From 07c5cc8b6e69c847e0d7696953eac629a273d50f Mon Sep 17 00:00:00 2001 From: matanpa Date: Mon, 29 Aug 2022 03:37:57 +0300 Subject: [PATCH] Add eventGroupingSettings to NRT alert rules (#20422) --- .../preview/2022-09-01-preview/AlertRules.json | 8 ++++++++ .../examples/alertRules/CreateNrtAlertRule.json | 6 ++++++ .../examples/alertRules/GetNrtAlertRule.json | 3 +++ 3 files changed, 17 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/AlertRules.json index 7db9ffeb68e8..a537eae87b1b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/AlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/AlertRules.json @@ -793,6 +793,10 @@ "type": "object", "$ref": "#/definitions/AlertDetailsOverride", "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." } }, "type": "object" @@ -1751,6 +1755,10 @@ "type": "object", "$ref": "#/definitions/AlertDetailsOverride", "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." } }, "required": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateNrtAlertRule.json index 7e9c3660e6b2..9f8e9883f4f5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateNrtAlertRule.json @@ -68,6 +68,9 @@ "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", "suppressionDuration": "PT1H", "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, "lastModifiedUtc": "2019-01-01T13:15:30Z", "incidentConfiguration": { "createIncident": true, @@ -109,6 +112,9 @@ "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", "suppressionDuration": "PT1H", "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, "lastModifiedUtc": "2019-01-01T13:15:30Z", "incidentConfiguration": { "createIncident": true, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetNrtAlertRule.json index 2d2953af698a..a2d08a2a1da4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetNrtAlertRule.json @@ -31,6 +31,9 @@ "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", "suppressionDuration": "PT1H", "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, "lastModifiedUtc": "2019-01-01T13:15:30Z", "incidentConfiguration": { "createIncident": true,