From ac6b0d633c75756f8c3e6fed27c0f2ab84e16c90 Mon Sep 17 00:00:00 2001 From: Derrick Lee Date: Sun, 26 Mar 2023 20:07:54 -0700 Subject: [PATCH] [Hunts] Add hunts to Sentinel 2023-04-01-preview version (#23139) * Add hunts files * Include update in 200 description and add defaults * Add back 201 * Update relation properties * Update example --------- Co-authored-by: Derrick Lee --- .../preview/2023-04-01-preview/Hunts.json | 992 ++++++++++++++++++ .../examples/hunts/CreateHunt.json | 100 ++ .../examples/hunts/CreateHuntComment.json | 56 + .../examples/hunts/CreateHuntRelation.json | 53 + .../examples/hunts/DeleteHunt.json | 14 + .../examples/hunts/DeleteHuntComment.json | 15 + .../examples/hunts/DeleteHuntRelation.json | 15 + .../examples/hunts/GetHuntById.json | 43 + .../examples/hunts/GetHuntCommentById.json | 32 + .../examples/hunts/GetHuntComments.json | 27 + .../examples/hunts/GetHuntRelationById.json | 29 + .../examples/hunts/GetHuntRelations.json | 32 + .../examples/hunts/GetHunts.json | 46 + .../resource-manager/readme.md | 1 + 14 files changed, 1455 insertions(+) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/Hunts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntCommentById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntComments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntRelationById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHunts.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/Hunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/Hunts.json new file mode 100644 index 000000000000..8a56ee4b05d2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/Hunts.json @@ -0,0 +1,992 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-04-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts": { + "get": { + "x-ms-examples": { + "Get all hunts.": { + "$ref": "./examples/hunts/GetHunts.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Gets all hunts, without relations and comments.", + "operationId": "Hunts_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}": { + "get": { + "x-ms-examples": { + "Get a hunt.": { + "$ref": "./examples/hunts/GetHuntById.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Gets a hunt, without relations and comments.", + "operationId": "Hunts_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt.": { + "$ref": "./examples/hunts/DeleteHunt.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Delete a hunt.", + "operationId": "Hunts_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt.": { + "$ref": "./examples/hunts/CreateHunt.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Create or update a hunt", + "operationId": "Hunts_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/Hunt" + } + ], + "responses": { + "200": { + "description": "Create or update the Hunt", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations": { + "get": { + "x-ms-examples": { + "Get all hunt relations.": { + "$ref": "./examples/hunts/GetHuntRelations.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Gets all hunt relations", + "operationId": "HuntRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntRelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}": { + "get": { + "x-ms-examples": { + "Get a hunt relation.": { + "$ref": "./examples/hunts/GetHuntRelationById.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Gets a hunt relation", + "operationId": "HuntRelations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt relation.": { + "$ref": "./examples/hunts/DeleteHuntRelation.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Delete a hunt relation.", + "operationId": "HuntRelations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt relation.": { + "$ref": "./examples/hunts/CreateHuntRelation.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Creates or updates a hunt relation.", + "operationId": "HuntRelations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + }, + { + "$ref": "#/parameters/HuntRelation" + } + ], + "responses": { + "200": { + "description": "Create or update the hunt relation", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments": { + "get": { + "x-ms-examples": { + "Get all hunt comments.": { + "$ref": "./examples/hunts/GetHuntComments.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Gets all hunt comments", + "operationId": "HuntComments_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}": { + "get": { + "x-ms-examples": { + "Get a hunt comment.": { + "$ref": "./examples/hunts/GetHuntCommentById.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Gets a hunt comment", + "operationId": "HuntComments_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt comment.": { + "$ref": "./examples/hunts/DeleteHuntComment.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Delete a hunt comment.", + "operationId": "HuntComments_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt comment.": { + "$ref": "./examples/hunts/CreateHuntComment.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Creates or updates a hunt relation.", + "operationId": "HuntComments_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + }, + { + "$ref": "#/parameters/HuntComment" + } + ], + "responses": { + "200": { + "description": "Create or update the hunt comment", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "HuntList": { + "description": "List all the hunts.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunts.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunts.", + "items": { + "$ref": "#/definitions/Hunt" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Hunt": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntProperties", + "description": "Hunt properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntProperties": { + "description": "Describes hunt properties", + "properties": { + "displayName": { + "description": "The display name of the hunt", + "type": "string" + }, + "description": { + "description": "The description of the hunt", + "type": "string" + }, + "status": { + "description": "The status of the hunt.", + "enum": [ + "New", + "Active", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "status" + }, + "default": "New" + }, + "hypothesisStatus": { + "description": "The hypothesis status of the hunt.", + "enum": [ + "Unknown", + "Invalidated", + "Validated" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "hypothesisStatus" + }, + "default": "Unknown" + }, + "attackTactics": { + "description": "A list of mitre attack tactics the hunt is associated with", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "attackTechniques": { + "description": "A list of a mitre attack techniques the hunt is associated with", + "items": { + "description": "Attack Technique", + "type": "string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels relevant to this hunt ", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + }, + "owner": { + "$ref": "#/definitions/HuntOwner" + } + }, + "required": [ + "displayName", + "description" + ], + "type": "object" + }, + "HuntRelationList": { + "description": "List of all the hunt relations", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunt relations.