + "version": { + "type": "string", + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required." + }, + "name": { + "type": "string", + "description": "Name of the content item" + }, + "operator": { + "$ref": "#/definitions/MetadataDependencyOperator", + "description": "Operator used for list of dependencies in criteria array." + }, + "criteria": { + "type": "array", + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "items": { + "$ref": "#/definitions/metadataDependencies" + }, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, "metadataPatch": { "type": "object", "description": "Metadata patch request body.", @@ -31107,7 +31107,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/metadataKind", + "$ref": "#/definitions/kind", "description": "The kind of content the template is for." }, "source": { @@ -31404,7 +31404,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/metadataKind", + "$ref": "#/definitions/kind", "description": "The kind of content the template is for." }, "source": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index 04723c9c5a98..af1c946bc07b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -16615,81 +16615,7 @@ ] } }, - "metadataAuthor": { - "type": "object", - "description": "Publisher or creator of the content item.", - "properties": { - "name": { - "type": "string", - "description": "Name of the author. Company or person." - }, - "email": { - "type": "string", - "description": "Email of author contact" - }, - "link": { - "type": "string", - "description": "Link for author/vendor page" - } - } - }, - "metadataCategories": { - "type": "object", - "description": "ies for the solution content item", - "properties": { - "domains": { - "type": "array", - "description": "domain for the solution content item", - "items": { - "type": "string" - } - }, - "verticals": { - "type": "array", - "description": "Industry verticals for the solution content item", - "items": { - "type": "string" - } - } - } - }, - "metadataDependencies": { - "type": "object", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", - "properties": { - "contentId": { - "type": "string", - "description": "Id of the content item we depend on" - }, - "kind": { - "$ref": "#/definitions/metadataKind", - "description": "Type of the content item we depend on" - }, - "version": { - "type": "string", - "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required." - }, - "name": { - "type": "string", - "description": "Name of the content item" - }, - "operator": { - "$ref": "#/definitions/MetadataDependencyOperator", - "description": "Operator used for list of dependencies in criteria array." - }, - "criteria": { - "type": "array", - "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", - "items": { - "$ref": "#/definitions/metadataDependencies" - }, - "x-ms-identifiers": [ - "contentId" - ] - } - } - }, - "metadataKind": { + "kind": { "type": "string", "description": "The kind of content the metadata is for.", "enum": [ @@ -16827,6 +16753,80 @@ ] } }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "type": "string", + "description": "Name of the author. Company or person." + }, + "email": { + "type": "string", + "description": "Email of author contact" + }, + "link": { + "type": "string", + "description": "Link for author/vendor page" + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "type": "array", + "description": "domain for the solution content item", + "items": { + "type": "string" + } + }, + "verticals": { + "type": "array", + "description": "Industry verticals for the solution content item", + "items": { + "type": "string" + } + } + } + }, + "metadataDependencies": { + "type": "object", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "properties": { + "contentId": { + "type": "string", + "description": "Id of the content item we depend on" + }, + "kind": { + "$ref": "#/definitions/kind", + "description": "Type of the content item we depend on" + }, + "version": { + "type": "string", + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required." + }, + "name": { + "type": "string", + "description": "Name of the content item" + }, + "operator": { + "$ref": "#/definitions/MetadataDependencyOperator", + "description": "Operator used for list of dependencies in criteria array." + }, + "criteria": { + "type": "array", + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "items": { + "$ref": "#/definitions/metadataDependencies" + }, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, "metadataPatch": { "type": "object", "description": "Metadata patch request body.", @@ -17636,7 +17636,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/metadataKind", + "$ref": "#/definitions/kind", "description": "The kind of content the template is for." }, "source": { @@ -17933,7 +17933,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/metadataKind", + "$ref": "#/definitions/kind", "description": "The kind of content the template is for." }, "source": { From 436da141f76d899a2fffc1f7fe5136bc1a69aaa4 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Sun, 28 Jun 2026 20:20:52 +0300 Subject: [PATCH 32/38] revert required status changes for Package/Template --- .../SecurityInsights/models.tsp | 135 +++------ .../preview/2025-10-01-preview/openapi.json | 278 +++++++++--------- .../stable/2025-09-01/openapi.json | 278 +++++++++--------- 3 files changed, 313 insertions(+), 378 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 08fe398593d6..a4e1f2a23043 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -4514,37 +4514,27 @@ model PackageList is Azure.Core.Page; #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" #suppress "@azure-tools/typespec-azure-resource-manager/no-empty-model" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -model PackageProperties extends PackageBaseProperties { +model PackageProperties extends PackageBaseProperties {} + +/** + * Describes package properties + */ +model PackageBaseProperties { /** * The content id of the package */ - contentId: string; + contentId?: string; /** * Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package */ - contentProductId: string; + contentProductId?: string; /** * The package kind */ - contentKind: packageKind; - - /** - * the latest version number of the package - */ - version: string; - - /** - * The display name of the package - */ - displayName: string; -} + contentKind?: packageKind; -/** - * Describes package properties - */ -model PackageBaseProperties { /** * The version of the content schema. */ @@ -4570,6 +4560,16 @@ model PackageBaseProperties { */ isDeprecated?: Flag; + /** + * the latest version number of the package + */ + version?: string; + + /** + * The display name of the package + */ + displayName?: string; + /** * The description of the package */ @@ -4763,32 +4763,6 @@ model ProductPackageList is Azure.Core.Page; #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" model ProductPackageProperties { ...PackageBaseProperties; - - /** - * The content id of the package - */ - contentId: string; - - /** - * The package kind - */ - contentKind: packageKind; - - /** - * the latest version number of the package - */ - version: string; - - /** - * The display name of the package - */ - displayName: string; - - /** - * Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package - */ - contentProductId?: string; - ...ProductPackageAdditionalProperties; } @@ -4825,11 +4799,16 @@ model ProductTemplateList is Azure.Core.Page; model ProductTemplateProperties { ...TemplateBaseProperties; ...ProductTemplateAdditionalProperties; +} - /** +/** + * Template property bag. + */ +model TemplateBaseProperties { + /** * Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name */ - contentId: string; + contentId?: string; /** * Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template @@ -4844,33 +4823,23 @@ model ProductTemplateProperties { /** * Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks */ - version: string; + version?: string; /** * The display name of the template */ - displayName: string; + displayName?: string; /** * The kind of content the template is for. */ - contentKind: kind; + contentKind?: kind; /** * Source of the content. This is where/how it was created. */ - source: MetadataSource; - - /** - * the package Id contains this template - */ - packageId?: string; -} + source?: MetadataSource; -/** - * Template property bag. - */ -model TemplateBaseProperties { /** * The creator of the content item. */ @@ -4941,6 +4910,11 @@ model TemplateBaseProperties { */ previewImagesDark?: string[]; + /** + * the package Id contains this template + */ + packageId?: string; + /** * the packageKind of the package contains this template */ @@ -4981,45 +4955,6 @@ model TemplateList is Azure.Core.Page; model TemplateProperties { ...TemplateBaseProperties; ...TemplateAdditionalProperties; - /** - * Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name - */ - contentId: string; - - /** - * Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template - */ - contentProductId: string; - - /** - * Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks - */ - packageVersion: string; - - /** - * Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks - */ - version: string; - - /** - * The display name of the template - */ - displayName: string; - - /** - * The kind of content the template is for. - */ - contentKind: kind; - - /** - * Source of the content. This is where/how it was created. - */ - source: MetadataSource; - - /** - * the package Id contains this template - */ - packageId: string; } /** diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 0789a75e60bc..6ee8bf779f2e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -27944,6 +27944,34 @@ "type": "object", "description": "Template property bag.", "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -28017,6 +28045,10 @@ "type": "string" } }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, "packageKind": { "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" @@ -30566,6 +30598,18 @@ "type": "object", "description": "Describes package properties", "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -30586,6 +30630,14 @@ "$ref": "#/definitions/Flag", "description": "Flag indicates if this template is deprecated" }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, "description": { "type": "string", "description": "The description of the package" @@ -30720,35 +30772,6 @@ "packageProperties": { "type": "object", "description": "Describes package properties", - "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - } - }, - "required": [ - "contentId", - "contentProductId", - "contentKind", - "version", - "displayName" - ], "allOf": [ { "$ref": "#/definitions/packageBaseProperties" @@ -30819,6 +30842,18 @@ "type": "object", "description": "Describes package properties", "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -30839,6 +30874,14 @@ "$ref": "#/definitions/Flag", "description": "Flag indicates if this template is deprecated" }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, "description": { "type": "string", "description": "The description of the package" @@ -30902,26 +30945,6 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" }, - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, "installedVersion": { "type": "string", "description": "The version of the installed package, null or absent means not installed." @@ -30934,13 +30957,7 @@ "packagedContent": { "description": "The json of the ARM template to deploy. Expandable." } - }, - "required": [ - "contentId", - "contentKind", - "version", - "displayName" - ] + } }, "productTemplateAdditionalProperties": { "type": "object", @@ -30997,6 +31014,34 @@ "type": "object", "description": "Template property bag.", "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -31070,6 +31115,10 @@ "type": "string" } }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, "packageKind": { "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" @@ -31085,47 +31134,8 @@ }, "packagedContent": { "description": "The json of the ARM template to deploy" - }, - "contentId": { - "type": "string", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "type": "string", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "type": "string", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "type": "string", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/kind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, - "packageId": { - "type": "string", - "description": "the package Id contains this template" } - }, - "required": [ - "contentId", - "version", - "displayName", - "contentKind", - "source" - ] + } }, "sourceKind": { "type": "string", @@ -31283,6 +31293,34 @@ "type": "object", "description": "Template property bag.", "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -31356,6 +31394,10 @@ "type": "string" } }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, "packageKind": { "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" @@ -31382,50 +31424,8 @@ "x-ms-identifiers": [ "contentId" ] - }, - "contentId": { - "type": "string", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "type": "string", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "type": "string", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "type": "string", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/kind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, - "packageId": { - "type": "string", - "description": "the package Id contains this template" } - }, - "required": [ - "contentId", - "contentProductId", - "packageVersion", - "version", - "displayName", - "contentKind", - "source", - "packageId" - ] + } }, "threatIntelligence": { "type": "object", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index af1c946bc07b..aa3bfd4484ae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -15359,6 +15359,34 @@ "type": "object", "description": "Template property bag.", "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -15432,6 +15460,10 @@ "type": "string" } }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, "packageKind": { "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" @@ -17095,6 +17127,18 @@ "type": "object", "description": "Describes package properties", "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -17115,6 +17159,14 @@ "$ref": "#/definitions/Flag", "description": "Flag indicates if this template is deprecated" }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, "description": { "type": "string", "description": "The description of the package" @@ -17249,35 +17301,6 @@ "packageProperties": { "type": "object", "description": "Describes package properties", - "properties": { - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - } - }, - "required": [ - "contentId", - "contentProductId", - "contentKind", - "version", - "displayName" - ], "allOf": [ { "$ref": "#/definitions/packageBaseProperties" @@ -17348,6 +17371,18 @@ "type": "object", "description": "Describes package properties", "properties": { + "contentId": { + "type": "string", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/packageKind", + "description": "The package kind" + }, "contentSchemaVersion": { "type": "string", "description": "The version of the content schema." @@ -17368,6 +17403,14 @@ "$ref": "#/definitions/Flag", "description": "Flag indicates if this template is deprecated" }, + "version": { + "type": "string", + "description": "the latest version number of the package" + }, + "displayName": { + "type": "string", + "description": "The display name of the package" + }, "description": { "type": "string", "description": "The description of the package" @@ -17431,26 +17474,6 @@ "type": "string", "description": "the icon identifier. this id can later be fetched from the content metadata" }, - "contentId": { - "type": "string", - "description": "The content id of the package" - }, - "contentKind": { - "$ref": "#/definitions/packageKind", - "description": "The package kind" - }, - "version": { - "type": "string", - "description": "the latest version number of the package" - }, - "displayName": { - "type": "string", - "description": "The display name of the package" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" - }, "installedVersion": { "type": "string", "description": "The version of the installed package, null or absent means not installed." @@ -17463,13 +17486,7 @@ "packagedContent": { "description": "The json of the ARM template to deploy. Expandable." } - }, - "required": [ - "contentId", - "contentKind", - "version", - "displayName" - ] + } }, "productTemplateAdditionalProperties": { "type": "object", @@ -17526,6 +17543,34 @@ "type": "object", "description": "Template property bag.", "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -17599,6 +17644,10 @@ "type": "string" } }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, "packageKind": { "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" @@ -17614,47 +17663,8 @@ }, "packagedContent": { "description": "The json of the ARM template to deploy" - }, - "contentId": { - "type": "string", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "type": "string", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "type": "string", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "type": "string", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/kind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, - "packageId": { - "type": "string", - "description": "the package Id contains this template" } - }, - "required": [ - "contentId", - "version", - "displayName", - "contentKind", - "source" - ] + } }, "sourceKind": { "type": "string", @@ -17812,6 +17822,34 @@ "type": "object", "description": "Template property bag.", "properties": { + "contentId": { + "type": "string", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "type": "string", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "type": "string", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "type": "string", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/kind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, "author": { "$ref": "#/definitions/metadataAuthor", "description": "The creator of the content item." @@ -17885,6 +17923,10 @@ "type": "string" } }, + "packageId": { + "type": "string", + "description": "the package Id contains this