Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dev sentinel 2021 10 01 preview #17314

Merged
merged 4 commits into from
Jan 13, 2022
Merged

Dev sentinel 2021 10 01 preview #17314

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1774835
Bookmarks 2021-10-01-preview
Jan 4, 2022
c60a3f5
prettier
Jan 4, 2022
445aac6
definitions
Jan 5, 2022
fa64749
rename
Jan 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...urce-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/common/AlertTypes.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
}
},
"AttackTactic": {
"description": "The severity for alerts created by this alert rule.",
"description": "A list of relevant mitre attacks.",
igalshapira marked this conversation as resolved.
Show resolved Hide resolved
"enum": [
"InitialAccess",
"Execution",
Expand Down
63 changes: 62 additions & 1 deletion ...hts/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/Bookmarks.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -580,7 +580,7 @@
"description": "List all the bookmarks.",
"properties": {
"nextLink": {
"description": "URL to fetch the next set of cases.",
"description": "URL to fetch the next set of bookmarks.",
"readOnly": true,
"type": "string"
},
Expand Down Expand Up @@ -662,6 +662,25 @@
"$ref": "./common/IncidentTypes.json#/definitions/IncidentInfo",
"description": "Describes an incident that relates to bookmark",
"type": "object"
},
"entityMappings": {
"$ref": "#/definitions/EntityMappingsList",
"description": "Describes the entity mappings of the bookmark",
"type": "object"
},
"tactics": {
"items": {
"$ref": "./common/AlertTypes.json#/definitions/AttackTactic"
},
"description": "A list of relevant mitre attacks",
"type": "array"
},
"techniques": {
"items": {
"$ref": "#/definitions/AttackTechnique"
},
"description": "A list of relevant mitre techniques",
"type": "array"
}
},
"required": [
Expand All @@ -683,6 +702,48 @@
}
},
"type": "object"
},
"EntityMappingsList": {
"description": "Describes the entity mappings of the bookmark",
"items": {
"$ref": "#/definitions/BookmarkEntityMappings"
},
"type": "array"
},
"BookmarkEntityMappings": {
"description": "Describes the entity mappings of a single entity",
"properties": {
"entityType": {
"description": "The entity type",
"type": "string"
},
"fieldMappings": {
"description": "Array of fields mapping for that entity type",
"items": {
"$ref": "#/definitions/EntityFieldMapping"
},
"type": "array"
}
},
"type": "object"
},
"EntityFieldMapping": {
"description": "Map identifiers of a single entity",
"properties": {
"identifier": {
"description": "Alert V3 identifier",
"type": "string"
},
"value": {
"description": "The value of the identifier",
"type": "string"
}
},
"type": "object"
},
"AttackTechnique": {
"description": "Mitre technique (https://attack.mitre.org/matrices/enterprise/)",
"type": "string"
}
}
}
57 changes: 54 additions & 3 deletions ...rosoft.SecurityInsights/preview/2021-10-01-preview/examples/bookmarks/CreateBookmark.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,24 @@
"Tag2"
],
"query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)",
"queryResult": "Security Event query result"
"queryResult": "Security Event query result",
"tactics": [
"Execution"
],
"techniques": [
"T1609"
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "Fullname",
"value": "[email protected]"
}
]
}
]
}
}
},
Expand Down Expand Up @@ -54,7 +71,24 @@
"Tag2"
],
"query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)",
"queryResult": "Security Event query result"
"queryResult": "Security Event query result",
"tactics": [
"Execution"
],
"techniques": [
"T1609"
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "Fullname",
"value": "[email protected]"
}
]
}
]
}
}
},
Expand Down Expand Up @@ -84,7 +118,24 @@
"Tag2"
],
"query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)",
"queryResult": "Security Event query result"
"queryResult": "Security Event query result",
"tactics": [
"Execution"
],
"techniques": [
"T1609"
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "Fullname",
"value": "[email protected]"
}
]
}
]
}
}
}
Expand Down
19 changes: 18 additions & 1 deletion ...osoft.SecurityInsights/preview/2021-10-01-preview/examples/bookmarks/GetBookmarkById.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,24 @@
"severity": "Low",
"title": "New case 1",
"relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018"
}
},
"tactics": [
"Execution"
],
"techniques": [
"T1609"
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "Fullname",
"value": "[email protected]"
}
]
}
]
}
}
}
Expand Down
19 changes: 18 additions & 1 deletion ...icrosoft.SecurityInsights/preview/2021-10-01-preview/examples/bookmarks/GetBookmarks.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,24 @@
"severity": "Low",
"title": "New case 1",
"relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018"
}
},
"tactics": [
"Execution"
],
"techniques": [
"T1609"
],
"entityMappings": [
{
"entityType": "Account",
"fieldMappings": [
{
"identifier": "Fullname",
"value": "[email protected]"
}
]
}
]
}
}
]
Expand Down