From efa7b6851a23542b1d11ab4d2e15ed453aedb56b Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Sun, 9 Jan 2022 14:23:35 +0200 Subject: [PATCH 01/29] h --- .../preview/2021-10-01-preview/AutomationRules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index c54286e1d45b..a2a1df7e3e86 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -89,7 +89,7 @@ "tags": [ "Automation Rules" ], - "description": "Gets the automation rule.", + "description": "Gets the automation rule", "operationId": "AutomationRules_Get", "parameters": [ { From 15a5288de6a5cd082897a22c9f1f60c799e8adc4 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Wed, 12 Jan 2022 12:42:58 +0200 Subject: [PATCH 02/29] first --- .../2021-10-01-preview/AutomationRules.json | 1114 ++++++++++------- 1 file changed, 641 insertions(+), 473 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index a2a1df7e3e86..1243c3101377 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -3,49 +3,18 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2021-10-01-preview" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } + "version": "2021-10-01-preview", + "x-ms-code-generation-settings": { + "name": "SecurityInsightsClient" } }, "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/AutomationRules/{automationRuleResourceName}": { "get": { - "x-ms-examples": { - "Get all automation rules.": { - "$ref": "./examples/automationRules/GetAllAutomationRules.json" - } - }, - "tags": [ - "Automation Rules" - ], - "description": "Gets all automation rules.", - "operationId": "AutomationRules_List", + "tags": ["AutomationRules"], + "description": "Gets the automation rule.", + "operationId": "AutomationRules_Get", + "produces": ["application/json"], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -58,13 +27,20 @@ }, { "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "in": "path", + "name": "automationRuleResourceName", + "description": "Automation rule ID", + "required": true, + "type": "string" } ], "responses": { "200": { - "description": "OK", + "description": "Ok", "schema": { - "$ref": "#/definitions/AutomationRulesList" + "$ref": "#/definitions/AutomationRule" } }, "default": { @@ -74,23 +50,18 @@ } } }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { - "get": { "x-ms-examples": { - "Get an automation rule.": { - "$ref": "./examples/automationRules/GetAutomationRule.json" + "AutomationRules_Get": { + "$ref": "./examples/AutomationRules/AutomationRules_Get.json" } - }, - "tags": [ - "Automation Rules" - ], - "description": "Gets the automation rule", - "operationId": "AutomationRules_Get", + } + }, + "put": { + "tags": ["AutomationRules"], + "description": "Creates or updates the automation rule.", + "operationId": "AutomationRules_CreateOrUpdate", + "consumes": ["application/json"], + "produces": ["application/json"], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -105,12 +76,30 @@ "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/AutomationRuleId" + "in": "path", + "name": "automationRuleResourceName", + "description": "Automation rule ID", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "automationRuleToUpsert", + "description": "The automation rule", + "schema": { + "$ref": "#/definitions/AutomationRule" + } } ], "responses": { "200": { - "description": "OK", + "description": "Ok", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "201": { + "description": "Created", "schema": { "$ref": "#/definitions/AutomationRule" } @@ -121,19 +110,65 @@ "$ref": "../../../common/2.0/types.json#/definitions/CloudError" } } + }, + "x-ms-examples": { + "AutomationRules_CreateOrUpdate": { + "$ref": "./examples/AutomationRules/AutomationRules_CreateOrUpdate.json" + } } }, - "put": { - "x-ms-examples": { - "Creates or updates an automation rule.": { - "$ref": "./examples/automationRules/CreateAutomationRule.json" + "delete": { + "tags": ["AutomationRules"], + "description": "Delete the automation rule.", + "operationId": "AutomationRules_Delete", + "produces": ["application/json"], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "in": "path", + "name": "automationRuleResourceName", + "required": true, + "type": "string" } - }, - "tags": [ - "Automation Rules" ], - "description": "Creates or updates the automation rule.", - "operationId": "AutomationRules_CreateOrUpdate", + "responses": { + "200": { + "description": "Ok" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Delete": { + "$ref": "./examples/AutomationRules/AutomationRules_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/AutomationRules": { + "get": { + "tags": ["AutomationRules"], + "description": "Gets all automation rules.", + "operationId": "AutomationRules_List", + "produces": ["application/json"], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -148,23 +183,23 @@ "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/AutomationRuleId" + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" }, { - "$ref": "#/parameters/AutomationRule" + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" } ], "responses": { "200": { - "description": "OK", + "description": "Ok", "schema": { - "$ref": "#/definitions/AutomationRule" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/AutomationRule" + "$ref": "#/definitions/AutomationRulesList" } }, "default": { @@ -173,19 +208,24 @@ "$ref": "../../../common/2.0/types.json#/definitions/CloudError" } } - } - }, - "delete": { + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, "x-ms-examples": { - "Delete an automation rule.": { - "$ref": "./examples/automationRules/DeleteAutomationRule.json" + "AutomationRules_List": { + "$ref": "./examples/AutomationRules/AutomationRules_List.json" } - }, - "tags": [ - "Automation Rule" - ], - "description": "Delete the automation rule.", - "operationId": "AutomationRules_Delete", + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/Incidents/{incidentIdentifier}/runPlaybook": { + "post": { + "tags": ["ManualTrigger"], + "description": "Creates or updates the automation rule.", + "operationId": "AutomationRules_ManualTriggerPlaybook", + "consumes": ["application/json"], + "produces": ["application/json"], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -200,13 +240,20 @@ "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/AutomationRuleId" + "in": "path", + "name": "incidentIdentifier", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "requestBody", + "schema": { + "$ref": "#/definitions/ManualTriggerRequestBody" + } } ], "responses": { - "200": { - "description": "OK" - }, "204": { "description": "No Content" }, @@ -216,277 +263,178 @@ "$ref": "../../../common/2.0/types.json#/definitions/CloudError" } } + }, + "x-ms-examples": { + "AutomationRules_ManualTriggerPlaybook": { + "$ref": "./examples/ManualTrigger/AutomationRules_ManualTriggerPlaybook.json" + } } } } }, - "parameters": { - "AutomationRule": { - "description": "The automation rule", - "in": "body", - "name": "automationRule", - "required": true, - "schema": { - "$ref": "#/definitions/AutomationRule" - }, - "x-ms-parameter-location": "method" - }, - "AutomationRuleId": { - "description": "Automation rule ID", - "in": "path", - "name": "automationRuleId", - "required": true, - "type": "string", - "x-ms-parameter-location": "method" - } - }, "definitions": { + "ActionType": { + "description": "The type of the automation rule action", + "enum": ["ModifyProperties", "RunPlaybook"], + "type": "string", + "example": "ModifyProperties", + "x-ms-enum": { + "name": "ActionType", + "modelAsString": true, + "values": [ + { + "value": "ModifyProperties" + }, + { + "value": "RunPlaybook" + } + ] + } + }, "AutomationRule": { + "required": ["properties"], + "type": "object", "allOf": [ { "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" } ], - "description": "Represents an automation rule.", "properties": { "properties": { + "type": "object", "$ref": "#/definitions/AutomationRuleProperties", - "description": "Automation rule properties", "x-ms-client-flatten": true } - }, - "type": "object" + } }, "AutomationRuleAction": { "description": "Describes an automation rule action", - "discriminator": "actionType", + "required": ["actionType", "order"], + "type": "object", "properties": { "order": { - "description": "The order of execution of the automation rule action", - "type": "integer", - "format": "int32" + "format": "int32", + "type": "integer" }, "actionType": { - "description": "The type of the automation rule action", - "enum": [ - "ModifyProperties", - "RunPlaybook" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AutomationRuleActionType", - "values": [ - { - "description": "Modify an object's properties", - "value": "ModifyProperties" - }, - { - "description": "Run a playbook on an object", - "value": "RunPlaybook" - } - ] - } + "$ref": "#/definitions/ActionType" } }, - "required": [ - "order", - "actionType" - ], - "type": "object" + "discriminator": "actionType" }, "AutomationRuleCondition": { "description": "Describes an automation rule condition", - "discriminator": "conditionType", + "required": ["conditionType"], + "type": "object", "properties": { "conditionType": { - "description": "The type of the automation rule condition", - "enum": [ - "Property" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AutomationRuleConditionType", - "values": [ - { - "description": "Evaluate an object property value", - "value": "Property" - } - ] - } + "$ref": "#/definitions/ConditionType" } }, - "required": [ - "conditionType" + "discriminator": "conditionType" + }, + "AutomationRuleModifyPropertiesAction": { + "description": "Describes an automation rule action to modify an object's properties", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } ], - "type": "object" + "properties": { + "actionConfiguration": { + "type": "object", + "x-ms-client-flatten": true, + "$ref": "#/definitions/IncidentPropertiesAction" + } + }, + "x-ms-discriminator-value": "ModifyProperties" }, "AutomationRuleProperties": { - "description": "Describes automation rule properties", + "description": "Automation rule properties", + "required": ["actions", "displayName", "order", "triggeringLogic"], + "type": "object", "properties": { "displayName": { - "description": "The display name of the automation rule", + "description": "The display name of the automation rule", "type": "string" }, "order": { + "format": "int32", "description": "The order of execution of the automation rule", - "type": "integer", - "format": "int32" + "type": "integer" }, "triggeringLogic": { - "$ref": "#/definitions/AutomationRuleTriggeringLogic", - "description": "The triggering logic of the automation rule", - "type": "object" + "$ref": "#/definitions/AutomationRuleTriggeringLogic" }, "actions": { "description": "The actions to execute when the automation rule is triggered", + "type": "array", "items": { "$ref": "#/definitions/AutomationRuleAction" - }, - "type": "array" + } }, - "createdTimeUtc": { - "description": "The time the automation rule was created", + "lastModifiedTimeUtc": { "format": "date-time", - "readOnly": true, + "description": "The last time the automation rule was updated", "type": "string" }, - "lastModifiedTimeUtc": { - "description": "The last time the automation rule was updated", + "createdTimeUtc": { "format": "date-time", - "readOnly": true, + "description": "The time the automation rule was created", "type": "string" }, - "createdBy": { - "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo", - "description": "Describes the client that created the automation rule", - "readOnly": true, - "type": "object" - }, "lastModifiedBy": { - "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo", - "description": "Describes the client that last updated the automation rule", - "readOnly": true, - "type": "object" - } - }, - "required": [ - "displayName", - "order", - "triggeringLogic", - "actions" - ], - "type": "object" - }, - "AutomationRulesList": { - "description": "List all the automation rules.