From d1f5b2ccdbd0292ae7c6b61f0fbf3774ce3fe55f Mon Sep 17 00:00:00 2001 From: ityankel <47292630+ityankel@users.noreply.github.com> Date: Thu, 5 May 2022 05:11:55 +0300 Subject: [PATCH] Update AutomationRules.json (#18630) * Update automation rules swagger * Update examples * fix examples * fix naming typo * run prettier * run prettier on missing file * remove logic app arm id from required --- .../2022-05-01-preview/AutomationRules.json | 235 +++++++++++++++--- .../AutomationRules_CreateOrUpdate.json | 54 ++++ .../automationRules/AutomationRules_Get.json | 18 ++ .../automationRules/AutomationRules_List.json | 18 ++ ...aybook.json => Incidents_RunPlaybook.json} | 0 5 files changed, 295 insertions(+), 30 deletions(-) rename specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/manualTrigger/{AutomationRules_ManualTriggerPlaybook.json => Incidents_RunPlaybook.json} (100%) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/AutomationRules.json index c5c278b3ccc0..bfa7152f5860 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/AutomationRules.json @@ -3,10 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2022-05-01-preview", - "x-ms-code-generation-settings": { - "name": "SecurityInsights" - } + "version": "2022-05-01-preview" }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { @@ -275,8 +272,8 @@ } }, "x-ms-examples": { - "AutomationRules_ManualTriggerPlaybook": { - "$ref": "./examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json" + "Incidents_RunPlaybook": { + "$ref": "./examples/manualTrigger/Incidents_RunPlaybook.json" } } } @@ -284,7 +281,7 @@ }, "definitions": { "ActionType": { - "description": "The type of the automation rule action", + "description": "The type of the automation rule action.", "enum": [ "ModifyProperties", "RunPlaybook" @@ -325,7 +322,7 @@ } }, "AutomationRuleAction": { - "description": "Describes an automation rule action", + "description": "Describes an automation rule action.", "required": [ "actionType", "order" @@ -343,7 +340,7 @@ "discriminator": "actionType" }, "AutomationRuleCondition": { - "description": "Describes an automation rule condition", + "description": "Describes an automation rule condition.", "required": [ "conditionType" ], @@ -369,8 +366,8 @@ "$ref": "#/definitions/IncidentPropertiesAction" } }, - "x-ms-client-flatten": true, - "x-ms-discriminator-value": "ModifyProperties" + "x-ms-discriminator-value": "ModifyProperties", + "x-ms-client-flatten": true }, "AutomationRuleProperties": { "description": "Automation rule properties", @@ -383,13 +380,13 @@ "type": "object", "properties": { "displayName": { - "description": "The display name of the automation rule", + "description": "The display name of the automation rule.", "type": "string", "maxLength": 500 }, "order": { "format": "int32", - "description": "The order of execution of the automation rule", + "description": "The order of execution of the automation rule.", "type": "integer", "minimum": 1, "maximum": 1000 @@ -398,7 +395,7 @@ "$ref": "#/definitions/AutomationRuleTriggeringLogic" }, "actions": { - "description": "The actions to execute when the automation rule is triggered", + "description": "The actions to execute when the automation rule is triggered.", "type": "array", "items": { "$ref": "#/definitions/AutomationRuleAction" @@ -408,13 +405,13 @@ }, "lastModifiedTimeUtc": { "format": "date-time", - "description": "The last time the automation rule was updated", + "description": "The last time the automation rule was updated.", "type": "string", "readOnly": true }, "createdTimeUtc": { "format": "date-time", - "description": "The time the automation rule was created", + "description": "The time the automation rule was created.", "type": "string", "readOnly": true }, @@ -428,6 +425,115 @@ } } }, + "AutomationRulePropertyArrayChangedConditionSupportedArrayType": { + "enum": [ + "Alerts", + "Labels", + "Tactics", + "Comments" + ], + "type": "string", + "example": "Alerts", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "value": "Alerts", + "description": "Evaluate the condition on the alerts" + }, + { + "value": "Labels", + "description": "Evaluate the condition on the labels" + }, + { + "value": "Tactics", + "description": "Evaluate the condition on the tactics" + }, + { + "value": "Comments", + "description": "Evaluate the condition on the comments" + } + ] + } + }, + "AutomationRulePropertyArrayChangedConditionSupportedChangeType": { + "enum": [ + "Added" + ], + "type": "string", + "example": "Added", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedChangeType", + "modelAsString": true, + "values": [ + { + "value": "Added", + "description": "Evaluate the condition on items added to the array" + } + ] + } + }, + "AutomationRulePropertyArrayChangedValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedArrayType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedChangeType" + } + } + }, + "AutomationRulePropertyChangedConditionSupportedChangedType": { + "enum": [ + "ChangedFrom", + "ChangedTo" + ], + "type": "string", + "example": "ChangedFrom", + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedChangedType", + "modelAsString": true, + "values": [ + { + "value": "ChangedFrom", + "description": "Evaluate the condition on the previous value of the property" + }, + { + "value": "ChangedTo", + "description": "Evaluate the condition on the updated value of the property" + } + ] + } + }, + "AutomationRulePropertyChangedConditionSupportedPropertyType": { + "enum": [ + "IncidentSeverity", + "IncidentStatus", + "IncidentOwner" + ], + "type": "string", + "example": "IncidentSeverity", + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedPropertyType", + "modelAsString": true, + "values": [ + { + "value": "IncidentSeverity", + "description": "Evaluate the condition on the incident severity" + }, + { + "value": "IncidentStatus", + "description": "Evaluate the condition on the incident status" + }, + { + "value": "IncidentOwner", + "description": "Evaluate the condition on the incident owner" + } + ] + } + }, "AutomationRulePropertyConditionSupportedOperator": { "enum": [ "Equals", @@ -481,7 +587,7 @@ } }, "AutomationRulePropertyConditionSupportedProperty": { - "description": "The property to evaluate in an automation rule property condition", + "description": "The property to evaluate in an automation rule property condition.", "enum": [ "IncidentTitle", "IncidentDescription", @@ -763,6 +869,26 @@ ] } }, + "AutomationRulePropertyValuesChangedCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedPropertyType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedChangedType" + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "AutomationRulePropertyValuesCondition": { "type": "object", "properties": { @@ -794,8 +920,8 @@ "$ref": "#/definitions/PlaybookActionProperties" } }, - "x-ms-client-flatten": true, - "x-ms-discriminator-value": "RunPlaybook" + "x-ms-discriminator-value": "RunPlaybook", + "x-ms-client-flatten": true }, "AutomationRulesList": { "type": "object", @@ -812,7 +938,7 @@ } }, "AutomationRuleTriggeringLogic": { - "description": "Describes automation rule triggering logic", + "description": "Describes automation rule triggering logic.", "required": [ "isEnabled", "triggersOn", @@ -821,7 +947,7 @@ "type": "object", "properties": { "isEnabled": { - "description": "Determines whether the automation rule is enabled or disabled", + "description": "Determines whether the automation rule is enabled or disabled.", "type": "boolean" }, "expirationTimeUtc": { @@ -836,7 +962,7 @@ "$ref": "#/definitions/triggersWhen" }, "conditions": { - "description": "The conditions to evaluate to determine if the automation rule should be triggered on a given object", + "description": "The conditions to evaluate to determine if the automation rule should be triggered on a given object.", "type": "array", "maxItems": 50, "items": { @@ -850,7 +976,9 @@ }, "ConditionType": { "enum": [ - "Property" + "Property", + "PropertyChanged", + "PropertyArrayChanged" ], "type": "string", "example": "Property", @@ -861,6 +989,14 @@ { "value": "Property", "description": "Evaluate an object property value" + }, + { + "value": "PropertyChanged", + "description": "Evaluate an object property changed value" + }, + { + "value": "PropertyArrayChanged", + "description": "Evaluate an object array property changed value" } ] } @@ -881,14 +1017,14 @@ "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" }, "classificationComment": { - "description": "Describes the reason the incident was closed", + "description": "Describes the reason the incident was closed.", "type": "string" }, "owner": { "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo" }, "labels": { - "description": "List of labels to add to the incident", + "description": "List of labels to add to the incident.", "type": "array", "x-ms-identifiers": [ "labelName" @@ -915,16 +1051,50 @@ "type": "object", "properties": { "logicAppResourceId": { - "description": "The