template" + }, "packageKind": { "$ref": "#/definitions/packageKind", "description": "the packageKind of the package contains this template" @@ -17911,50 +17953,8 @@ "x-ms-identifiers": [ "contentId" ] - }, - "contentId": { - "type": "string", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "contentProductId": { - "type": "string", - "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" - }, - "packageVersion": { - "type": "string", - "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "version": { - "type": "string", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "type": "string", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "#/definitions/kind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, - "packageId": { - "type": "string", - "description": "the package Id contains this template" } - }, - "required": [ - "contentId", - "contentProductId", - "packageVersion", - "version", - "displayName", - "contentKind", - "source", - "packageId" - ] + } }, "threatIntelligence": { "type": "object", From f982b7d5d949ebb7043603f8eb27bf22e3f8b1a9 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Mon, 29 Jun 2026 15:04:47 +0300 Subject: [PATCH 33/38] fix typeSpec validation --- .../SecurityInsights/models.tsp | 72 ++++++++++++++----- 1 file changed, 56 insertions(+), 16 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index a4e1f2a23043..cfae8acbd3f7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -440,7 +440,7 @@ union packageKind { values: #[ #{ name: "true", value: "true", description: "true" }, #{ name: "false", value: "false", description: "false" } - ] + ], } ) union Flag { @@ -636,7 +636,7 @@ union kind { values: #[ #{ name: "AND", value: "AND", description: "AND" }, #{ name: "OR", value: "OR", description: "OR" } - ] + ], } ) union MetadataDependencyOperator { @@ -1688,7 +1688,7 @@ union IncidentTaskStatus { values: #[ #{ name: "Open", value: "Open", description: "Open" }, #{ name: "Closed", value: "Closed", description: "Closed" } - ] + ], } ) union PullRequestState { @@ -2098,14 +2098,42 @@ union TIObjectKind { name: "ProvisioningState", modelAsString: true, values: #[ - #{ name: "New", value: "New", description: "The New provisioning state." }, - #{ name: "InProgress", value: "InProgress", description: "The InProgress provisioning state." }, - #{ name: "Uploading", value: "Uploading", description: "The Uploading provisioning state." }, - #{ name: "Deleting", value: "Deleting", description: "The Deleting provisioning state." }, - #{ name: "Succeeded", value: "Succeeded", description: "The Succeeded provisioning state." }, - #{ name: "Failed", value: "Failed", description: "The Failed provisioning state." }, - #{ name: "Canceled", value: "Canceled", description: "The Canceled provisioning state." } - ] + #{ + name: "New", + value: "New", + description: "The New provisioning state.", + }, + #{ + name: "InProgress", + value: "InProgress", + description: "The InProgress provisioning state.", + }, + #{ + name: "Uploading", + value: "Uploading", + description: "The Uploading provisioning state.", + }, + #{ + name: "Deleting", + value: "Deleting", + description: "The Deleting provisioning state.", + }, + #{ + name: "Succeeded", + value: "Succeeded", + description: "The Succeeded provisioning state.", + }, + #{ + name: "Failed", + value: "Failed", + description: "The Failed provisioning state.", + }, + #{ + name: "Canceled", + value: "Canceled", + description: "The Canceled provisioning state.", + } + ], } ) union WatchlistProvisioningState { @@ -2150,19 +2178,31 @@ union WatchlistProvisioningState { /** * The provisioning state of the workspace manager job */ -@added(Versions.v2025_10_01_preview) #suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released preview x-ms-enum name for backward compatibility" +@added(Versions.v2025_10_01_preview) @OpenAPI.extension( "x-ms-enum", #{ name: "provisioningState", modelAsString: true, values: #[ - #{ name: "Succeeded", value: "Succeeded", description: "The job succeeded" }, - #{ name: "Canceled", value: "Canceled", description: "The job was canceled" }, - #{ name: "InProgress", value: "InProgress", description: "The job is in progress" }, + #{ + name: "Succeeded", + value: "Succeeded", + description: "The job succeeded", + }, + #{ + name: "Canceled", + value: "Canceled", + description: "The job was canceled", + }, + #{ + name: "InProgress", + value: "InProgress", + description: "The job is in progress", + }, #{ name: "Failed", value: "Failed", description: "The job failed" } - ] + ], } ) union JobProvisioningState { From 6ea8faee30ee79245210bc09eace549a6975cf18 Mon Sep 17 00:00:00 2001 From: AdiMegid Date: Mon, 29 Jun 2026 15:57:31 +0300 Subject: [PATCH 34/38] fix Java SDK build: remove ScheduledAlertRuleProperties required redeclarations --- .../SecurityInsights/models.tsp | 30 ----------------- .../preview/2025-10-01-preview/openapi.json | 33 ------------------- .../stable/2025-09-01/openapi.json | 33 ------------------- 3 files changed, 96 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index cfae8acbd3f7..8af54a4cb5b5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -9798,36 +9798,6 @@ model MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties */ #suppress "@azure-tools/typespec-azure-core/composition-over-inheritance" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" model ScheduledAlertRuleProperties extends ScheduledAlertRuleCommonProperties { - /** - * The query that creates alerts for this rule. - */ - query: string; - - /** - * The frequency (in ISO 8601 duration format) for this alert rule to run. - */ - queryFrequency: duration; - - /** - * The period (in ISO 8601 duration format) that this alert rule looks at. - */ - queryPeriod: duration; - - /** - * The severity for alerts created by this alert rule. - */ - severity: AlertSeverity; - - /** - * The operation against the threshold that triggers alert rule. - */ - triggerOperator: TriggerOperator; - - /** - * The threshold triggers this alert rule. - */ - triggerThreshold: int32; - /** * The Name of the alert rule template used to create this rule. */ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 6ee8bf779f2e..706a85b79865 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -26427,33 +26427,6 @@ "type": "object", "description": "Scheduled alert rule base property bag.", "properties": { - "query": { - "type": "string", - "description": "The query that creates alerts for this rule." - }, - "queryFrequency": { - "type": "string", - "format": "duration", - "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." - }, - "queryPeriod": { - "type": "string", - "format": "duration", - "description": "The period (in ISO 8601 duration format) that this alert rule looks at." - }, - "severity": { - "$ref": "#/definitions/AlertSeverity", - "description": "The severity for alerts created by this alert rule." - }, - "triggerOperator": { - "$ref": "#/definitions/TriggerOperator", - "description": "The operation against the threshold that triggers alert rule." - }, - "triggerThreshold": { - "type": "integer", - "format": "int32", - "description": "The threshold triggers this alert rule." - }, "alertRuleTemplateName": { "type": "string", "description": "The Name of the alert rule template used to create this rule." @@ -26516,12 +26489,6 @@ } }, "required": [ - "query", - "queryFrequency", - "queryPeriod", - "severity", - "triggerOperator", - "triggerThreshold", "displayName", "enabled", "suppressionDuration", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index aa3bfd4484ae..6e125d44518a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -14399,33 +14399,6 @@ "type": "object", "description": "Scheduled alert rule base property bag.", "properties": { - "query": { - "type": "string", - "description": "The query that creates alerts for this rule." - }, - "queryFrequency": { - "type": "string", - "format": "duration", - "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." - }, - "queryPeriod": { - "type": "string", - "format": "duration", - "description": "The period (in ISO 8601 duration format) that this alert rule looks at." - }, - "severity": { - "$ref": "#/definitions/AlertSeverity", - "description": "The severity for alerts created by this alert rule." - }, - "triggerOperator": { - "$ref": "#/definitions/TriggerOperator", - "description": "The operation against the threshold that triggers alert rule." - }, - "triggerThreshold": { - "type": "integer", - "format": "int32", - "description": "The threshold triggers this alert rule." - }, "alertRuleTemplateName": { "type": "string", "description": "The Name of the alert rule template used to create this rule." @@ -14481,12 +14454,6 @@ } }, "required": [ - "query", - "queryFrequency", - "queryPeriod", - "severity", - "triggerOperator", - "triggerThreshold", "displayName", "enabled", "suppressionDuration", From dd8c91efa3f2ed42ba01ad48e3c797fc73abb3c0 Mon Sep 17 00:00:00 2001 From: Guy Wilf Shukrun Date: Mon, 6 Jul 2026 09:10:47 +0300 Subject: [PATCH 35/38] Remove redundant supressions --- .../SecurityInsights/models.tsp | 107 ------------------ .../preview/2025-10-01-preview/openapi.json | 40 +++---- .../stable/2025-09-01/openapi.json | 58 ++++++++-- 3 files changed, 67 insertions(+), 138 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 8af54a4cb5b5..8b1f7241c44b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -432,17 +432,6 @@ union packageKind { * The boolean value the metadata is for. */ #suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released stable 2025-09-01 x-ms-enum name for backward compatibility" -@OpenAPI.extension( - "x-ms-enum", - #{ - name: "flag", - modelAsString: true, - values: #[ - #{ name: "true", value: "true", description: "true" }, - #{ name: "false", value: "false", description: "false" } - ], - } -) union Flag { string, @@ -627,18 +616,6 @@ union kind { /** * Operator used for list of dependencies in criteria array. */ -#suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released stable 2025-09-01 x-ms-enum name for backward compatibility" -@OpenAPI.extension( - "x-ms-enum", - #{ - name: "operator", - modelAsString: true, - values: #[ - #{ name: "AND", value: "AND", description: "AND" }, - #{ name: "OR", value: "OR", description: "OR" } - ], - } -) union MetadataDependencyOperator { string, @@ -1679,18 +1656,6 @@ union IncidentTaskStatus { /** * Status of the pull request. */ -#suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released stable 2025-09-01 x-ms-enum name for backward compatibility" -@OpenAPI.extension( - "x-ms-enum", - #{ - name: "state", - modelAsString: true, - values: #[ - #{ name: "Open", value: "Open", description: "Open" }, - #{ name: "Closed", value: "Closed", description: "Closed" } - ], - } -) union PullRequestState { string, @@ -2091,51 +2056,6 @@ union TIObjectKind { /** * The provisioning state of the watchlist */ -#suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released stable 2025-09-01 x-ms-enum name for backward compatibility" -@OpenAPI.extension( - "x-ms-enum", - #{ - name: "ProvisioningState", - modelAsString: true, - values: #[ - #{ - name: "New", - value: "New", - description: "The New provisioning state.", - }, - #{ - name: "InProgress", - value: "InProgress", - description: "The InProgress provisioning state.", - }, - #{ - name: "Uploading", - value: "Uploading", - description: "The Uploading provisioning state.", - }, - #{ - name: "Deleting", - value: "Deleting", - description: "The Deleting provisioning state.", - }, - #{ - name: "Succeeded", - value: "Succeeded", - description: "The Succeeded provisioning state.", - }, - #{ - name: "Failed", - value: "Failed", - description: "The Failed provisioning state.", - }, - #{ - name: "Canceled", - value: "Canceled", - description: "The Canceled provisioning state.", - } - ], - } -) union WatchlistProvisioningState { string, @@ -2178,33 +2098,6 @@ union WatchlistProvisioningState { /** * The provisioning state of the workspace manager job */ -#suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released preview x-ms-enum name for backward compatibility" -@added(Versions.v2025_10_01_preview) -@OpenAPI.extension( - "x-ms-enum", - #{ - name: "provisioningState", - modelAsString: true, - values: #[ - #{ - name: "Succeeded", - value: "Succeeded", - description: "The job succeeded", - }, - #{ - name: "Canceled", - value: "Canceled", - description: "The job was canceled", - }, - #{ - name: "InProgress", - value: "InProgress", - description: "The job is in progress", - }, - #{ name: "Failed", value: "Failed", description: "The job failed" } - ], - } -) union JobProvisioningState { string, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 706a85b79865..9dcff13fdf04 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -19033,7 +19033,7 @@ "false" ], "x-ms-enum": { - "name": "flag", + "name": "Flag", "modelAsString": true, "values": [ { @@ -21804,28 +21804,28 @@ "Failed" ], "x-ms-enum": { - "name": "provisioningState", + "name": "JobProvisioningState", "modelAsString": true, "values": [ { "name": "Succeeded", "value": "Succeeded", - "description": "The job succeeded" - }, - { - "name": "Canceled", - "value": "Canceled", - "description": "The job was canceled" + "description": "Succeeded" }, { "name": "InProgress", "value": "InProgress", - "description": "The job is in progress" + "description": "InProgress" + }, + { + "name": "Canceled", + "value": "Canceled", + "description": "Canceled" }, { "name": "Failed", "value": "Failed", - "description": "The job failed" + "description": "Failed" } ] } @@ -22856,7 +22856,7 @@ "OR" ], "x-ms-enum": { - "name": "operator", + "name": "MetadataDependencyOperator", "modelAsString": true, "values": [ { @@ -24921,7 +24921,7 @@ "Closed" ], "x-ms-enum": { - "name": "state", + "name": "PullRequestState", "modelAsString": true, "values": [ { @@ -29595,43 +29595,43 @@ "Canceled" ], "x-ms-enum": { - "name": "ProvisioningState", + "name": "WatchlistProvisioningState", "modelAsString": true, "values": [ { "name": "New", "value": "New", - "description": "The New provisioning state." + "description": "New" }, { "name": "InProgress", "value": "InProgress", - "description": "The InProgress provisioning state." + "description": "InProgress" }, { "name": "Uploading", "value": "Uploading", - "description": "The Uploading provisioning state." + "description": "Uploading" }, { "name": "Deleting", "value": "Deleting", - "description": "The Deleting provisioning state." + "description": "Deleting" }, { "name": "Succeeded", "value": "Succeeded", - "description": "The Succeeded provisioning state." + "description": "Succeeded" }, { "name": "Failed", "value": "Failed", - "description": "The Failed provisioning state." + "description": "Failed" }, { "name": "Canceled", "value": "Canceled", - "description": "The Canceled provisioning state." + "description": "Canceled" } ] } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index 6e125d44518a..57e4650262a1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -10287,7 +10287,7 @@ "false" ], "x-ms-enum": { - "name": "flag", + "name": "Flag", "modelAsString": true, "values": [ { @@ -11762,6 +11762,42 @@ } ] }, + "JobProvisioningState": { + "type": "string", + "description": "The provisioning state of the workspace manager job", + "enum": [ + "Succeeded", + "InProgress", + "Canceled", + "Failed" + ], + "x-ms-enum": { + "name": "JobProvisioningState", + "modelAsString": true, + "values": [ + { + "name": "Succeeded", + "value": "Succeeded", + "description": "Succeeded" + }, + { + "name": "InProgress", + "value": "InProgress", + "description": "InProgress" + }, + { + "name": "Canceled", + "value": "Canceled", + "description": "Canceled" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + } + ] + } + }, "JwtAuthModel": { "type": "object", "description": "Model for API authentication with JWT. Simple exchange between user name + password to access token.", @@ -12498,7 +12534,7 @@ "OR" ], "x-ms-enum": { - "name": "operator", + "name": "MetadataDependencyOperator", "modelAsString": true, "values": [ { @@ -13403,7 +13439,7 @@ "Closed" ], "x-ms-enum": { - "name": "state", + "name": "PullRequestState", "modelAsString": true, "values": [ { @@ -16480,43 +16516,43 @@ "Canceled" ], "x-ms-enum": { - "name": "ProvisioningState", + "name": "WatchlistProvisioningState", "modelAsString": true, "values": [ { "name": "New", "value": "New", - "description": "The New provisioning state." + "description": "New" }, { "name": "InProgress", "value": "InProgress", - "description": "The InProgress provisioning state." + "description": "InProgress" }, { "name": "Uploading", "value": "Uploading", - "description": "The Uploading provisioning state." + "description": "Uploading" }, { "name": "Deleting", "value": "Deleting", - "description": "The Deleting provisioning state." + "description": "Deleting" }, { "name": "Succeeded", "value": "Succeeded", - "description": "The Succeeded provisioning state." + "description": "Succeeded" }, { "name": "Failed", "value": "Failed", - "description": "The Failed provisioning state." + "description": "Failed" }, { "name": "Canceled", "value": "Canceled", - "description": "The Canceled provisioning state." + "description": "Canceled" } ] } From 527a9cb980b7ad7adfd250f0d98a78a7a32dbc0f Mon Sep 17 00:00:00 2001 From: Guy Wilf Shukrun Date: Mon, 6 Jul 2026 09:12:34 +0300 Subject: [PATCH 36/38] remove supress --- .../Microsoft.SecurityInsights/SecurityInsights/models.tsp | 1 - 1 file changed, 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 8b1f7241c44b..bddd3f98c6c9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -431,7 +431,6 @@ union packageKind { /** * The boolean value the metadata is for. */ -#suppress "@azure-tools/typespec-azure-core/no-openapi" "Preserve released stable 2025-09-01 x-ms-enum name for backward compatibility" union Flag { string, From a09c389fa14855775ba552a681c151a3f328e88c Mon Sep 17 00:00:00 2001 From: Guy Wilf Shukrun Date: Mon, 6 Jul 2026 11:12:33 +0300 Subject: [PATCH 37/38] revert camelcase to pascalcase --- .../SecurityInsights/models.tsp | 22 +- .../preview/2025-10-01-preview/openapi.json | 321 +++++++++--------- .../stable/2025-09-01/openapi.json | 318 ++++++++--------- 3 files changed, 330 insertions(+), 331 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index bddd3f98c6c9..3b00c2d158bf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -414,7 +414,7 @@ union EntityKindEnum { /** * The package kind */ -union packageKind { +union PackageKind { string, /** @@ -448,7 +448,7 @@ union Flag { /** * Source type of the content */ -union sourceKind { +union SourceKind { string, /** @@ -475,7 +475,7 @@ union sourceKind { /** * Type of support for content item */ -union supportTier { +union SupportTier { string, /** @@ -2157,7 +2157,7 @@ union ProvisioningState { /** * The sourceType of the watchlist */ -union sourceType { +union SourceType { string, /** @@ -3063,7 +3063,7 @@ union CcpAuthType { /** * The HTTP method, default value GET. */ -union httpMethodVerb { +union HttpMethodVerb { string, /** @@ -4465,7 +4465,7 @@ model PackageBaseProperties { /** * The package kind */ - contentKind?: packageKind; + contentKind?: PackageKind; /** * The version of the content schema. @@ -4575,7 +4575,7 @@ model MetadataSource { /** * Source type of the content */ - kind: sourceKind; + kind: SourceKind; /** * Name of the content source. The repo name, solution name, LA workspace name etc. @@ -4615,7 +4615,7 @@ model MetadataSupport { /** * Type of support for content item */ - tier: supportTier; + tier: SupportTier; /** * Name of the support contact. Company or person. @@ -4850,7 +4850,7 @@ model TemplateBaseProperties { /** * the packageKind of the package contains this template */ - packageKind?: packageKind; + packageKind?: PackageKind; /** * the name of the package contains this template @@ -8427,7 +8427,7 @@ model WatchlistProperties { /** * The sourceType of the watchlist */ - sourceType?: sourceType; + sourceType?: SourceType; /** * The time the watchlist was created @@ -11728,7 +11728,7 @@ model RestApiPollerRequestConfig { /** * The HTTP method, default value GET. */ - httpMethod?: httpMethodVerb; + httpMethod?: HttpMethodVerb; /** * The query time format. A remote server can have a query to pull data from range 'start' to 'end'. This property indicate what is the expected time format the remote server know to parse. diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 9dcff13fdf04..47ba20c5937a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -919,8 +919,7 @@ } }, "x-ms-long-running-operation-options": { - "final-state-via": "location", - "final-state-schema": "#/definitions/AlertRule" + "final-state-via": "location" }, "x-ms-long-running-operation": true } @@ -19865,6 +19864,42 @@ } ] }, + "HttpMethodVerb": { + "type": "string", + "description": "The HTTP method, default value GET.", + "enum": [ + "GET", + "POST", + "PUT", + "DELETE" + ], + "x-ms-enum": { + "name": "HttpMethodVerb", + "modelAsString": true, + "values": [ + { + "name": "GET", + "value": "GET", + "description": "GET" + }, + { + "name": "POST", + "value": "POST", + "description": "POST" + }, + { + "name": "PUT", + "value": "PUT", + "description": "PUT" + }, + { + "name": "DELETE", + "value": "DELETE", + "description": "DELETE" + } + ] + } + }, "Hunt": { "type": "object", "description": "Represents a Hunt in Azure Security Insights.", @@ -24452,6 +24487,30 @@ ] } }, + "PackageKind": { + "type": "string", + "description": "The package kind", + "enum": [ + "Solution", + "Standalone" + ], + "x-ms-enum": { + "name": "PackageKind", + "modelAsString": true, + "values": [ + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + } + ] + } + }, "PermissionProviderScope": { "type": "string", "description": "Permission provider scope", @@ -26026,7 +26085,7 @@ "x-nullable": true }, "httpMethod": { - "$ref": "#/definitions/httpMethodVerb", + "$ref": "#/definitions/HttpMethodVerb", "description": "The HTTP method, default value GET." }, "queryTimeFormat": { @@ -27444,6 +27503,66 @@ "repository" ] }, + "SourceKind": { + "type": "string", + "description": "Source type of the content", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "name": "SourceKind", + "modelAsString": true, + "values": [ + { + "name": "LocalWorkspace", + "value": "LocalWorkspace", + "description": "LocalWorkspace" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "SourceRepository", + "value": "SourceRepository", + "description": "SourceRepository" + } + ] + } + }, + "SourceType": { + "type": "string", + "description": "The sourceType of the watchlist", + "enum": [ + "Local", + "AzureStorage" + ], + "x-ms-enum": { + "name": "SourceType", + "modelAsString": true, + "values": [ + { + "name": "Local", + "value": "Local", + "description": "The source from local file." + }, + { + "name": "AzureStorage", + "value": "AzureStorage", + "description": "The source from Azure storage." + } + ] + } + }, "State": { "type": "string", "description": "State of recommendation.", @@ -27626,6 +27745,36 @@ } ] }, + "SupportTier": { + "type": "string", + "description": "Type of support for content item", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "name": "SupportTier", + "modelAsString": true, + "values": [ + { + "name": "Microsoft", + "value": "Microsoft", + "description": "Microsoft" + }, + { + "name": "Partner", + "value": "Partner", + "description": "Partner" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + } + ] + } + }, "TICheckRequirements": { "type": "object", "description": "Threat Intelligence Platforms data connector check requirements", @@ -28017,7 +28166,7 @@ "description": "the package Id contains this template" }, "packageKind": { - "$ref": "#/definitions/packageKind", + "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" }, "packageName": { @@ -29496,7 +29645,7 @@ "description": "The filename of the watchlist, called 'source'" }, "sourceType": { - "$ref": "#/definitions/sourceType", + "$ref": "#/definitions/SourceType", "description": "The sourceType of the watchlist" }, "created": { @@ -29978,42 +30127,6 @@ "errorMessage" ] }, - "httpMethodVerb": { - "type": "string", - "description": "The HTTP method, default value GET.", - "enum": [ - "GET", - "POST", - "PUT", - "DELETE" - ], - "x-ms-enum": { - "name": "httpMethodVerb", - "modelAsString": true, - "values": [ - { - "name": "GET", - "value": "GET", - "description": "GET" - }, - { - "name": "POST", - "value": "POST", - "description": "POST" - }, - { - "name": "PUT", - "value": "PUT", - "description": "PUT" - }, - { - "name": "DELETE", - "value": "DELETE", - "description": "DELETE" - } - ] - } - }, "jobItem": { "type": "object", "description": "An entity describing the publish status of a content item.", @@ -30484,7 +30597,7 @@ "description": "The original source of the content item, where it comes from.", "properties": { "kind": { - "$ref": "#/definitions/sourceKind", + "$ref": "#/definitions/SourceKind", "description": "Source type of the content" }, "name": { @@ -30505,7 +30618,7 @@ "description": "Support information for the content item.", "properties": { "tier": { - "$ref": "#/definitions/supportTier", + "$ref": "#/definitions/SupportTier", "description": "Type of support for content item" }, "name": { @@ -30574,7 +30687,7 @@ "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" }, "contentKind": { - "$ref": "#/definitions/packageKind", + "$ref": "#/definitions/PackageKind", "description": "The package kind" }, "contentSchemaVersion": { @@ -30670,30 +30783,6 @@ } } }, - "packageKind": { - "type": "string", - "description": "The package kind", - "enum": [ - "Solution", - "Standalone" - ], - "x-ms-enum": { - "name": "packageKind", - "modelAsString": true, - "values": [ - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "Standalone", - "value": "Standalone", - "description": "Standalone" - } - ] - } - }, "packageList": { "type": "object", "description": "List available packages.", @@ -30818,7 +30907,7 @@ "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" }, "contentKind": { - "$ref": "#/definitions/packageKind", + "$ref": "#/definitions/PackageKind", "description": "The package kind" }, "contentSchemaVersion": { @@ -31087,7 +31176,7 @@ "description": "the package Id contains this template" }, "packageKind": { - "$ref": "#/definitions/packageKind", + "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" }, "packageName": { @@ -31104,96 +31193,6 @@ } } }, - "sourceKind": { - "type": "string", - "description": "Source type of the content", - "enum": [ - "LocalWorkspace", - "Community", - "Solution", - "SourceRepository" - ], - "x-ms-enum": { - "name": "sourceKind", - "modelAsString": true, - "values": [ - { - "name": "LocalWorkspace", - "value": "LocalWorkspace", - "description": "LocalWorkspace" - }, - { - "name": "Community", - "value": "Community", - "description": "Community" - }, - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "SourceRepository", - "value": "SourceRepository", - "description": "SourceRepository" - } - ] - } - }, - "sourceType": { - "type": "string", - "description": "The sourceType of the watchlist", - "enum": [ - "Local", - "AzureStorage" - ], - "x-ms-enum": { - "name": "sourceType", - "modelAsString": true, - "values": [ - { - "name": "Local", - "value": "Local", - "description": "The source from local file." - }, - { - "name": "AzureStorage", - "value": "AzureStorage", - "description": "The source from Azure storage." - } - ] - } - }, - "supportTier": { - "type": "string", - "description": "Type of