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunt relations", + "items": { + "$ref": "#/definitions/HuntRelation" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "HuntRelation": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt Relation in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntRelationProperties", + "description": "Hunt Relation properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntRelationProperties": { + "description": "Describes hunt relation properties", + "properties": { + "relatedResourceId": { + "description": "The id of the related resource", + "type": "string" + }, + "relatedResourceName": { + "description": "The name of the related resource", + "type": "string", + "readOnly": true + }, + "relationType": { + "description": "The type of the hunt relation", + "type": "string", + "readOnly": true + }, + "relatedResourceKind": { + "description": "The resource that the relation is related to", + "type": "string", + "readOnly": true + }, + "labels": { + "description": "List of labels relevant to this hunt", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + } + }, + "required": [ + "relatedResourceId" + ], + "type": "object" + }, + "HuntCommentList": { + "description": "List of all hunt comments", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunt comments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunt comments", + "items": { + "$ref": "#/definitions/HuntComment" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "HuntComment": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt Comment in Azure Security Insights", + "properties": { + "properties": { + "$ref": "#/definitions/HuntCommentProperties", + "description": "Hunt Comment properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntCommentProperties": { + "description": "Describes a hunt comment properties", + "properties": { + "message": { + "description": "The message for the comment", + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "HuntOwner": { + "description": "Describes a user that the hunt is assigned to", + "type": "object", + "properties": { + "email": { + "description": "The email of the user the hunt is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the hunt is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the hunt is assigned to.", + "format": "uuid", + "type": "string", + "x-nullable": true + }, + "userPrincipalName": { + "description": "The user principal name of the user the hunt is assigned to.", + "type": "string" + }, + "ownerType": { + "description": "The type of the owner the hunt is assigned to.", + "type": "string", + "enum": [ + "Unknown", + "User", + "Group" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "OwnerType", + "values": [ + { + "description": "The hunt owner type is unknown", + "value": "Unknown" + }, + { + "description": "The hunt owner type is an AAD user", + "value": "User" + }, + { + "description": "The hunt owner type is an AAD group", + "value": "Group" + } + ] + } + } + } + } + }, + "parameters": { + "Hunt": { + "description": "The hunt", + "name": "hunt", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/Hunt" + }, + "x-ms-parameter-location": "method" + }, + "HuntId": { + "description": "The hunt id (GUID)", + "in": "path", + "name": "huntId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "HuntRelation": { + "description": "The hunt relation", + "in": "body", + "name": "huntRelation", + "required": true, + "schema": { + "$ref": "#/definitions/HuntRelation" + }, + "x-ms-parameter-location": "method" + }, + "HuntRelationId": { + "description": "The hunt relation id (GUID)", + "in": "path", + "name": "huntRelationId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "HuntComment": { + "description": "The hunt comment", + "in": "body", + "name": "huntComment", + "required": true, + "schema": { + "$ref": "#/definitions/HuntComment" + }, + "x-ms-parameter-location": "method" + }, + "HuntCommentId": { + "description": "The hunt comment id (GUID)", + "in": "path", + "name": "huntCommentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHunt.json new file mode 100644 index 000000000000..a1c2ee4c0fe8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHunt.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "hunt": { + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "huntSequenceNumber": 0, + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHuntComment.json new file mode 100644 index 000000000000..da777a0eff38 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHuntComment.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntComment": { + "properties": { + "message": "This is a test comment." + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a test comment." + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a test comment." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHuntRelation.json new file mode 100644 index 000000000000..726b97588a43 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/CreateHuntRelation.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntRelation": { + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "labels": [ + "Test Label" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "Test Label" + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "Test Label" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHunt.json new file mode 100644 index 000000000000..9b3629f8dbd6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHunt.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHuntComment.json new file mode 100644 index 000000000000..d7d06a1e93f2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHuntComment.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c123456" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHuntRelation.json new file mode 100644 index 000000000000..5c0f6c22d7a8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/DeleteHuntRelation.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntById.json new file mode 100644 index 000000000000..5d0d0c8fa2ab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt ", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntCommentById.json new file mode 100644 index 000000000000..696da8abc75e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntCommentById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a comment." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntComments.json new file mode 100644 index 000000000000..d742876058fc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntComments.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "properties": { + "message": "This is a test comment." + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntRelationById.json new file mode 100644 index 000000000000..f50b08fc89bd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntRelationById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "label1" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntRelations.json new file mode 100644 index 000000000000..fa64afc4600f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHuntRelations.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "label1" + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHunts.json new file mode 100644 index 000000000000..5f61b5ffb5e4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/examples/hunts/GetHunts.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2023-04-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/b372ee75-2cad-4b71-8917-d5d5df9315b5", + "name": "b372ee75-2cad-4b71-8917-d5d5df9315b5", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/readme.md b/specification/securityinsights/resource-manager/readme.md index 2d15641d9690..1d4bf91ce786 100644 --- a/specification/securityinsights/resource-manager/readme.md +++ b/specification/securityinsights/resource-manager/readme.md @@ -47,6 +47,7 @@ input-file: - Microsoft.SecurityInsights/preview/2023-04-01-preview/EntityQueries.json - Microsoft.SecurityInsights/preview/2023-04-01-preview/EntityQueryTemplates.json - Microsoft.SecurityInsights/preview/2023-04-01-preview/FileImports.json + - Microsoft.SecurityInsights/preview/2023-04-01-preview/Hunts.json - Microsoft.SecurityInsights/preview/2023-04-01-preview/Incidents.json - Microsoft.SecurityInsights/preview/2023-04-01-preview/Metadata.json - Microsoft.SecurityInsights/preview/2023-04-01-preview/OfficeConsents.json