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of automation rules.", - "readOnly": true, - "type": "string" + "$ref": "#/definitions/ClientInfo" }, - "value": { - "description": "Array of automation rules.", - "items": { - "$ref": "#/definitions/AutomationRule" - }, - "type": "array" + "createdBy": { + "$ref": "#/definitions/ClientInfo" } - }, - "required": [ - "value" - ], - "type": "object" + } }, - "AutomationRuleRunPlaybookAction": { - "description": "Describes an automation rule action to run a playbook", - "allOf": [ - { - "$ref": "#/definitions/AutomationRuleAction" - } + "AutomationRulePropertyConditionSupportedOperator": { + "enum": [ + "Equals", + "NotEquals", + "Contains", + "NotContains", + "StartsWith", + "NotStartsWith", + "EndsWith", + "NotEndsWith" ], - "properties": { - "actionConfiguration": { - "description": "The configuration of the run playbook automation rule action", - "properties": { - "logicAppResourceId": { - "description": "The resource id of the playbook resource", - "type": "string" - }, - "tenantId": { - "description": "The tenant id of the playbook resource", - "type": "string" - } + "type": "string", + "example": "Equals", + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "value": "Equals" }, - "type": "object" - } - }, - "required": [ - "actionConfiguration" - ], - "x-ms-client-flatten": true, - "type": "object", - "x-ms-discriminator-value": "RunPlaybook" - }, - "AutomationRuleModifyPropertiesAction": { - "description": "Describes an automation rule action to modify an object's properties", - "allOf": [ - { - "$ref": "#/definitions/AutomationRuleAction" - } - ], - "properties": { - "actionConfiguration": { - "description": "The configuration of the modify properties automation rule action", - "properties": { - "classification": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum", - "description": "The reason the incident was closed", - "type": "string" - }, - "classificationComment": { - "description": "Describes the reason the incident was closed", - "type": "string" - }, - "classificationReason": { - "description": "The classification reason the incident was closed with", - "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum", - "type": "string" - }, - "labels": { - "description": "List of labels to add to the incident", - "items": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" - }, - "type": "array" - }, - "owner": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo", - "description": "Describes a user that the incident is assigned to", - "type": "object" - }, - "severity": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum", - "description": "The severity of the incident", - "type": "string" - }, - "status": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum", - "description": "The status of the incident", - "type": "string" - } + { + "value": "NotEquals" }, - "type": "object" - } - }, - "required": [ - "actionConfiguration" - ], - "x-ms-client-flatten": true, - "type": "object", - "x-ms-discriminator-value": "ModifyProperties" + { + "value": "Contains" + }, + { + "value": "NotContains" + }, + { + "value": "StartsWith" + }, + { + "value": "NotStartsWith" + }, + { + "value": "EndsWith" + }, + { + "value": "NotEndsWith" + } + ] + } }, "AutomationRulePropertyConditionSupportedProperty": { "description": "The property to evaluate in an automation rule property condition", @@ -495,9 +443,11 @@ "IncidentDescription", "IncidentSeverity", "IncidentStatus", - "IncidentTactics", "IncidentRelatedAnalyticRuleIds", + "IncidentTactics", + "IncidentLabel", "IncidentProviderName", + "IncidentOwner", "AccountAadTenantId", "AccountAadUserId", "AccountName", @@ -506,6 +456,7 @@ "AccountSid", "AccountObjectGuid", "AccountUPNSuffix", + "AlertProductNames", "AzureResourceResourceId", "AzureResourceSubscriptionId", "CloudApplicationAppId", @@ -545,367 +496,584 @@ "Url" ], "type": "string", + "example": "IncidentTitle", "x-ms-enum": { - "modelAsString": true, "name": "AutomationRulePropertyConditionSupportedProperty", + "modelAsString": true, "values": [ { - "description": "The title of the incident", "value": "IncidentTitle" }, { - "description": "The description of the incident", "value": "IncidentDescription" }, { - "description": "The severity of the incident", "value": "IncidentSeverity" }, { - "description": "The status of the incident", "value": "IncidentStatus" }, { - "description": "The tactics of the incident", + "value": "IncidentRelatedAnalyticRuleIds" + }, + { "value": "IncidentTactics" }, { - "description": "The related Analytic rule ids of the incident", - "value": "IncidentRelatedAnalyticRuleIds" + "value": "IncidentLabel" }, { - "description": "The provider name of the incident", "value": "IncidentProviderName" }, { - "description": "The account Azure Active Directory tenant id", + "value": "IncidentOwner" + }, + { "value": "AccountAadTenantId" }, { - "description": "The account Azure Active Directory user id.", "value": "AccountAadUserId" }, { - "description": "The account name", "value": "AccountName" }, { - "description": "The account NetBIOS domain name", "value": "AccountNTDomain" }, { - "description": "The account Azure Active Directory Passport User ID", "value": "AccountPUID" }, { - "description": "The account security identifier", "value": "AccountSid" }, { - "description": "The account unique identifier", "value": "AccountObjectGuid" }, { - "description": "The account user principal name suffix", "value": "AccountUPNSuffix" }, { - "description": "The Azure resource id", + "value": "AlertProductNames" + }, + { "value": "AzureResourceResourceId" }, { - "description": "The Azure resource subscription id", "value": "AzureResourceSubscriptionId" }, { - "description": "The cloud application identifier", "value": "CloudApplicationAppId" }, { - "description": "The cloud application name", "value": "CloudApplicationAppName" }, { - "description": "The dns record domain name", "value": "DNSDomainName" }, { - "description": "The file directory full path", "value": "FileDirectory" }, { - "description": "The file name without path", "value": "FileName" }, { - "description": "The file hash value", "value": "FileHashValue" }, { - "description": "The host Azure resource id", "value": "HostAzureID" }, { - "description": "The host name without domain", "value": "HostName" }, { - "description": "The host NetBIOS name", "value": "HostNetBiosName" }, { - "description": "The host NT domain", "value": "HostNTDomain" }, { - "description": "The host operating system", "value": "HostOSVersion" }, { - "description": "The IoT device id", "value": "IoTDeviceId" }, { - "description": "The IoT device name", "value": "IoTDeviceName" }, { - "description": "The IoT device type", "value": "IoTDeviceType" }, { - "description": "The IoT device vendor", "value": "IoTDeviceVendor" }, { - "description": "The IoT device model", "value": "IoTDeviceModel" }, { - "description": "The IoT device operating system", "value": "IoTDeviceOperatingSystem" }, { - "description": "The IP address", "value": "IPAddress" }, { - "description": "The mailbox display name", "value": "MailboxDisplayName" }, { - "description": "The mailbox primary address", "value": "MailboxPrimaryAddress" }, { - "description": "The mailbox user principal name", "value": "MailboxUPN" }, { - "description": "The mail message delivery action", "value": "MailMessageDeliveryAction" }, { - "description": "The mail message delivery location", "value": "MailMessageDeliveryLocation" }, { - "description": "The mail message recipient", "value": "MailMessageRecipient" }, { - "description": "The mail message sender IP address", "value": "MailMessageSenderIP" }, { - "description": "The mail message subject", "value": "MailMessageSubject" }, { - "description": "The mail message P1 sender", "value": "MailMessageP1Sender" }, { - "description": "The mail message P2 sender", "value": "MailMessageP2Sender" }, { - "description": "The malware category", "value": "MalwareCategory" }, { - "description": "The malware name", "value": "MalwareName" }, { - "description": "The process execution command line", "value": "ProcessCommandLine" }, { - "description": "The process id", "value": "ProcessId" }, { - "description": "The registry key path", "value": "RegistryKey" }, { - "description": "The registry key value in string formatted representation", "value": "RegistryValueData" }, { - "description": "The url", "value": "Url" } ] } }, "AutomationRulePropertyValuesCondition": { - "description": "Describes an automation rule condition that evaluates a property's value", + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedProperty" + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRuleRunPlaybookAction": { + "description": "Describes an automation rule action to run a playbook", + "type": "object", "allOf": [ { - "$ref": "#/definitions/AutomationRuleCondition" + "$ref": "#/definitions/AutomationRuleAction" } ], "properties": { - "conditionProperties": { - "description": "The configuration of the automation rule condition", - "properties": { - "propertyName": { - "$ref": "#/definitions/AutomationRulePropertyConditionSupportedProperty", - "description": "The property to evaluate" - }, - "operator": { - "description": "The operator to use for evaluation the condition", - "enum": [ - "Equals", - "NotEquals", - "Contains", - "NotContains", - "StartsWith", - "NotStartsWith", - "EndsWith", - "NotEndsWith" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "AutomationRulePropertyConditionSupportedOperator", - "values": [ - { - "description": "Evaluates if the property equals at least one of the condition values", - "value": "Equals" - }, - { - "description": "Evaluates if the property does not equal any of the condition values", - "value": "NotEquals" - }, - { - "description": "Evaluates if the property contains at least one of the condition values", - "value": "Contains" - }, - { - "description": "Evaluates if the property does not contain any of the condition values", - "value": "NotContains" - }, - { - "description": "Evaluates if the property starts with any of the condition values", - "value": "StartsWith" - }, - { - "description": "Evaluates if the property does not start with any of the condition values", - "value": "NotStartsWith" - }, - { - "description": "Evaluates if the property ends with any of the condition values", - "value": "EndsWith" - }, - { - "description": "Evaluates if the property does not end with any of the condition values", - "value": "NotEndsWith" - } - ] - } - }, - "propertyValues": { - "description": "The values to use for evaluating the condition", - "items": { - "description": "A value to use for evaluating the condition", - "type": "string" - }, - "type": "array" - } - }, - "type": "object" + "actionConfiguration": { + "type": "object", + "x-ms-client-flatten": true, + "$ref": "#/definitions/PlaybookActionProperties" } }, - "required": [ - "conditionProperties" - ], - "x-ms-client-flatten": true, + "x-ms-discriminator-value": "RunPlaybook" + }, + "AutomationRulesList": { "type": "object", - "x-ms-discriminator-value": "Property" + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRule" + } + }, + "nextLink": { + "type": "string" + } + } }, "AutomationRuleTriggeringLogic": { "description": "Describes