support for content item", - "enum": [ - "Microsoft", - "Partner", - "Community" - ], - "x-ms-enum": { - "name": "supportTier", - "modelAsString": true, - "values": [ - { - "name": "Microsoft", - "value": "Microsoft", - "description": "Microsoft" - }, - { - "name": "Partner", - "value": "Partner", - "description": "Partner" - }, - { - "name": "Community", - "value": "Community", - "description": "Community" - } - ] - } - }, "templateAdditionalProperties": { "type": "object", "description": "additional properties of product template.", @@ -31366,7 +31365,7 @@ "description": "the package Id contains this template" }, "packageKind": { - "$ref": "#/definitions/packageKind", + "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" }, "packageName": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index 57e4650262a1..942a83ad90a7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -10723,6 +10723,42 @@ } ] }, + "HttpMethodVerb": { + "type": "string", + "description": "The HTTP method, default value GET.", + "enum": [ + "GET", + "POST", + "PUT", + "DELETE" + ], + "x-ms-enum": { + "name": "HttpMethodVerb", + "modelAsString": true, + "values": [ + { + "name": "GET", + "value": "GET", + "description": "GET" + }, + { + "name": "POST", + "value": "POST", + "description": "POST" + }, + { + "name": "PUT", + "value": "PUT", + "description": "PUT" + }, + { + "name": "DELETE", + "value": "DELETE", + "description": "DELETE" + } + ] + } + }, "HuntingBookmark": { "type": "object", "description": "Represents a Hunting bookmark entity.", @@ -13158,6 +13194,30 @@ ] } }, + "PackageKind": { + "type": "string", + "description": "The package kind", + "enum": [ + "Solution", + "Standalone" + ], + "x-ms-enum": { + "name": "PackageKind", + "modelAsString": true, + "values": [ + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + } + ] + } + }, "PlaybookActionProperties": { "type": "object", "properties": { @@ -14084,7 +14144,7 @@ "x-nullable": true }, "httpMethod": { - "$ref": "#/definitions/httpMethodVerb", + "$ref": "#/definitions/HttpMethodVerb", "description": "The HTTP method, default value GET." }, "queryTimeFormat": { @@ -15215,6 +15275,66 @@ "repository" ] }, + "SourceKind": { + "type": "string", + "description": "Source type of the content", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "name": "SourceKind", + "modelAsString": true, + "values": [ + { + "name": "LocalWorkspace", + "value": "LocalWorkspace", + "description": "LocalWorkspace" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "SourceRepository", + "value": "SourceRepository", + "description": "SourceRepository" + } + ] + } + }, + "SourceType": { + "type": "string", + "description": "The sourceType of the watchlist", + "enum": [ + "Local", + "AzureStorage" + ], + "x-ms-enum": { + "name": "SourceType", + "modelAsString": true, + "values": [ + { + "name": "Local", + "value": "Local", + "description": "The source from local file." + }, + { + "name": "AzureStorage", + "value": "AzureStorage", + "description": "The source from Azure storage." + } + ] + } + }, "SubmissionMailEntity": { "type": "object", "description": "Represents a submission mail entity.", @@ -15295,6 +15415,36 @@ } ] }, + "SupportTier": { + "type": "string", + "description": "Type of support for content item", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "name": "SupportTier", + "modelAsString": true, + "values": [ + { + "name": "Microsoft", + "value": "Microsoft", + "description": "Microsoft" + }, + { + "name": "Partner", + "value": "Partner", + "description": "Partner" + }, + { + "name": "Community", + "value": "Community", + "description": "Community" + } + ] + } + }, "TIDataConnector": { "type": "object", "description": "Represents threat intelligence data connector.", @@ -15468,7 +15618,7 @@ "description": "the package Id contains this template" }, "packageKind": { - "$ref": "#/definitions/packageKind", + "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" }, "packageName": { @@ -16417,7 +16567,7 @@ "description": "The filename of the watchlist, called 'source'" }, "sourceType": { - "$ref": "#/definitions/sourceType", + "$ref": "#/definitions/SourceType", "description": "The sourceType of the watchlist" }, "created": { @@ -16614,42 +16764,6 @@ } } }, - "httpMethodVerb": { - "type": "string", - "description": "The HTTP method, default value GET.", - "enum": [ - "GET", - "POST", - "PUT", - "DELETE" - ], - "x-ms-enum": { - "name": "httpMethodVerb", - "modelAsString": true, - "values": [ - { - "name": "GET", - "value": "GET", - "description": "GET" - }, - { - "name": "POST", - "value": "POST", - "description": "POST" - }, - { - "name": "PUT", - "value": "PUT", - "description": "PUT" - }, - { - "name": "DELETE", - "value": "DELETE", - "description": "DELETE" - } - ] - } - }, "kind": { "type": "string", "description": "The kind of content the metadata is for.", @@ -17085,7 +17199,7 @@ "description": "The original source of the content item, where it comes from.", "properties": { "kind": { - "$ref": "#/definitions/sourceKind", + "$ref": "#/definitions/SourceKind", "description": "Source type of the content" }, "name": { @@ -17106,7 +17220,7 @@ "description": "Support information for the content item.", "properties": { "tier": { - "$ref": "#/definitions/supportTier", + "$ref": "#/definitions/SupportTier", "description": "Type of support for content item" }, "name": { @@ -17139,7 +17253,7 @@ "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" }, "contentKind": { - "$ref": "#/definitions/packageKind", + "$ref": "#/definitions/PackageKind", "description": "The package kind" }, "contentSchemaVersion": { @@ -17235,30 +17349,6 @@ } } }, - "packageKind": { - "type": "string", - "description": "The package kind", - "enum": [ - "Solution", - "Standalone" - ], - "x-ms-enum": { - "name": "packageKind", - "modelAsString": true, - "values": [ - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "Standalone", - "value": "Standalone", - "description": "Standalone" - } - ] - } - }, "packageList": { "type": "object", "description": "List available packages.", @@ -17383,7 +17473,7 @@ "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" }, "contentKind": { - "$ref": "#/definitions/packageKind", + "$ref": "#/definitions/PackageKind", "description": "The package kind" }, "contentSchemaVersion": { @@ -17652,7 +17742,7 @@ "description": "the package Id contains this template" }, "packageKind": { - "$ref": "#/definitions/packageKind", + "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" }, "packageName": { @@ -17669,96 +17759,6 @@ } } }, - "sourceKind": { - "type": "string", - "description": "Source type of the content", - "enum": [ - "LocalWorkspace", - "Community", - "Solution", - "SourceRepository" - ], - "x-ms-enum": { - "name": "sourceKind", - "modelAsString": true, - "values": [ - { - "name": "LocalWorkspace", - "value": "LocalWorkspace", - "description": "LocalWorkspace" - }, - { - "name": "Community", - "value": "Community", - "description": "Community" - }, - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "SourceRepository", - "value": "SourceRepository", - "description": "SourceRepository" - } - ] - } - }, - "sourceType": { - "type": "string", - "description": "The sourceType of the watchlist", - "enum": [ - "Local", - "AzureStorage" - ], - "x-ms-enum": { - "name": "sourceType", - "modelAsString": true, - "values": [ - { - "name": "Local", - "value": "Local", - "description": "The source from local file." - }, - { - "name": "AzureStorage", - "value": "AzureStorage", - "description": "The source from Azure storage." - } - ] - } - }, - "supportTier": { - "type": "string", - "description": "Type of support for content item", - "enum": [ - "Microsoft", - "Partner", - "Community" - ], - "x-ms-enum": { - "name": "supportTier", - "modelAsString": true, - "values": [ - { - "name": "Microsoft", - "value": "Microsoft", - "description": "Microsoft" - }, - { - "name": "Partner", - "value": "Partner", - "description": "Partner" - }, - { - "name": "Community", - "value": "Community", - "description": "Community" - } - ] - } - }, "templateAdditionalProperties": { "type": "object", "description": "additional properties of product template.", @@ -17931,7 +17931,7 @@ "description": "the package Id contains this template" }, "packageKind": { - "$ref": "#/definitions/packageKind", + "$ref": "#/definitions/PackageKind", "description": "the packageKind of the package contains this template" }, "packageName": { From cf0ca45a9f6ba9cc6ad5aff62a2128720d7fff50 Mon Sep 17 00:00:00 2001 From: Guy Wilf Shukrun Date: Mon, 6 Jul 2026 12:14:27 +0300 Subject: [PATCH 38/38] fix PascalCase --- .../SecurityInsights/models.tsp | 14 +- .../preview/2025-10-01-preview/openapi.json | 392 +++++++++--------- .../stable/2025-09-01/openapi.json | 380 ++++++++--------- 3 files changed, 393 insertions(+), 393 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp index 3b00c2d158bf..7dbab7cc9ac9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/models.tsp @@ -80,7 +80,7 @@ union CreatedByType { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -union triggersOn { +union TriggersOn { string, /** @@ -95,7 +95,7 @@ union triggersOn { } #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" -union triggersWhen { +union TriggersWhen { string, /** @@ -497,7 +497,7 @@ union SupportTier { /** * The kind of content the metadata is for. */ -union kind { +union Kind { string, /** @@ -3981,9 +3981,9 @@ model AutomationRuleTriggeringLogic { expirationTimeUtc?: utcDateTime; #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" - triggersOn: triggersOn; + triggersOn: TriggersOn; #suppress "@azure-tools/typespec-azure-core/documentation-required" "FIXME: Update justification, follow aka.ms/tsp/conversion-fix for details" - triggersWhen: triggersWhen; + triggersWhen: TriggersWhen; /** * The conditions to evaluate to determine if the automation rule should be triggered on a given object. @@ -4645,7 +4645,7 @@ model MetadataDependencies { /** * Type of the content item we depend on */ - kind?: kind; + kind?: Kind; /** * Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. @@ -4765,7 +4765,7 @@ model TemplateBaseProperties { /** * The kind of content the template is for. */ - contentKind?: kind; + contentKind?: Kind; /** * Source of the content. This is where/how it was created. diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json index 47ba20c5937a..df724b610864 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/preview/2025-10-01-preview/openapi.json @@ -14096,10 +14096,10 @@ "description": "Determines when the automation rule should automatically expire and be disabled." }, "triggersOn": { - "$ref": "#/definitions/triggersOn" + "$ref": "#/definitions/TriggersOn" }, "triggersWhen": { - "$ref": "#/definitions/triggersWhen" + "$ref": "#/definitions/TriggersWhen" }, "conditions": { "type": "array", @@ -22030,6 +22030,150 @@ ] } }, + "Kind": { + "type": "string", + "description": "The kind of content the metadata is for.", + "enum": [ + "DataConnector", + "DataType", + "Workbook", + "WorkbookTemplate", + "Playbook", + "PlaybookTemplate", + "AnalyticsRuleTemplate", + "AnalyticsRule", + "HuntingQuery", + "InvestigationQuery", + "Parser", + "Watchlist", + "WatchlistTemplate", + "Solution", + "AzureFunction", + "LogicAppsCustomConnector", + "AutomationRule", + "ResourcesDataConnector", + "Notebook", + "Standalone", + "SummaryRule", + "CustomDetection" + ], + "x-ms-enum": { + "name": "Kind", + "modelAsString": true, + "values": [ + { + "name": "DataConnector", + "value": "DataConnector", + "description": "DataConnector" + }, + { + "name": "DataType", + "value": "DataType", + "description": "DataType" + }, + { + "name": "Workbook", + "value": "Workbook", + "description": "Workbook" + }, + { + "name": "WorkbookTemplate", + "value": "WorkbookTemplate", + "description": "WorkbookTemplate" + }, + { + "name": "Playbook", + "value": "Playbook", + "description": "Playbook" + }, + { + "name": "PlaybookTemplate", + "value": "PlaybookTemplate", + "description": "PlaybookTemplate" + }, + { + "name": "AnalyticsRuleTemplate", + "value": "AnalyticsRuleTemplate", + "description": "AnalyticsRuleTemplate" + }, + { + "name": "AnalyticsRule", + "value": "AnalyticsRule", + "description": "AnalyticsRule" + }, + { + "name": "HuntingQuery", + "value": "HuntingQuery", + "description": "HuntingQuery" + }, + { + "name": "InvestigationQuery", + "value": "InvestigationQuery", + "description": "InvestigationQuery" + }, + { + "name": "Parser", + "value": "Parser", + "description": "Parser" + }, + { + "name": "Watchlist", + "value": "Watchlist", + "description": "Watchlist" + }, + { + "name": "WatchlistTemplate", + "value": "WatchlistTemplate", + "description": "WatchlistTemplate" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "AzureFunction", + "value": "AzureFunction", + "description": "AzureFunction" + }, + { + "name": "LogicAppsCustomConnector", + "value": "LogicAppsCustomConnector", + "description": "LogicAppsCustomConnector" + }, + { + "name": "AutomationRule", + "value": "AutomationRule", + "description": "AutomationRule" + }, + { + "name": "ResourcesDataConnector", + "value": "ResourcesDataConnector", + "description": "ResourcesDataConnector" + }, + { + "name": "Notebook", + "value": "Notebook", + "description": "Notebook" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + }, + { + "name": "SummaryRule", + "value": "SummaryRule", + "description": "SummaryRule" + }, + { + "name": "CustomDetection", + "value": "CustomDetection", + "description": "Custom detections enable proactive monitoring and automated response actions for various events and system states across your tenant." + } + ] + } + }, "LastDataReceivedDataType": { "type": "object", "description": "Data type for last data received", @@ -28081,7 +28225,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/Kind", "description": "The kind of content the template is for." }, "source": { @@ -29251,6 +29395,52 @@ "value" ] }, + "TriggersOn": { + "type": "string", + "enum": [ + "Incidents", + "Alerts" + ], + "x-ms-enum": { + "name": "TriggersOn", + "modelAsString": true, + "values": [ + { + "name": "Incidents", + "value": "Incidents", + "description": "Trigger on Incidents" + }, + { + "name": "Alerts", + "value": "Alerts", + "description": "Trigger on Alerts" + } + ] + } + }, + "TriggersWhen": { + "type": "string", + "enum": [ + "Created", + "Updated" + ], + "x-ms-enum": { + "name": "TriggersWhen", + "modelAsString": true, + "values": [ + { + "name": "Created", + "value": "Created", + "description": "Trigger on created objects" + }, + { + "name": "Updated", + "value": "Updated", + "description": "Trigger on updated objects" + } + ] + } + }, "Ueba": { "type": "object", "description": "Settings with single toggle.", @@ -30156,150 +30346,6 @@ } } }, - "kind": { - "type": "string", - "description": "The kind of content the metadata is for.", - "enum": [ - "DataConnector", - "DataType", - "Workbook", - "WorkbookTemplate", - "Playbook", - "PlaybookTemplate", - "AnalyticsRuleTemplate", - "AnalyticsRule", - "HuntingQuery", - "InvestigationQuery", - "Parser", - "Watchlist", - "WatchlistTemplate", - "Solution", - "AzureFunction", - "LogicAppsCustomConnector", - "AutomationRule", - "ResourcesDataConnector", - "Notebook", - "Standalone", - "SummaryRule", - "CustomDetection" - ], - "x-ms-enum": { - "name": "kind", - "modelAsString": true, - "values": [ - { - "name": "DataConnector", - "value": "DataConnector", - "description": "DataConnector" - }, - { - "name": "DataType", - "value": "DataType", - "description": "DataType" - }, - { - "name": "Workbook", - "value": "Workbook", - "description": "Workbook" - }, - { - "name": "WorkbookTemplate", - "value": "WorkbookTemplate", - "description": "WorkbookTemplate" - }, - { - "name": "Playbook", - "value": "Playbook", - "description": "Playbook" - }, - { - "name": "PlaybookTemplate", - "value": "PlaybookTemplate", - "description": "PlaybookTemplate" - }, - { - "name": "AnalyticsRuleTemplate", - "value": "AnalyticsRuleTemplate", - "description": "AnalyticsRuleTemplate" - }, - { - "name": "AnalyticsRule", - "value": "AnalyticsRule", - "description": "AnalyticsRule" - }, - { - "name": "HuntingQuery", - "value": "HuntingQuery", - "description": "HuntingQuery" - }, - { - "name": "InvestigationQuery", - "value": "InvestigationQuery", - "description": "InvestigationQuery" - }, - { - "name": "Parser", - "value": "Parser", - "description": "Parser" - }, - { - "name": "Watchlist", - "value": "Watchlist", - "description": "Watchlist" - }, - { - "name": "WatchlistTemplate", - "value": "WatchlistTemplate", - "description": "WatchlistTemplate" - }, - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "AzureFunction", - "value": "AzureFunction", - "description": "AzureFunction" - }, - { - "name": "LogicAppsCustomConnector", - "value": "LogicAppsCustomConnector", - "description": "LogicAppsCustomConnector" - }, - { - "name": "AutomationRule", - "value": "AutomationRule", - "description": "AutomationRule" - }, - { - "name": "ResourcesDataConnector", - "value": "ResourcesDataConnector", - "description": "ResourcesDataConnector" - }, - { - "name": "Notebook", - "value": "Notebook", - "description": "Notebook" - }, - { - "name": "Standalone", - "value": "Standalone", - "description": "Standalone" - }, - { - "name": "SummaryRule", - "value": "SummaryRule", - "description": "SummaryRule" - }, - { - "name": "CustomDetection", - "value": "CustomDetection", - "description": "Custom detections enable proactive monitoring and automated response actions for various events and system states across your tenant." - } - ] - } - }, "metadataAuthor": { "type": "object", "description": "Publisher or creator of the content item.", @@ -30347,7 +30393,7 @@ "description": "Id of the content item we depend on" }, "kind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/Kind", "description": "Type of the content item we depend on" }, "version": { @@ -31091,7 +31137,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/Kind", "description": "The kind of content the template is for." }, "source": { @@ -31280,7 +31326,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/Kind", "description": "The kind of content the template is for." }, "source": { @@ -31429,52 +31475,6 @@ "readOnly": true } } - }, - "triggersOn": { - "type": "string", - "enum": [ - "Incidents", - "Alerts" - ], - "x-ms-enum": { - "name": "triggersOn", - "modelAsString": true, - "values": [ - { - "name": "Incidents", - "value": "Incidents", - "description": "Trigger on Incidents" - }, - { - "name": "Alerts", - "value": "Alerts", - "description": "Trigger on Alerts" - } - ] - } - }, - "triggersWhen": { - "type": "string", - "enum": [ - "Created", - "Updated" - ], - "x-ms-enum": { - "name": "triggersWhen", - "modelAsString": true, - "values": [ - { - "name": "Created", - "value": "Created", - "description": "Trigger on created objects" - }, - { - "name": "Updated", - "value": "Updated", - "description": "Trigger on updated objects" - } - ] - } } }, "parameters": {} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json index 942a83ad90a7..d80f27da7cbc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/SecurityInsights/stable/2025-09-01/openapi.json @@ -8109,10 +8109,10 @@ "description": "Determines when the automation rule should automatically expire and be disabled." }, "triggersOn": { - "$ref": "#/definitions/triggersOn" + "$ref": "#/definitions/TriggersOn" }, "triggersWhen": { - "$ref": "#/definitions/triggersWhen" + "$ref": "#/definitions/TriggersWhen" }, "conditions": { "type": "array", @@ -11999,6 +11999,144 @@ ] } }, + "Kind": { + "type": "string", + "description": "The kind of content the metadata is for.", + "enum": [ + "DataConnector", + "DataType", + "Workbook", + "WorkbookTemplate", + "Playbook", + "PlaybookTemplate", + "AnalyticsRuleTemplate", + "AnalyticsRule", + "HuntingQuery", + "InvestigationQuery", + "Parser", + "Watchlist", + "WatchlistTemplate", + "Solution", + "AzureFunction", + "LogicAppsCustomConnector", + "AutomationRule", + "ResourcesDataConnector", + "Notebook", + "Standalone", + "SummaryRule" + ], + "x-ms-enum": { + "name": "Kind", + "modelAsString": true, + "values": [ + { + "name": "DataConnector", + "value": "DataConnector", + "description": "DataConnector" + }, + { + "name": "DataType", + "value": "DataType", + "description": "DataType" + }, + { + "name": "Workbook", + "value": "Workbook", + "description": "Workbook" + }, + { + "name": "WorkbookTemplate", + "value": "WorkbookTemplate", + "description": "WorkbookTemplate" + }, + { + "name": "Playbook", + "value": "Playbook", + "description": "Playbook" + }, + { + "name": "PlaybookTemplate", + "value": "PlaybookTemplate", + "description": "PlaybookTemplate" + }, + { + "name": "AnalyticsRuleTemplate", + "value": "AnalyticsRuleTemplate", + "description": "AnalyticsRuleTemplate" + }, + { + "name": "AnalyticsRule", + "value": "AnalyticsRule", + "description": "AnalyticsRule" + }, + { + "name": "HuntingQuery", + "value": "HuntingQuery", + "description": "HuntingQuery" + }, + { + "name": "InvestigationQuery", + "value": "InvestigationQuery", + "description": "InvestigationQuery" + }, + { + "name": "Parser", + "value": "Parser", + "description": "Parser" + }, + { + "name": "Watchlist", + "value": "Watchlist", + "description": "Watchlist" + }, + { + "name": "WatchlistTemplate", + "value": "WatchlistTemplate", + "description": "WatchlistTemplate" + }, + { + "name": "Solution", + "value": "Solution", + "description": "Solution" + }, + { + "name": "AzureFunction", + "value": "AzureFunction", + "description": "AzureFunction" + }, + { + "name": "LogicAppsCustomConnector", + "value": "LogicAppsCustomConnector", + "description": "LogicAppsCustomConnector" + }, + { + "name": "AutomationRule", + "value": "AutomationRule", + "description": "AutomationRule" + }, + { + "name": "ResourcesDataConnector", + "value": "ResourcesDataConnector", + "description": "ResourcesDataConnector" + }, + { + "name": "Notebook", + "value": "Notebook", + "description": "Notebook" + }, + { + "name": "Standalone", + "value": "Standalone", + "description": "Standalone" + }, + { + "name": "SummaryRule", + "value": "SummaryRule", + "description": "SummaryRule" + } + ] + } + }, "MCASDataConnector": { "type": "object", "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", @@ -15533,7 +15671,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/Kind", "description": "The kind of content the template is for." }, "source": { @@ -16258,6 +16396,52 @@ ] } }, + "TriggersOn": { + "type": "string", + "enum": [ + "Incidents", + "Alerts" + ], + "x-ms-enum": { + "name": "TriggersOn", + "modelAsString": true, + "values": [ + { + "name": "Incidents", + "value": "Incidents", + "description": "Trigger on Incidents" + }, + { + "name": "Alerts", + "value": "Alerts", + "description": "Trigger on Alerts" + } + ] + } + }, + "TriggersWhen": { + "type": "string", + "enum": [ + "Created", + "Updated" + ], + "x-ms-enum": { + "name": "TriggersWhen", + "modelAsString": true, + "values": [ + { + "name": "Created", + "value": "Created", + "description": "Trigger on created objects" + }, + { + "name": "Updated", + "value": "Updated", + "description": "Trigger on updated objects" + } + ] + } + }, "UrlEntity": { "type": "object", "description": "Represents a url entity.", @@ -16764,144 +16948,6 @@ } } }, - "kind": { - "type": "string", - "description": "The kind of content the metadata is for.", - "enum": [ - "DataConnector", - "DataType", - "Workbook", - "WorkbookTemplate", - "Playbook", - "PlaybookTemplate", - "AnalyticsRuleTemplate", - "AnalyticsRule", - "HuntingQuery", - "InvestigationQuery", - "Parser", - "Watchlist", - "WatchlistTemplate", - "Solution", - "AzureFunction", - "LogicAppsCustomConnector", - "AutomationRule", - "ResourcesDataConnector", - "Notebook", - "Standalone", - "SummaryRule" - ], - "x-ms-enum": { - "name": "kind", - "modelAsString": true, - "values": [ - { - "name": "DataConnector", - "value": "DataConnector", - "description": "DataConnector" - }, - { - "name": "DataType", - "value": "DataType", - "description": "DataType" - }, - { - "name": "Workbook", - "value": "Workbook", - "description": "Workbook" - }, - { - "name": "WorkbookTemplate", - "value": "WorkbookTemplate", - "description": "WorkbookTemplate" - }, - { - "name": "Playbook", - "value": "Playbook", - "description": "Playbook" - }, - { - "name": "PlaybookTemplate", - "value": "PlaybookTemplate", - "description": "PlaybookTemplate" - }, - { - "name": "AnalyticsRuleTemplate", - "value": "AnalyticsRuleTemplate", - "description": "AnalyticsRuleTemplate" - }, - { - "name": "AnalyticsRule", - "value": "AnalyticsRule", - "description": "AnalyticsRule" - }, - { - "name": "HuntingQuery", - "value": "HuntingQuery", - "description": "HuntingQuery" - }, - { - "name": "InvestigationQuery", - "value": "InvestigationQuery", - "description": "InvestigationQuery" - }, - { - "name": "Parser", - "value": "Parser", - "description": "Parser" - }, - { - "name": "Watchlist", - "value": "Watchlist", - "description": "Watchlist" - }, - { - "name": "WatchlistTemplate", - "value": "WatchlistTemplate", - "description": "WatchlistTemplate" - }, - { - "name": "Solution", - "value": "Solution", - "description": "Solution" - }, - { - "name": "AzureFunction", - "value": "AzureFunction", - "description": "AzureFunction" - }, - { - "name": "LogicAppsCustomConnector", - "value": "LogicAppsCustomConnector", - "description": "LogicAppsCustomConnector" - }, - { - "name": "AutomationRule", - "value": "AutomationRule", - "description": "AutomationRule" - }, - { - "name": "ResourcesDataConnector", - "value": "ResourcesDataConnector", - "description": "ResourcesDataConnector" - }, - { - "name": "Notebook", - "value": "Notebook", - "description": "Notebook" - }, - { - "name": "Standalone", - "value": "Standalone", - "description": "Standalone" - }, - { - "name": "SummaryRule", - "value": "SummaryRule", - "description": "SummaryRule" - } - ] - } - }, "metadataAuthor": { "type": "object", "description": "Publisher or creator of the content item.", @@ -16949,7 +16995,7 @@ "description": "Id of the content item we depend on" }, "kind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/Kind", "description": "Type of the content item we depend on" }, "version": { @@ -17657,7 +17703,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/Kind", "description": "The kind of content the template is for." }, "source": { @@ -17846,7 +17892,7 @@ "description": "The display name of the template" }, "contentKind": { - "$ref": "#/definitions/kind", + "$ref": "#/definitions/Kind", "description": "The kind of content the template is for." }, "source": { @@ -17995,52 +18041,6 @@ "readOnly": true } } - }, - "triggersOn": { - "type": "string", - "enum": [ - "Incidents", - "Alerts" - ], - "x-ms-enum": { - "name": "triggersOn", - "modelAsString": true, - "values": [ - { - "name": "Incidents", - "value": "Incidents", - "description": "Trigger on Incidents" - }, - { - "name": "Alerts", - "value": "Alerts", - "description": "Trigger on Alerts" - } - ] - } - }, - "triggersWhen": { - "type": "string", - "enum": [ - "Created", - "Updated" - ], - "x-ms-enum": { - "name": "triggersWhen", - "modelAsString": true, - "values": [ - { - "name": "Created", - "value": "Created", - "description": "Trigger on created objects" - }, - { - "name": "Updated", - "value": "Updated", - "description": "Trigger on updated objects" - } - ] - } } }, "parameters": {}