Skip to content

Commit

Permalink
[Hub Generated] Review request for Microsoft.SecurityInsights to add …
Browse files Browse the repository at this point in the history 
…version preview/2021-10-01-preview (#17837)

* extract MicrosoftSecurityProductName to enum

* extract AlertRuleTemplateStatus to enum

* define FusionAlertRuleTemplateProperties

* add back nested properties

* add flatten to mitre and fusion properties objects

* change position of required

* define MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties

* align required + add flatten

* fix AlertSeverity ref

* align type to avoid breaking change

* add type for MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties
  • Loading branch information
@laithhisham
laithhisham authored Feb 21, 2022
1 parent d2d4855 commit 3a1da75
Showing 1 changed file with 111 additions and 68 deletions.
179 changes: 111 additions & 68 deletions ...ts/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AlertRules.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -705,35 +705,39 @@
"type": "array"
},
"status": {
"description": "The alert rule template status.",
"enum": [
"Installed",
"Available",
"NotAvailable"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "TemplateStatus",
"values": [
{
"description": "Alert rule template installed. and can not use more then once",
"value": "Installed"
},
{
"description": "Alert rule template is available.",
"value": "Available"
},
{
"description": "Alert rule template is not available",
"value": "NotAvailable"
}
]
}
"$ref": "#/definitions/AlertRuleTemplateStatus",
"description": "The alert rule template status."
}
},
"type": "object"
},
"AlertRuleTemplateStatus": {
"description": "The alert rule template status.",
"enum": [
"Installed",
"Available",
"NotAvailable"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "TemplateStatus",
"values": [
{
"description": "Alert rule template installed. and can not use more then once",
"value": "Installed"
},
{
"description": "Alert rule template is available.",
"value": "Available"
},
{
"description": "Alert rule template is not available",
"value": "NotAvailable"
}
]
}
},
"AlertRuleTemplateWithMitreProperties": {
"allOf": [
{
Expand Down Expand Up @@ -1164,26 +1168,8 @@
"description": "Represents Fusion alert rule template.",
"properties": {
"properties": {
"allOf": [
{
"$ref": "#/definitions/AlertRuleTemplateWithMitreProperties"
}
],
"$ref": "#/definitions/FusionAlertRuleTemplateProperties",
"description": "Fusion alert rule template properties",
"properties": {
"severity": {
"$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum",
"description": "The severity for alerts created by this alert rule."
},
"sourceSettings": {
"description": "All supported source signal configurations consumed in fusion detection.",
"items": {
"$ref": "#/definitions/FusionTemplateSourceSetting"
},
"x-ms-identifiers": [],
"type": "array"
}
},
"required": [
"displayName",
"description",
Expand All @@ -1192,13 +1178,36 @@
"sourceSettings",
"alertRulesCreatedByTemplateCount"
],
"type": "object",
"x-ms-client-flatten": true
}
},
"type": "object",
"x-ms-discriminator-value": "Fusion"
},
"FusionAlertRuleTemplateProperties": {
"allOf": [
{
"$ref": "#/definitions/AlertRuleTemplateWithMitreProperties"
}
],
"description": "Fusion alert rule template properties",
"properties": {
"severity": {
"$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum",
"description": "The severity for alerts created by this alert rule."
},
"sourceSettings": {
"description": "All supported source signal configurations consumed in fusion detection.",
"items": {
"$ref": "#/definitions/FusionTemplateSourceSetting"
},
"x-ms-identifiers": [],
"type": "array"
}
},
"type": "object",
"x-ms-client-flatten": true
},
"FusionTemplateSourceSetting": {
"description": "Represents a source signal consumed in Fusion detection.",
"properties": {
Expand Down Expand Up @@ -1407,21 +1416,8 @@
"type": "array"
},
"productFilter": {
"description": "The alerts' productName on which the cases will be generated",
"enum": [
"Microsoft Cloud App Security",
"Azure Security Center",
"Azure Advanced Threat Protection",
"Azure Active Directory Identity Protection",
"Azure Security Center for IoT",
"Office 365 Advanced Threat Protection",
"Microsoft Defender Advanced Threat Protection"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "MicrosoftSecurityProductName"
}
"$ref": "#/definitions/MicrosoftSecurityProductName",
"description": "The alerts' productName on which the cases will be generated"
},
"severitiesFilter": {
"description": "the alerts' severities on which the cases will be generated",
Expand All @@ -1436,6 +1432,23 @@
],
"type": "object"
},
"MicrosoftSecurityProductName": {
"description": "The alerts' productName on which the cases will be generated",
"enum": [
"Microsoft Cloud App Security",
"Azure Security Center",
"Azure Advanced Threat Protection",
"Azure Active Directory Identity Protection",
"Azure Security Center for IoT",
"Office 365 Advanced Threat Protection",
"Microsoft Defender Advanced Threat Protection"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "MicrosoftSecurityProductName"
}
},
"MicrosoftSecurityIncidentCreationAlertRuleProperties": {
"allOf": [
{
Expand Down Expand Up @@ -1483,14 +1496,7 @@
"description": "Represents MicrosoftSecurityIncidentCreation rule template.",
"properties": {
"properties": {
"allOf": [
{
"$ref": "#/definitions/AlertRuleTemplatePropertiesBase"
},
{
"$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties"
}
],
"$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties",
"description": "MicrosoftSecurityIncidentCreation rule template properties",
"required": [
"displayName",
Expand All @@ -1506,6 +1512,43 @@
"type": "object",
"x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation"
},
"MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": {
"allOf": [
{
"$ref": "#/definitions/AlertRuleTemplatePropertiesBase"
}
],
"description": "MicrosoftSecurityIncidentCreation rule template properties",
"properties": {
"displayNamesFilter": {
"description": "the alerts' displayNames on which the cases will be generated",
"items": {
"type": "string"
},
"type": "array"
},
"displayNamesExcludeFilter": {
"description": "the alerts' displayNames on which the cases will not be generated",
"items": {
"type": "string"
},
"type": "array"
},
"productFilter": {
"$ref": "#/definitions/MicrosoftSecurityProductName",
"description": "The alerts' productName on which the cases will be generated"
},
"severitiesFilter": {
"description": "the alerts' severities on which the cases will be generated",
"items": {
"$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum"
},
"type": "array"
}
},
"type": "object",
"x-ms-client-flatten": true
},
"QueryBasedAlertRuleProperties": {
"description": "Query based alert rule base property bag.",
"properties": {
Expand Down

0 comments on commit 3a1da75

Please sign in to comment.