automation rule triggering logic", + "required": ["isEnabled", "triggersOn", "triggersWhen"], + "type": "object", "properties": { "isEnabled": { - "description": "Determines whether the automation rule is enabled or disabled.", + "description": "Determines whether the automation rule is enabled or disabled", "type": "boolean" }, "expirationTimeUtc": { - "description": "Determines when the automation rule should automatically expire and be disabled.", "format": "date-time", + "description": "Determines when the automation rule should automatically expire and be disabled.", "type": "string" }, "triggersOn": { - "description": "The type of object the automation rule triggers on", - "enum": [ - "Incidents" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "TriggersOn", - "values": [ - { - "description": "Trigger on Incidents", - "value": "Incidents" - } - ] - } + "$ref": "#/definitions/triggersOn" }, "triggersWhen": { - "description": "The type of event the automation rule triggers on", - "enum": [ - "Created" - ], - "type": "string", - "x-ms-enum": { - "modelAsString": true, - "name": "TriggersWhen", - "values": [ - { - "description": "Trigger on created objects", - "value": "Created" - } - ] - } + "$ref": "#/definitions/triggersWhen" }, "conditions": { "description": "The conditions to evaluate to determine if the automation rule should be triggered on a given object", + "type": "array", "items": { "$ref": "#/definitions/AutomationRuleCondition" + } + } + } + }, + "ClientInfo": { + "type": "object", + "properties": { + "objectId": { + "type": "string" + }, + "email": { + "type": "string" + }, + "name": { + "type": "string" + }, + "userPrincipalName": { + "type": "string" + } + } + }, + "ConditionType": { + "enum": ["Property"], + "type": "string", + "example": "Property", + "x-ms-enum": { + "name": "ConditionType", + "modelAsString": true, + "values": [ + { + "value": "Property" + } + ] + } + }, + "IncidentClassification": { + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ], + "type": "string", + "example": "Undetermined", + "x-ms-enum": { + "name": "IncidentClassification", + "modelAsString": true, + "values": [ + { + "value": "Undetermined" + }, + { + "value": "TruePositive" + }, + { + "value": "BenignPositive" + }, + { + "value": "FalsePositive" + } + ] + } + }, + "IncidentClassificationReason": { + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ], + "type": "string", + "example": "SuspiciousActivity", + "x-ms-enum": { + "name": "IncidentClassificationReason", + "modelAsString": true, + "values": [ + { + "value": "SuspiciousActivity" + }, + { + "value": "SuspiciousButExpected" + }, + { + "value": "IncorrectAlertLogic" + }, + { + "value": "InaccurateData" + } + ] + } + }, + "IncidentLabelType": { + "enum": ["User", "AutoAssigned"], + "type": "string", + "example": "User", + "x-ms-enum": { + "name": "IncidentLabelType", + "modelAsString": true, + "values": [ + { + "value": "User" + }, + { + "value": "AutoAssigned" + } + ] + } + }, + "IncidentOwnerType": { + "enum": ["Unknown", "User", "Group"], + "type": "string", + "example": "Unknown", + "x-ms-enum": { + "name": "IncidentOwnerType", + "modelAsString": true, + "values": [ + { + "value": "Unknown" + }, + { + "value": "User" + }, + { + "value": "Group" + } + ] + } + }, + "IncidentPropertiesAction": { + "type": "object", + "properties": { + "severity": { + "$ref": "#/definitions/IncidentSeverity" + }, + "status": { + "$ref": "#/definitions/IncidentStatus" + }, + "classification": { + "$ref": "#/definitions/IncidentClassification" + }, + "classificationReason": { + "$ref": "#/definitions/IncidentClassificationReason" + }, + "classificationComment": { + "description": "Describes the reason the incident was closed", + "type": "string" + }, + "owner": { + "$ref": "#/definitions/IncidentPropertiesActionOwnerInfo" + }, + "labels": { + "description": "List of labels to add to the incident", + "type": "array", + "items": { + "$ref": "#/definitions/IncidentPropertiesActionLabelProperties" + } + } + } + }, + "IncidentPropertiesActionLabelProperties": { + "type": "object", + "properties": { + "labelName": { + "type": "string" + }, + "labelType": { + "$ref": "#/definitions/IncidentLabelType" + } + } + }, + "IncidentPropertiesActionOwnerInfo": { + "type": "object", + "properties": { + "objectId": { + "type": "string" + }, + "email": { + "type": "string" + }, + "assignedTo": { + "type": "string" + }, + "userPrincipalName": { + "type": "string" + }, + "ownerType": { + "$ref": "#/definitions/IncidentOwnerType" + } + } + }, + "IncidentSeverity": { + "enum": ["Informational", "Low", "Medium", "High"], + "type": "string", + "example": "Informational", + "x-ms-enum": { + "name": "IncidentSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + } + }, + "IncidentStatus": { + "enum": ["New", "Active", "Closed"], + "type": "string", + "example": "New", + "x-ms-enum": { + "name": "IncidentStatus", + "modelAsString": true, + "values": [ + { + "value": "New" + }, + { + "value": "Active" }, - "type": "array" + { + "value": "Closed" + } + ] + } + }, + "ManualTriggerRequestBody": { + "type": "object", + "properties": { + "tenantId": { + "format": "uuid", + "type": "string" + }, + "logicAppsResourceId": { + "type": "string" + } + } + }, + "PlaybookActionProperties": { + "type": "object", + "properties": { + "logicAppResourceId": { + "description": "The resource id of the playbook resource", + "type": "string" + }, + "tenantId": { + "format": "uuid", + "description": "The tenant id of the playbook resource", + "type": "string" } + } + }, + "triggersOn": { + "enum": ["Incidents"], + "type": "string", + "example": "Incidents", + "x-ms-enum": { + "name": "triggersOn", + "modelAsString": true, + "values": [ + { + "value": "Incidents" + } + ] + } + }, + "triggersWhen": { + "enum": ["Created"], + "type": "string", + "example": "Created", + "x-ms-enum": { + "name": "triggersWhen", + "modelAsString": true, + "values": [ + { + "value": "Created" + } + ] + } + } + }, + "parameters": { + "AutomationRule": { + "name": "automationRule", + "description": "The automation rule", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "AutomationRuleId": { + "in": "path", + "name": "automationRuleId", + "description": "Automation rule ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" }, - "required": [ - "isEnabled", - "triggersOn", - "triggersWhen" - ], - "type": "object" + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": ["user_impersonation"] + } + ], + "tags": [ + { + "name": "AutomationRules", + "description": "Controller that handles requests forwarded from ASI RP for automation rules CRUD ARM APIs." } - } -} + ], + "host": "management.azure.com", + "schemes": ["https"], + "produces": ["application/json"], + "consumes": ["application/json"] +} \ No newline at end of file From 5628f8bf33b8052b80fdf315c44c102e1a22032f Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Wed, 12 Jan 2022 13:14:37 +0200 Subject: [PATCH 03/29] examples --- .../AutomationRules_CreateOrUpdate.json | 118 ++++++++++++ .../AutomationRules_Delete.json | 19 ++ ...ionRules.json => AutomationRules_Get.json} | 52 +++--- .../automationRules/AutomationRules_List.json | 72 +++++++ .../automationRules/CreateAutomationRule.json | 175 ------------------ .../automationRules/DeleteAutomationRule.json | 13 -- .../automationRules/GetAutomationRule.json | 75 -------- ...AutomationRules_ManualTriggerPlaybook.json | 21 +++ 8 files changed, 257 insertions(+), 288 deletions(-) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json rename specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/{GetAllAutomationRules.json => AutomationRules_Get.json} (75%) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/CreateAutomationRule.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/DeleteAutomationRule.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/GetAutomationRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json new file mode 100644 index 000000000000..ba3047555ec8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -0,0 +1,118 @@ +{ + "parameters": { + "parameters": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "$top": 1 + }, + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "automationRule": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "High severity incidents escalation", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "PropertyName": "IncidentRelatedAnalyticRuleIds", + "Operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30", + "createdTimeUtc": "2019-01-01T13:00:00", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "High severity incidents escalation", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "PropertyName": "IncidentRelatedAnalyticRuleIds", + "Operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30", + "createdTimeUtc": "2019-01-01T13:00:00", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json new file mode 100644 index 000000000000..317ffd5eba05 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -0,0 +1,19 @@ +{ + "parameters": { + "parameters": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "$top": 1 + }, + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "200": {} + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/GetAllAutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json similarity index 75% rename from specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/GetAllAutomationRules.json rename to specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json index 9349bdd4b51e..1c98e094be9b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/GetAllAutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -1,37 +1,25 @@ { "parameters": { - "api-version": "2021-10-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "$top": 1 + "parameters": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "$top": 1 + } }, "responses": { "200": { "body": { - "value": [ + "200": [ { "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/automationRules", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", "properties": { - "order": 1, "displayName": "High severity incidents escalation", - "createdTimeUtc": "2021-09-01T13:00:30Z", - "lastModifiedTimeUtc": "2021-09-01T13:00:30Z", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, + "order": 1, "triggeringLogic": { "isEnabled": true, "triggersOn": "Incidents", @@ -40,8 +28,8 @@ { "conditionType": "Property", "conditionProperties": { - "propertyName": "IncidentRelatedAnalyticRuleIds", - "operator": "Contains", + "PropertyName": "IncidentRelatedAnalyticRuleIds", + "Operator": "Contains", "propertyValues": [ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" @@ -58,7 +46,21 @@ "severity": "High" } } - ] + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30", + "createdTimeUtc": "2019-01-01T13:00:00", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } } } ] diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json new file mode 100644 index 000000000000..3e80936084b8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "parameters": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "$top": 1 + } + }, + "responses": { + "200": { + "body": { + "200": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "High severity incidents escalation", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "PropertyName": "IncidentRelatedAnalyticRuleIds", + "Operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30", + "createdTimeUtc": "2019-01-01T13:00:00", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/CreateAutomationRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/CreateAutomationRule.json deleted file mode 100644 index 48eb720b4caa..