resource id of the playbook resource", + "description": "The resource id of the playbook resource.", "type": "string" }, "tenantId": { "format": "uuid", - "description": "The tenant id of the playbook resource", + "description": "The tenant id of the playbook resource.", "type": "string" } } }, + "PropertyArrayChangedConditionProperties": { + "description": "Describes an automation rule condition that evaluates an array property's value change", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyArrayChangedValuesCondition" + } + }, + "x-ms-discriminator-value": "PropertyArrayChanged", + "x-ms-client-flatten": true + }, + "PropertyChangedConditionProperties": { + "description": "Describes an automation rule condition that evaluates a property's value change", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyValuesChangedCondition" + } + }, + "x-ms-discriminator-value": "PropertyChanged", + "x-ms-client-flatten": true + }, "PropertyConditionProperties": { "description": "Describes an automation rule condition that evaluates a property's value", "type": "object", @@ -939,8 +1109,8 @@ "$ref": "#/definitions/AutomationRulePropertyValuesCondition" } }, - "x-ms-client-flatten": true, - "x-ms-discriminator-value": "Property" + "x-ms-discriminator-value": "Property", + "x-ms-client-flatten": true }, "triggersOn": { "enum": [ @@ -961,7 +1131,8 @@ }, "triggersWhen": { "enum": [ - "Created" + "Created", + "Updated" ], "type": "string", "example": "Created", @@ -972,6 +1143,10 @@ { "value": "Created", "description": "Trigger on created objects" + }, + { + "value": "Updated", + "description": "Trigger on updated objects" } ] } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index d593b2e66bbf..7be69ba0fa83 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -28,6 +28,24 @@ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" ] } + }, + { + "conditionType": "PropertyChanged", + "conditionProperties": { + "propertyName": "IncidentStatus", + "changeType": "ChangedFrom", + "operator": "Equals", + "propertyValues": [ + "Closed" + ] + } + }, + { + "conditionType": "PropertyArrayChanged", + "conditionProperties": { + "arrayType": "Alerts", + "changeType": "Added" + } } ] }, @@ -82,6 +100,24 @@ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" ] } + }, + { + "conditionType": "PropertyChanged", + "conditionProperties": { + "propertyName": "IncidentStatus", + "changeType": "ChangedFrom", + "operator": "Equals", + "propertyValues": [ + "Closed" + ] + } + }, + { + "conditionType": "PropertyArrayChanged", + "conditionProperties": { + "arrayType": "Alerts", + "changeType": "Added" + } } ] }, @@ -135,6 +171,24 @@ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" ] } + }, + { + "conditionType": "PropertyChanged", + "conditionProperties": { + "propertyName": "IncidentStatus", + "changeType": "ChangedFrom", + "operator": "Equals", + "propertyValues": [ + "Closed" + ] + } + }, + { + "conditionType": "PropertyArrayChanged", + "conditionProperties": { + "arrayType": "Alerts", + "changeType": "Added" + } } ] }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_Get.json index 4fc569f60c8a..c62a6acd6a6b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_Get.json @@ -31,6 +31,24 @@ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" ] } + }, + { + "conditionType": "PropertyChanged", + "conditionProperties": { + "propertyName": "IncidentStatus", + "changeType": "ChangedFrom", + "operator": "Equals", + "propertyValues": [ + "Closed" + ] + } + }, + { + "conditionType": "PropertyArrayChanged", + "conditionProperties": { + "arrayType": "Alerts", + "changeType": "Added" + } } ] }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_List.json index ed162621c9f2..9d3fc8c9c30e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/automationRules/AutomationRules_List.json @@ -32,6 +32,24 @@ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" ] } + }, + { + "conditionType": "PropertyChanged", + "conditionProperties": { + "propertyName": "IncidentStatus", + "changeType": "ChangedFrom", + "operator": "Equals", + "propertyValues": [ + "Closed" + ] + } + }, + { + "conditionType": "PropertyArrayChanged", + "conditionProperties": { + "arrayType": "Alerts", + "changeType": "Added" + } } ] }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json similarity index 100% rename from specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json rename to specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json