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/CreateAutomationRule.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "parameters": { - "api-version": "2021-10-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "automationRule": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "order": 1, - "displayName": "High severity incidents escalation", - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "IncidentRelatedAnalyticRuleIds", - "operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ - { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" - } - }, - { - "order": 2, - "actionType": "RunPlaybook", - "actionConfiguration": { - "tenantId": "ee48efaf-50c6-411b-9345-b2bdc3eb4abc", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook" - } - } - ] - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "order": 1, - "displayName": "High severity incidents escalation", - "createdTimeUtc": "2021-09-01T13:00:30Z", - "lastModifiedTimeUtc": "2021-09-01T13:00:30Z", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "IncidentRelatedAnalyticRuleIds", - "operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ - { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" - } - }, - { - "order": 2, - "actionType": "RunPlaybook", - "actionConfiguration": { - "tenantId": "ee48efaf-50c6-411b-9345-b2bdc3eb4abc", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook" - } - } - ] - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "order": 1, - "displayName": "High severity incidents escalation", - "createdTimeUtc": "2021-09-01T13:00:30Z", - "lastModifiedTimeUtc": "2021-09-01T13:00:30Z", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "IncidentRelatedAnalyticRuleIds", - "operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ - { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" - } - }, - { - "order": 2, - "actionType": "RunPlaybook", - "actionConfiguration": { - "tenantId": "ee48efaf-50c6-411b-9345-b2bdc3eb4abc", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook" - } - } - ] - } - } - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/DeleteAutomationRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/DeleteAutomationRule.json deleted file mode 100644 index dcac90840b79..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/DeleteAutomationRule.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "parameters": { - "api-version": "2021-10-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/GetAutomationRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/GetAutomationRule.json deleted file mode 100644 index be4951133e80..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/GetAutomationRule.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "parameters": { - "api-version": "2021-10-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "order": 1, - "displayName": "High severity incidents escalation", - "createdTimeUtc": "2021-09-01T13:00:30Z", - "lastModifiedTimeUtc": "2021-09-01T13:00:30Z", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "IncidentTitle", - "operator": "Contains", - "propertyValues": [ - "logon failure" - ] - } - }, - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "HostName", - "operator": "Equals", - "propertyValues": [ - "TestVM" - ] - } - } - ] - }, - "actions": [ - { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "status": "Closed", - "classification": "BenignPositive", - "classificationReason": "SuspiciousButExpected" - } - } - ] - } - } - } - } -} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json new file mode 100644 index 000000000000..1a9e6531d64f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json @@ -0,0 +1,21 @@ +{ + "parameters": { + "parameters": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" + } + } + }, + "responses": { + "204": { + "body": { + "204": {} + } + } + } +} From 2cee5444314adfde81b9ced14fbb70753d0f45e4 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Wed, 12 Jan 2022 14:26:07 +0200 Subject: [PATCH 04/29] prettier --- .../2021-10-01-preview/AutomationRules.json | 133 ++++++++++++++---- 1 file changed, 103 insertions(+), 30 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index 1243c3101377..c9516c83d348 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -11,10 +11,14 @@ "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/AutomationRules/{automationRuleResourceName}": { "get": { - "tags": ["AutomationRules"], + "tags": [ + "AutomationRules" + ], "description": "Gets the automation rule.", "operationId": "AutomationRules_Get", - "produces": ["application/json"], + "produces": [ + "application/json" + ], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -57,11 +61,17 @@ } }, "put": { - "tags": ["AutomationRules"], + "tags": [ + "AutomationRules" + ], "description": "Creates or updates the automation rule.", "operationId": "AutomationRules_CreateOrUpdate", - "consumes": ["application/json"], - "produces": ["application/json"], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -118,10 +128,14 @@ } }, "delete": { - "tags": ["AutomationRules"], + "tags": [ + "AutomationRules" + ], "description": "Delete the automation rule.", "operationId": "AutomationRules_Delete", - "produces": ["application/json"], + "produces": [ + "application/json" + ], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -165,10 +179,14 @@ }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/AutomationRules": { "get": { - "tags": ["AutomationRules"], + "tags": [ + "AutomationRules" + ], "description": "Gets all automation rules.", "operationId": "AutomationRules_List", - "produces": ["application/json"], + "produces": [ + "application/json" + ], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -221,11 +239,17 @@ }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/Incidents/{incidentIdentifier}/runPlaybook": { "post": { - "tags": ["ManualTrigger"], + "tags": [ + "ManualTrigger" + ], "description": "Creates or updates the automation rule.", "operationId": "AutomationRules_ManualTriggerPlaybook", - "consumes": ["application/json"], - "produces": ["application/json"], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -275,7 +299,10 @@ "definitions": { "ActionType": { "description": "The type of the automation rule action", - "enum": ["ModifyProperties", "RunPlaybook"], + "enum": [ + "ModifyProperties", + "RunPlaybook" + ], "type": "string", "example": "ModifyProperties", "x-ms-enum": { @@ -292,7 +319,9 @@ } }, "AutomationRule": { - "required": ["properties"], + "required": [ + "properties" + ], "type": "object", "allOf": [ { @@ -309,7 +338,10 @@ }, "AutomationRuleAction": { "description": "Describes an automation rule action", - "required": ["actionType", "order"], + "required": [ + "actionType", + "order" + ], "type": "object", "properties": { "order": { @@ -324,7 +356,9 @@ }, "AutomationRuleCondition": { "description": "Describes an automation rule condition", - "required": ["conditionType"], + "required": [ + "conditionType" + ], "type": "object", "properties": { "conditionType": { @@ -352,7 +386,12 @@ }, "AutomationRuleProperties": { "description": "Automation rule properties", - "required": ["actions", "displayName", "order", "triggeringLogic"], + "required": [ + "actions", + "displayName", + "order", + "triggeringLogic" + ], "type": "object", "properties": { "displayName": { @@ -719,7 +758,11 @@ }, "AutomationRuleTriggeringLogic": { "description": "Describes automation rule triggering logic", - "required": ["isEnabled", "triggersOn", "triggersWhen"], + "required": [ + "isEnabled", + "triggersOn", + "triggersWhen" + ], "type": "object", "properties": { "isEnabled": { @@ -764,7 +807,9 @@ } }, "ConditionType": { - "enum": ["Property"], + "enum": [ + "Property" + ], "type": "string", "example": "Property", "x-ms-enum": { @@ -834,7 +879,10 @@ } }, "IncidentLabelType": { - "enum": ["User", "AutoAssigned"], + "enum": [ + "User", + "AutoAssigned" + ], "type": "string", "example": "User", "x-ms-enum": { @@ -851,7 +899,11 @@ } }, "IncidentOwnerType": { - "enum": ["Unknown", "User", "Group"], + "enum": [ + "Unknown", + "User", + "Group" + ], "type": "string", "example": "Unknown", "x-ms-enum": { @@ -933,7 +985,12 @@ } }, "IncidentSeverity": { - "enum": ["Informational", "Low", "Medium", "High"], + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], "type": "string", "example": "Informational", "x-ms-enum": { @@ -956,7 +1013,11 @@ } }, "IncidentStatus": { - "enum": ["New", "Active", "Closed"], + "enum": [ + "New", + "Active", + "Closed" + ], "type": "string", "example": "New", "x-ms-enum": { @@ -1002,7 +1063,9 @@ } }, "triggersOn": { - "enum": ["Incidents"], + "enum": [ + "Incidents" + ], "type": "string", "example": "Incidents", "x-ms-enum": { @@ -1016,7 +1079,9 @@ } }, "triggersWhen": { - "enum": ["Created"], + "enum": [ + "Created" + ], "type": "string", "example": "Created", "x-ms-enum": { @@ -1063,7 +1128,9 @@ }, "security": [ { - "azure_auth": ["user_impersonation"] + "azure_auth": [ + "user_impersonation" + ] } ], "tags": [ @@ -1073,7 +1140,13 @@ } ], "host": "management.azure.com", - "schemes": ["https"], - "produces": ["application/json"], - "consumes": ["application/json"] -} \ No newline at end of file + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] +} From 4be2c9c5d2bd187abc0366dc08c26e0cfc68132e Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Wed, 12 Jan 2022 15:28:04 +0200 Subject: [PATCH 05/29] path --- .../preview/2021-10-01-preview/AutomationRules.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index c9516c83d348..fd5946a441c9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -56,7 +56,7 @@ }, "x-ms-examples": { "AutomationRules_Get": { - "$ref": "./examples/AutomationRules/AutomationRules_Get.json" + "$ref": "./examples/automationRules/AutomationRules_Get.json" } } }, @@ -123,7 +123,7 @@ }, "x-ms-examples": { "AutomationRules_CreateOrUpdate": { - "$ref": "./examples/AutomationRules/AutomationRules_CreateOrUpdate.json" + "$ref": "./examples/automationRules/AutomationRules_CreateOrUpdate.json" } } }, @@ -172,7 +172,7 @@ }, "x-ms-examples": { "AutomationRules_Delete": { - "$ref": "./examples/AutomationRules/AutomationRules_Delete.json" + "$ref": "./examples/automationRules/AutomationRules_Delete.json" } } } @@ -232,7 +232,7 @@ }, "x-ms-examples": { "AutomationRules_List": { - "$ref": "./examples/AutomationRules/AutomationRules_List.json" + "$ref": "./examples/automationRules/AutomationRules_List.json" } } } @@ -290,7 +290,7 @@ }, "x-ms-examples": { "AutomationRules_ManualTriggerPlaybook": { - "$ref": "./examples/ManualTrigger/AutomationRules_ManualTriggerPlaybook.json" + "$ref": "./examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json" } } } From 7dd0237619805b6055a0e9c124ecbeb7b406ae13 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Wed, 12 Jan 2022 18:06:23 +0200 Subject: [PATCH 06/29] fixes --- .../2021-10-01-preview/AutomationRules.json | 154 ++++++------------ .../AutomationRules_CreateOrUpdate.json | 1 + .../AutomationRules_Delete.json | 5 +- .../automationRules/AutomationRules_Get.json | 5 +- .../automationRules/AutomationRules_List.json | 1 + ...AutomationRules_ManualTriggerPlaybook.json | 1 + 6 files changed, 57 insertions(+), 110 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index fd5946a441c9..c91ce20973c6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -9,16 +9,12 @@ } }, "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/AutomationRules/{automationRuleResourceName}": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleResourceName}": { "get": { - "tags": [ - "AutomationRules" - ], + "tags": ["automationRules"], "description": "Gets the automation rule.", "operationId": "AutomationRules_Get", - "produces": [ - "application/json" - ], + "produces": ["application/json"], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -61,17 +57,11 @@ } }, "put": { - "tags": [ - "AutomationRules" - ], + "tags": ["automationRules"], "description": "Creates or updates the automation rule.", "operationId": "AutomationRules_CreateOrUpdate", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], + "consumes": ["application/json"], + "produces": ["application/json"], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -128,14 +118,10 @@ } }, "delete": { - "tags": [ - "AutomationRules" - ], + "tags": ["automationRules"], "description": "Delete the automation rule.", "operationId": "AutomationRules_Delete", - "produces": [ - "application/json" - ], + "produces": ["application/json"], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -177,16 +163,12 @@ } } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/AutomationRules": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules": { "get": { - "tags": [ - "AutomationRules" - ], + "tags": ["automationRules"], "description": "Gets all automation rules.", "operationId": "AutomationRules_List", - "produces": [ - "application/json" - ], + "produces": ["application/json"], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -237,19 +219,13 @@ } } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/Incidents/{incidentIdentifier}/runPlaybook": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook": { "post": { - "tags": [ - "ManualTrigger" - ], + "tags": ["manualTrigger"], "description": "Creates or updates the automation rule.", "operationId": "AutomationRules_ManualTriggerPlaybook", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], + "consumes": ["application/json"], + "produces": ["application/json"], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -299,10 +275,7 @@ "definitions": { "ActionType": { "description": "The type of the automation rule action", - "enum": [ - "ModifyProperties", - "RunPlaybook" - ], + "enum": ["ModifyProperties", "RunPlaybook"], "type": "string", "example": "ModifyProperties", "x-ms-enum": { @@ -319,9 +292,7 @@ } }, "AutomationRule": { - "required": [ - "properties" - ], + "required": ["properties"], "type": "object", "allOf": [ { @@ -338,10 +309,7 @@ }, "AutomationRuleAction": { "description": "Describes an automation rule action", - "required": [ - "actionType", - "order" - ], + "required": ["actionType", "order"], "type": "object", "properties": { "order": { @@ -356,9 +324,7 @@ }, "AutomationRuleCondition": { "description": "Describes an automation rule condition", - "required": [ - "conditionType" - ], + "required": ["conditionType"], "type": "object", "properties": { "conditionType": { @@ -386,12 +352,7 @@ }, "AutomationRuleProperties": { "description": "Automation rule properties", - "required": [ - "actions", - "displayName", - "order", - "triggeringLogic" - ], + "required": ["actions", "displayName", "order", "triggeringLogic"], "type": "object", "properties": { "displayName": { @@ -758,11 +719,7 @@ }, "AutomationRuleTriggeringLogic": { "description": "Describes automation rule triggering logic", - "required": [ - "isEnabled", - "triggersOn", - "triggersWhen" - ], + "required": ["isEnabled", "triggersOn", "triggersWhen"], "type": "object", "properties": { "isEnabled": { @@ -807,9 +764,7 @@ } }, "ConditionType": { - "enum": [ - "Property" - ], + "enum": ["Property"], "type": "string", "example": "Property", "x-ms-enum": { @@ -879,10 +834,7 @@ } }, "IncidentLabelType": { - "enum": [ - "User", - "AutoAssigned" - ], + "enum": ["User", "AutoAssigned"], "type": "string", "example": "User", "x-ms-enum": { @@ -899,11 +851,7 @@ } }, "IncidentOwnerType": { - "enum": [ - "Unknown", - "User", - "Group" - ], + "enum": ["Unknown", "User", "Group"], "type": "string", "example": "Unknown", "x-ms-enum": { @@ -985,12 +933,7 @@ } }, "IncidentSeverity": { - "enum": [ - "Informational", - "Low", - "Medium", - "High" - ], + "enum": ["Informational", "Low", "Medium", "High"], "type": "string", "example": "Informational", "x-ms-enum": { @@ -1013,11 +956,7 @@ } }, "IncidentStatus": { - "enum": [ - "New", - "Active", - "Closed" - ], + "enum": ["New", "Active", "Closed"], "type": "string", "example": "New", "x-ms-enum": { @@ -1062,10 +1001,25 @@ } } }, - "triggersOn": { - "enum": [ - "Incidents" + "PropertyConditionProperties": { + "description": "Describes an automation rule condition that evaluates a property's value", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } ], + "properties": { + "conditionProperties": { + "type": "object", + "x-ms-client-flatten": true, + "$ref": "#/definitions/AutomationRulePropertyValuesCondition" + } + }, + "x-ms-discriminator-value": "Property" + }, + "triggersOn": { + "enum": ["Incidents"], "type": "string", "example": "Incidents", "x-ms-enum": { @@ -1079,9 +1033,7 @@ } }, "triggersWhen": { - "enum": [ - "Created" - ], + "enum": ["Created"], "type": "string", "example": "Created", "x-ms-enum": { @@ -1128,9 +1080,7 @@ }, "security": [ { - "azure_auth": [ - "user_impersonation" - ] + "azure_auth": ["user_impersonation"] } ], "tags": [ @@ -1140,13 +1090,7 @@ } ], "host": "management.azure.com", - "schemes": [ - "https" - ], - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ] + "schemes": ["https"], + "produces": ["application/json"], + "consumes": ["application/json"] } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index ba3047555ec8..c393d9b45a34 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -1,6 +1,7 @@ { "parameters": { "parameters": { + "api-version": "2021-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json index 317ffd5eba05..95c3b3b48823 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -1,6 +1,7 @@ { "parameters": { "parameters": { + "api-version": "2021-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -11,9 +12,7 @@ }, "responses": { "200": { - "body": { - "200": {} - } + "body": {} } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json index 1c98e094be9b..0742b334c9ad 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -1,6 +1,7 @@ { "parameters": { "parameters": { + "api-version": "2021-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -11,7 +12,7 @@ "responses": { "200": { "body": { - "200": [ + "value": [ { "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", @@ -67,4 +68,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json index 3e80936084b8..e424178bce6b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -5,6 +5,7 @@ "resourceGroupName": "myRg", "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "api-version": "2021-10-01-preview", "$top": 1 } }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json index 1a9e6531d64f..baa7762b345a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json @@ -5,6 +5,7 @@ "resourceGroupName": "myRg", "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "api-version": "2021-10-01-preview", "manualTriggerRequestBody": { "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" From 9c4a3232315505a12c39830ac29aa7c882563540 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Wed, 12 Jan 2022 18:14:17 +0200 Subject: [PATCH 07/29] prettier --- .../2021-10-01-preview/AutomationRules.json | 131 ++++++++++++++---- .../automationRules/AutomationRules_Get.json | 2 +- 2 files changed, 103 insertions(+), 30 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index c91ce20973c6..c90860ea7d1c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -11,10 +11,14 @@ "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleResourceName}": { "get": { - "tags": ["automationRules"], + "tags": [ + "automationRules" + ], "description": "Gets the automation rule.", "operationId": "AutomationRules_Get", - "produces": ["application/json"], + "produces": [ + "application/json" + ], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -57,11 +61,17 @@ } }, "put": { - "tags": ["automationRules"], + "tags": [ + "automationRules" + ], "description": "Creates or updates the automation rule.", "operationId": "AutomationRules_CreateOrUpdate", - "consumes": ["application/json"], - "produces": ["application/json"], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -118,10 +128,14 @@ } }, "delete": { - "tags": ["automationRules"], + "tags": [ + "automationRules" + ], "description": "Delete the automation rule.", "operationId": "AutomationRules_Delete", - "produces": ["application/json"], + "produces": [ + "application/json" + ], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -165,10 +179,14 @@ }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules": { "get": { - "tags": ["automationRules"], + "tags": [ + "automationRules" + ], "description": "Gets all automation rules.", "operationId": "AutomationRules_List", - "produces": ["application/json"], + "produces": [ + "application/json" + ], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -221,11 +239,17 @@ }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook": { "post": { - "tags": ["manualTrigger"], + "tags": [ + "manualTrigger" + ], "description": "Creates or updates the automation rule.", "operationId": "AutomationRules_ManualTriggerPlaybook", - "consumes": ["application/json"], - "produces": ["application/json"], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "parameters": [ { "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" @@ -275,7 +299,10 @@ "definitions": { "ActionType": { "description": "The type of the automation rule action", - "enum": ["ModifyProperties", "RunPlaybook"], + "enum": [ + "ModifyProperties", + "RunPlaybook" + ], "type": "string", "example": "ModifyProperties", "x-ms-enum": { @@ -292,7 +319,9 @@ } }, "AutomationRule": { - "required": ["properties"], + "required": [ + "properties" + ], "type": "object", "allOf": [ { @@ -309,7 +338,10 @@ }, "AutomationRuleAction": { "description": "Describes an automation rule action", - "required": ["actionType", "order"], + "required": [ + "actionType", + "order" + ], "type": "object", "properties": { "order": { @@ -324,7 +356,9 @@ }, "AutomationRuleCondition": { "description": "Describes an automation rule condition", - "required": ["conditionType"], + "required": [ + "conditionType" + ], "type": "object", "properties": { "conditionType": { @@ -352,7 +386,12 @@ }, "AutomationRuleProperties": { "description": "Automation rule properties", - "required": ["actions", "displayName", "order", "triggeringLogic"], + "required": [ + "actions", + "displayName", + "order", + "triggeringLogic" + ], "type": "object", "properties": { "displayName": { @@ -719,7 +758,11 @@ }, "AutomationRuleTriggeringLogic": { "description": "Describes automation rule triggering logic", - "required": ["isEnabled", "triggersOn", "triggersWhen"], + "required": [ + "isEnabled", + "triggersOn", + "triggersWhen" + ], "type": "object", "properties": { "isEnabled": { @@ -764,7 +807,9 @@ } }, "ConditionType": { - "enum": ["Property"], + "enum": [ + "Property" + ], "type": "string", "example": "Property", "x-ms-enum": { @@ -834,7 +879,10 @@ } }, "IncidentLabelType": { - "enum": ["User", "AutoAssigned"], + "enum": [ + "User", + "AutoAssigned" + ], "type": "string", "example": "User", "x-ms-enum": { @@ -851,7 +899,11 @@ } }, "IncidentOwnerType": { - "enum": ["Unknown", "User", "Group"], + "enum": [ + "Unknown", + "User", + "Group" + ], "type": "string", "example": "Unknown", "x-ms-enum": { @@ -933,7 +985,12 @@ } }, "IncidentSeverity": { - "enum": ["Informational", "Low", "Medium", "High"], + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], "type": "string", "example": "Informational", "x-ms-enum": { @@ -956,7 +1013,11 @@ } }, "IncidentStatus": { - "enum": ["New", "Active", "Closed"], + "enum": [ + "New", + "Active", + "Closed" + ], "type": "string", "example": "New", "x-ms-enum": { @@ -1019,7 +1080,9 @@ "x-ms-discriminator-value": "Property" }, "triggersOn": { - "enum": ["Incidents"], + "enum": [ + "Incidents" + ], "type": "string", "example": "Incidents", "x-ms-enum": { @@ -1033,7 +1096,9 @@ } }, "triggersWhen": { - "enum": ["Created"], + "enum": [ + "Created" + ], "type": "string", "example": "Created", "x-ms-enum": { @@ -1080,7 +1145,9 @@ }, "security": [ { - "azure_auth": ["user_impersonation"] + "azure_auth": [ + "user_impersonation" + ] } ], "tags": [ @@ -1090,7 +1157,13 @@ } ], "host": "management.azure.com", - "schemes": ["https"], - "produces": ["application/json"], - "consumes": ["application/json"] + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json index 0742b334c9ad..5359a15981e2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -68,4 +68,4 @@ } } } -} \ No newline at end of file +} From 1269bbf76a17a241ba003c2da457f049caa52db3 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Wed, 12 Jan 2022 18:49:01 +0200 Subject: [PATCH 08/29] examples --- .../AutomationRules_CreateOrUpdate.json | 13 +-- .../AutomationRules_Delete.json | 13 +-- .../automationRules/AutomationRules_Get.json | 109 +++++++++--------- .../automationRules/AutomationRules_List.json | 109 +++++++++--------- ...AutomationRules_ManualTriggerPlaybook.json | 20 ++-- 5 files changed, 121 insertions(+), 143 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index c393d9b45a34..ca1d0c818653 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -1,13 +1,10 @@ { "parameters": { - "parameters": { - "api-version": "2021-10-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "$top": 1 - }, + "api-version": "2021-10-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$top": 1, "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "automationRule": { "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json index 95c3b3b48823..dbc1306d0ecd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -1,13 +1,10 @@ { "parameters": { - "parameters": { - "api-version": "2021-10-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "$top": 1 - }, + "api-version": "2021-10-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$top": 1, "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" }, "responses": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json index 5359a15981e2..716c5daa25d2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -1,71 +1,66 @@ { "parameters": { - "parameters": { - "api-version": "2021-10-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "$top": 1 - } + "api-version": "2021-10-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$top": 1 }, "responses": { "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/automationRules", - "properties": { - "displayName": "High severity incidents escalation", - "order": 1, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "PropertyName": "IncidentRelatedAnalyticRuleIds", - "Operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ + "body": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "High severity incidents escalation", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" + "conditionType": "Property", + "conditionProperties": { + "PropertyName": "IncidentRelatedAnalyticRuleIds", + "Operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] } } - ], - "lastModifiedTimeUtc": "2019-01-01T13:00:30", - "createdTimeUtc": "2019-01-01T13:00:00", - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "name": "john doe", - "userPrincipalName": "john@contoso.com" - }, - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "name": "john doe", - "userPrincipalName": "john@contoso.com" + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30", + "createdTimeUtc": "2019-01-01T13:00:00", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" } } - ] - } + } + ] } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json index e424178bce6b..b073bc2532e7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -1,72 +1,67 @@ { "parameters": { - "parameters": { - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "api-version": "2021-10-01-preview", - "$top": 1 - } + "api-version": "2021-10-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$top": 1 }, "responses": { "200": { "body": { - "200": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/automationRules", - "properties": { - "displayName": "High severity incidents escalation", - "order": 1, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "PropertyName": "IncidentRelatedAnalyticRuleIds", - "Operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "High severity incidents escalation", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" + "conditionType": "Property", + "conditionProperties": { + "PropertyName": "IncidentRelatedAnalyticRuleIds", + "Operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] } } - ], - "lastModifiedTimeUtc": "2019-01-01T13:00:30", - "createdTimeUtc": "2019-01-01T13:00:00", - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "name": "john doe", - "userPrincipalName": "john@contoso.com" - }, - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "name": "john doe", - "userPrincipalName": "john@contoso.com" + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30", + "createdTimeUtc": "2019-01-01T13:00:00", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" } } - ] - } + } + ] } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json index baa7762b345a..ea4630b094e4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json @@ -1,22 +1,16 @@ { "parameters": { - "parameters": { - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "api-version": "2021-10-01-preview", - "manualTriggerRequestBody": { - "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", - "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" - } + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" } }, "responses": { "204": { - "body": { - "204": {} - } + "body": {} } } } From 4437c30ea5119fcd301e31a841ce8d80363c5d36 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Thu, 13 Jan 2022 08:53:15 +0200 Subject: [PATCH 09/29] Z --- .../automationRules/AutomationRules_CreateOrUpdate.json | 4 ++-- .../examples/automationRules/AutomationRules_Get.json | 4 ++-- .../examples/automationRules/AutomationRules_List.json | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index ca1d0c818653..1f7cdcf43ab9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -41,8 +41,8 @@ } } ], - "lastModifiedTimeUtc": "2019-01-01T13:00:30", - "createdTimeUtc": "2019-01-01T13:00:00", + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", "lastModifiedBy": { "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", "email": "john.doe@contoso.com", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json index 716c5daa25d2..2ea89bd68344 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -44,8 +44,8 @@ } } ], - "lastModifiedTimeUtc": "2019-01-01T13:00:30", - "createdTimeUtc": "2019-01-01T13:00:00", + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", "lastModifiedBy": { "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", "email": "john.doe@contoso.com", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json index b073bc2532e7..fe2a6c1c7090 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -45,8 +45,8 @@ } } ], - "lastModifiedTimeUtc": "2019-01-01T13:00:30", - "createdTimeUtc": "2019-01-01T13:00:00", + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", "lastModifiedBy": { "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", "email": "john.doe@contoso.com", From d1b8d9e8ac6fc35ec5c5e388ebd40fa242d596a6 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Thu, 13 Jan 2022 09:12:29 +0200 Subject: [PATCH 10/29] Z --- .../preview/2021-10-01-preview/AutomationRules.json | 2 +- .../automationRules/AutomationRules_CreateOrUpdate.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index c90860ea7d1c..b85314507887 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -1166,4 +1166,4 @@ "consumes": [ "application/json" ] -} +} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index 1f7cdcf43ab9..cf5ba5906974 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -95,8 +95,8 @@ } } ], - "lastModifiedTimeUtc": "2019-01-01T13:00:30", - "createdTimeUtc": "2019-01-01T13:00:00", + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", "lastModifiedBy": { "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", "email": "john.doe@contoso.com", From 995521c4bbd3f63f4642912d1733890c15f8ea13 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Thu, 13 Jan 2022 09:19:01 +0200 Subject: [PATCH 11/29] responses --- .../AutomationRules_CreateOrUpdate.json | 53 +++++++++++++++++++ .../AutomationRules_Delete.json | 3 ++ 2 files changed, 56 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index cf5ba5906974..f6ff2c618bc9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -111,6 +111,59 @@ } } } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "High severity incidents escalation", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "PropertyName": "IncidentRelatedAnalyticRuleIds", + "Operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json index dbc1306d0ecd..20ada5504159 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -10,6 +10,9 @@ "responses": { "200": { "body": {} + }, + "204": { + "body": {} } } } From 9293b5480380d11d40151a7e2c60e9ab08211688 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Thu, 13 Jan 2022 11:09:26 +0200 Subject: [PATCH 12/29] fix --- .../2021-10-01-preview/AutomationRules.json | 227 +++++++++++------- .../automationRules/AutomationRules_Get.json | 3 +- 2 files changed, 144 insertions(+), 86 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index b85314507887..af8969101c3a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -9,7 +9,7 @@ } }, "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleResourceName}": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { "get": { "tags": [ "automationRules" @@ -33,11 +33,7 @@ "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" }, { - "in": "path", - "name": "automationRuleResourceName", - "description": "Automation rule ID", - "required": true, - "type": "string" + "$ref": "#/parameters/AutomationRuleId" } ], "responses": { @@ -86,11 +82,7 @@ "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" }, { - "in": "path", - "name": "automationRuleResourceName", - "description": "Automation rule ID", - "required": true, - "type": "string" + "$ref": "#/parameters/AutomationRuleId" }, { "in": "body", @@ -150,10 +142,7 @@ "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" }, { - "in": "path", - "name": "automationRuleResourceName", - "required": true, - "type": "string" + "$ref": "#/parameters/AutomationRuleId" } ], "responses": { @@ -279,7 +268,7 @@ ], "responses": { "204": { - "description": "No Content" + "description": "Success" }, "default": { "description": "Error response describing why the operation failed.", @@ -310,10 +299,12 @@ "modelAsString": true, "values": [ { - "value": "ModifyProperties" + "value": "ModifyProperties", + "description": "Modify an object's properties" }, { - "value": "RunPlaybook" + "value": "RunPlaybook", + "description": "Run a playbook on an object" } ] } @@ -449,28 +440,36 @@ "modelAsString": true, "values": [ { - "value": "Equals" + "value": "Equals", + "description": "Evaluates if the property equals at least one of the condition values" }, { - "value": "NotEquals" + "value": "NotEquals", + "description": "Evaluates if the property does not equal any of the condition values" }, { - "value": "Contains" + "value": "Contains", + "description": "Evaluates if the property contains at least one of the condition values" }, { - "value": "NotContains" + "value": "NotContains", + "description": "Evaluates if the property does not contain any of the condition values" }, { - "value": "StartsWith" + "value": "StartsWith", + "description": "Evaluates if the property starts with any of the condition values" }, { - "value": "NotStartsWith" + "value": "NotStartsWith", + "description": "Evaluates if the property does not start with any of the condition values" }, { - "value": "EndsWith" + "value": "EndsWith", + "description": "Evaluates if the property ends with any of the condition values" }, { - "value": "NotEndsWith" + "value": "NotEndsWith", + "description": "Evaluates if the property does not end with any of the condition values" } ] } @@ -541,169 +540,224 @@ "modelAsString": true, "values": [ { - "value": "IncidentTitle" + "value": "IncidentTitle", + "description": "The title of the incident" }, { - "value": "IncidentDescription" + "value": "IncidentDescription", + "description": "The description of the incident" }, { - "value": "IncidentSeverity" + "value": "IncidentSeverity", + "description": "The severity of the incident" }, { - "value": "IncidentStatus" + "value": "IncidentStatus", + "description": "The status of the incident" }, { - "value": "IncidentRelatedAnalyticRuleIds" + "value": "IncidentRelatedAnalyticRuleIds", + "description": "The related Analytic rule ids of the incident" }, { - "value": "IncidentTactics" + "value": "IncidentTactics", + "description": "The tactics of the incident" }, { - "value": "IncidentLabel" + "value": "IncidentLabel", + "description": "The labels of the incident" }, { - "value": "IncidentProviderName" + "value": "IncidentProviderName", + "description": "The provider name of the incident" }, { - "value": "IncidentOwner" + "value": "IncidentOwner", + "description": "The owner of the incident" }, { - "value": "AccountAadTenantId" + "value": "AccountAadTenantId", + "description": "The account Azure Active Directory tenant id" }, { - "value": "AccountAadUserId" + "value": "AccountAadUserId", + "description": "The account Azure Active Directory user id" }, { - "value": "AccountName" + "value": "AccountName", + "description": "The account name" }, { - "value": "AccountNTDomain" + "value": "AccountNTDomain", + "description": "The account NetBIOS domain name" }, { - "value": "AccountPUID" + "value": "AccountPUID", + "description": "The account Azure Active Directory Passport User ID" }, { - "value": "AccountSid" + "value": "AccountSid", + "description": "The account security identifier" }, { - "value": "AccountObjectGuid" + "value": "AccountObjectGuid", + "description": "The account unique identifier" }, { - "value": "AccountUPNSuffix" + "value": "AccountUPNSuffix", + "description": "The account user principal name suffix" }, { - "value": "AlertProductNames" + "value": "AlertProductNames", + "description": "The name of the product of the alert" }, { - "value": "AzureResourceResourceId" + "value": "AzureResourceResourceId", + "description": "The Azure resource id" }, { - "value": "AzureResourceSubscriptionId" + "value": "AzureResourceSubscriptionId", + "description": "The Azure resource subscription id" }, { - "value": "CloudApplicationAppId" + "value": "CloudApplicationAppId", + "description": "The cloud application identifier" }, { - "value": "CloudApplicationAppName" + "value": "CloudApplicationAppName", + "description": "The cloud application name" }, { - "value": "DNSDomainName" + "value": "DNSDomainName", + "description": "The dns record domain name" }, { - "value": "FileDirectory" + "value": "FileDirectory", + "description": "The file directory full path" }, { - "value": "FileName" + "value": "FileName", + "description": "The file name without path" }, { - "value": "FileHashValue" + "value": "FileHashValue", + "description": "The file hash value" }, { - "value": "HostAzureID" + "value": "HostAzureID", + "description": "The host Azure resource id" }, { - "value": "HostName" + "value": "HostName", + "description": "The host name without domain" }, { - "value": "HostNetBiosName" + "value": "HostNetBiosName", + "description": "The host NetBIOS name" }, { - "value": "HostNTDomain" + "value": "HostNTDomain", + "description": "The host NT domain" }, { - "value": "HostOSVersion" + "value": "HostOSVersion", + "description": "The host operating system" }, { - "value": "IoTDeviceId" + "value": "IoTDeviceId", + "description": "\"The IoT device id" }, { - "value": "IoTDeviceName" + "value": "IoTDeviceName", + "description": "The IoT device name" }, { - "value": "IoTDeviceType" + "value": "IoTDeviceType", + "description": "The IoT device type" }, { - "value": "IoTDeviceVendor" + "value": "IoTDeviceVendor", + "description": "The IoT device vendor" }, { - "value": "IoTDeviceModel" + "value": "IoTDeviceModel", + "description": "The IoT device model" }, { - "value": "IoTDeviceOperatingSystem" + "value": "IoTDeviceOperatingSystem", + "description": "The IoT device operating system" }, { - "value": "IPAddress" + "value": "IPAddress", + "description": "The IP address" }, { - "value": "MailboxDisplayName" + "value": "MailboxDisplayName", + "description": "The mailbox display name" }, { - "value": "MailboxPrimaryAddress" + "value": "MailboxPrimaryAddress", + "description": "The mailbox primary address" }, { - "value": "MailboxUPN" + "value": "MailboxUPN", + "description": "The mailbox user principal name" }, { - "value": "MailMessageDeliveryAction" + "value": "MailMessageDeliveryAction", + "description": "The mail message delivery action" }, { - "value": "MailMessageDeliveryLocation" + "value": "MailMessageDeliveryLocation", + "description": "The mail message delivery location" }, { - "value": "MailMessageRecipient" + "value": "MailMessageRecipient", + "description": "The mail message recipient" }, { - "value": "MailMessageSenderIP" + "value": "MailMessageSenderIP", + "description": "The mail message sender IP address" }, { - "value": "MailMessageSubject" + "value": "MailMessageSubject", + "description": "The mail message subject" }, { - "value": "MailMessageP1Sender" + "value": "MailMessageP1Sender", + "description": "The mail message P1 sender" }, { - "value": "MailMessageP2Sender" + "value": "MailMessageP2Sender", + "description": "The mail message P2 sender" }, { - "value": "MalwareCategory" + "value": "MalwareCategory", + "description": "The malware category" }, { - "value": "MalwareName" + "value": "MalwareName", + "description": "The malware name" }, { - "value": "ProcessCommandLine" + "value": "ProcessCommandLine", + "description": "The process execution command line" }, { - "value": "ProcessId" + "value": "ProcessId", + "description": "The process id" }, { - "value": "RegistryKey" + "value": "RegistryKey", + "description": "The registry key path" }, { - "value": "RegistryValueData" + "value": "RegistryValueData", + "description": "The registry key value in string formatted representation" }, { - "value": "Url" + "value": "Url", + "description": "The url" } ] } @@ -817,7 +871,8 @@ "modelAsString": true, "values": [ { - "value": "Property" + "value": "Property", + "description": "Evaluate an object property value" } ] } @@ -1090,7 +1145,8 @@ "modelAsString": true, "values": [ { - "value": "Incidents" + "value": "Incidents", + "description": "Trigger on Incidents" } ] } @@ -1106,7 +1162,8 @@ "modelAsString": true, "values": [ { - "value": "Created" + "value": "Created", + "description": "Trigger on created objects" } ] } @@ -1166,4 +1223,4 @@ "consumes": [ "application/json" ] -} \ No newline at end of file +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json index 2ea89bd68344..03246dc5696d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -4,7 +4,8 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "$top": 1 + "$top": 1, + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" }, "responses": { "200": { From 5acc680de725ee5ac29f81f002816feb0c4a8052 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Thu, 13 Jan 2022 12:54:59 +0200 Subject: [PATCH 13/29] fixes --- .../2021-10-01-preview/AutomationRules.json | 15 ++- .../automationRules/AutomationRules_List.json | 92 +++++++++---------- ...AutomationRules_ManualTriggerPlaybook.json | 1 + 3 files changed, 58 insertions(+), 50 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index af8969101c3a..a9b2da034545 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -147,10 +147,16 @@ ], "responses": { "200": { - "description": "Ok" + "description": "Ok", + "schema": { + "type":"object" + } }, "204": { - "description": "No Content" + "description": "No Content", + "schema": { + "type":"object" + } }, "default": { "description": "Error response describing why the operation failed.", @@ -268,7 +274,10 @@ ], "responses": { "204": { - "description": "Success" + "description": "Success", + "schema": { + "type":"object" + } }, "default": { "description": "Error response describing why the operation failed.", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json index fe2a6c1c7090..9d9c6040625c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -9,59 +9,57 @@ "responses": { "200": { "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/automationRules", - "properties": { - "displayName": "High severity incidents escalation", - "order": 1, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "PropertyName": "IncidentRelatedAnalyticRuleIds", - "Operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ + "value": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "High severity incidents escalation", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" + "conditionType": "Property", + "conditionProperties": { + "PropertyName": "IncidentRelatedAnalyticRuleIds", + "Operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] } } - ], - "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", - "createdTimeUtc": "2019-01-01T13:00:00Z", - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "name": "john doe", - "userPrincipalName": "john@contoso.com" - }, - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "name": "john doe", - "userPrincipalName": "john@contoso.com" + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" } } - ] + } } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json index ea4630b094e4..e865d77c0147 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json @@ -1,5 +1,6 @@ { "parameters": { + "api-version": "2021-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", From 2ea68ab4fb3f4be74b6b1861c72335795163234b Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Thu, 13 Jan 2022 13:22:33 +0200 Subject: [PATCH 14/29] fix --- .../automationRules/AutomationRules_Get.json | 92 +++++++++---------- .../automationRules/AutomationRules_List.json | 92 ++++++++++--------- ...AutomationRules_ManualTriggerPlaybook.json | 1 + 3 files changed, 93 insertions(+), 92 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json index 03246dc5696d..5110d15f8cce 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -9,59 +9,57 @@ }, "responses": { "200": { - "body": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/automationRules", - "properties": { - "displayName": "High severity incidents escalation", - "order": 1, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "PropertyName": "IncidentRelatedAnalyticRuleIds", - "Operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "High severity incidents escalation", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" + "conditionType": "Property", + "conditionProperties": { + "PropertyName": "IncidentRelatedAnalyticRuleIds", + "Operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] } } - ], - "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", - "createdTimeUtc": "2019-01-01T13:00:00Z", - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "name": "john doe", - "userPrincipalName": "john@contoso.com" - }, - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "name": "john doe", - "userPrincipalName": "john@contoso.com" + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" } } - ] + } } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json index 9d9c6040625c..fe2a6c1c7090 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -9,57 +9,59 @@ "responses": { "200": { "body": { - "value": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/automationRules", - "properties": { - "displayName": "High severity incidents escalation", - "order": 1, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "High severity incidents escalation", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "PropertyName": "IncidentRelatedAnalyticRuleIds", + "Operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ { - "conditionType": "Property", - "conditionProperties": { - "PropertyName": "IncidentRelatedAnalyticRuleIds", - "Operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" } } - ] - }, - "actions": [ - { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" - } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" } - ], - "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", - "createdTimeUtc": "2019-01-01T13:00:00Z", - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "name": "john doe", - "userPrincipalName": "john@contoso.com" - }, - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "name": "john doe", - "userPrincipalName": "john@contoso.com" } } - } + ] } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json index e865d77c0147..c6a417834c45 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/manualTrigger/AutomationRules_ManualTriggerPlaybook.json @@ -4,6 +4,7 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", + "incidentIdentifier": "73e01a99-5cd7-4139-a149-9f2736ff2ar4", "manualTriggerRequestBody": { "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" From d57269dd2ad4346caea705bdad68a7933489cc75 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Thu, 13 Jan 2022 13:25:25 +0200 Subject: [PATCH 15/29] prettier --- .../preview/2021-10-01-preview/AutomationRules.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index a9b2da034545..638b915c13b4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -149,13 +149,13 @@ "200": { "description": "Ok", "schema": { - "type":"object" + "type": "object" } }, "204": { "description": "No Content", "schema": { - "type":"object" + "type": "object" } }, "default": { @@ -276,7 +276,7 @@ "204": { "description": "Success", "schema": { - "type":"object" + "type": "object" } }, "default": { From 59005e5e3665df9468431f6ef0283b53d36c41bd Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Sun, 16 Jan 2022 08:53:14 +0200 Subject: [PATCH 16/29] PR Fixes --- .../preview/2021-10-01-preview/AutomationRules.json | 9 ++++++--- .../AutomationRules_CreateOrUpdate.json | 12 ++++++------ .../automationRules/AutomationRules_Get.json | 4 ++-- .../automationRules/AutomationRules_List.json | 4 ++-- 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index 638b915c13b4..8e0f6caf9313 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -416,12 +416,14 @@ "lastModifiedTimeUtc": { "format": "date-time", "description": "The last time the automation rule was updated", - "type": "string" + "type": "string", + "readOnly": true }, "createdTimeUtc": { "format": "date-time", "description": "The time the automation rule was created", - "type": "string" + "type": "string", + "readOnly": true }, "lastModifiedBy": { "$ref": "#/definitions/ClientInfo" @@ -1013,7 +1015,8 @@ "type": "array", "items": { "$ref": "#/definitions/IncidentPropertiesActionLabelProperties" - } + }, + "x-ms-identifiers": ["labelName"] } } }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index f6ff2c618bc9..082a74745faf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -22,8 +22,8 @@ { "conditionType": "Property", "conditionProperties": { - "PropertyName": "IncidentRelatedAnalyticRuleIds", - "Operator": "Contains", + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", "propertyValues": [ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" @@ -76,8 +76,8 @@ { "conditionType": "Property", "conditionProperties": { - "PropertyName": "IncidentRelatedAnalyticRuleIds", - "Operator": "Contains", + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", "propertyValues": [ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" @@ -129,8 +129,8 @@ { "conditionType": "Property", "conditionProperties": { - "PropertyName": "IncidentRelatedAnalyticRuleIds", - "Operator": "Contains", + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", "propertyValues": [ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json index 5110d15f8cce..5eebba4b23fc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -25,8 +25,8 @@ { "conditionType": "Property", "conditionProperties": { - "PropertyName": "IncidentRelatedAnalyticRuleIds", - "Operator": "Contains", + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", "propertyValues": [ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json index fe2a6c1c7090..ed7aa84ec5fd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -26,8 +26,8 @@ { "conditionType": "Property", "conditionProperties": { - "PropertyName": "IncidentRelatedAnalyticRuleIds", - "Operator": "Contains", + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", "propertyValues": [ "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" From de7c2966029216308c13cd698061a86020370869 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Sun, 16 Jan 2022 09:52:42 +0200 Subject: [PATCH 17/29] PR Fixes --- .../preview/2021-10-01-preview/AutomationRules.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index 8e0f6caf9313..9c48bde1c95a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -1219,12 +1219,6 @@ ] } ], - "tags": [ - { - "name": "AutomationRules", - "description": "Controller that handles requests forwarded from ASI RP for automation rules CRUD ARM APIs." - } - ], "host": "management.azure.com", "schemes": [ "https" From ee14c685c93e87af2bf5877f67db6e1b5c3fbb85 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Sun, 16 Jan 2022 10:05:26 +0200 Subject: [PATCH 18/29] PR Fixes --- .../preview/2021-10-01-preview/AutomationRules.json | 12 ------------ .../AutomationRules_CreateOrUpdate.json | 1 - .../automationRules/AutomationRules_Delete.json | 1 - .../automationRules/AutomationRules_Get.json | 1 - .../automationRules/AutomationRules_List.json | 3 +-- 5 files changed, 1 insertion(+), 17 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index 9c48bde1c95a..39c56426efd8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -194,18 +194,6 @@ }, { "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" - }, - { - "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" - }, - { - "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" - }, - { - "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" - }, - { - "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" } ], "responses": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index 082a74745faf..48911abd9d83 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -4,7 +4,6 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "$top": 1, "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "automationRule": { "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json index 20ada5504159..8fa82c1486f9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -4,7 +4,6 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "$top": 1, "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" }, "responses": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json index 5eebba4b23fc..964891b64a52 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -4,7 +4,6 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "$top": 1, "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" }, "responses": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json index ed7aa84ec5fd..b51b48bbf628 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -3,8 +3,7 @@ "api-version": "2021-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "$top": 1 + "workspaceName": "myWorkspace" }, "responses": { "200": { From 7f781899b859f77191d2df9058df5bcb9d7d3ac5 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Mon, 17 Jan 2022 10:18:41 +0200 Subject: [PATCH 19/29] fix --- .../2021-10-01-preview/AutomationRules.json | 24 +++---------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index 39c56426efd8..3852ced39784 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -414,10 +414,10 @@ "readOnly": true }, "lastModifiedBy": { - "$ref": "#/definitions/ClientInfo" + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" }, "createdBy": { - "$ref": "#/definitions/ClientInfo" + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" } } }, @@ -842,23 +842,6 @@ } } }, - "ClientInfo": { - "type": "object", - "properties": { - "objectId": { - "type": "string" - }, - "email": { - "type": "string" - }, - "name": { - "type": "string" - }, - "userPrincipalName": { - "type": "string" - } - } - }, "ConditionType": { "enum": [ "Property" @@ -1003,8 +986,7 @@ "type": "array", "items": { "$ref": "#/definitions/IncidentPropertiesActionLabelProperties" - }, - "x-ms-identifiers": ["labelName"] + } } } }, From d1c2c846c7b321abf46630e8c3278e1e38f28fe1 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Mon, 17 Jan 2022 10:50:41 +0200 Subject: [PATCH 20/29] fix --- .../2021-10-01-preview/AutomationRules.json | 2 +- .../common/IncidentTypes.json | 45 ++++++++++--------- 2 files changed, 25 insertions(+), 22 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index 3852ced39784..b964a1185f6b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -997,7 +997,7 @@ "type": "string" }, "labelType": { - "$ref": "#/definitions/IncidentLabelType" + "$ref": "./common/IncidnetTypes.json#/definitions/IncidentLabelType" } } }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/common/IncidentTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/common/IncidentTypes.json index 2f78e4e96b20..b7c350d0b110 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/common/IncidentTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/common/IncidentTypes.json @@ -78,27 +78,7 @@ "type": "string" }, "labelType": { - "description": "The type of the label", - "enum": [ - "User", - "System" - ], - "type": "string", - "readOnly": true, - "x-ms-enum": { - "modelAsString": true, - "name": "IncidentLabelType", - "values": [ - { - "description": "Label manually created by a user", - "value": "User" - }, - { - "description": "Label automatically created by the system", - "value": "System" - } - ] - } + "$ref": "#/definitions/IncidentLabelType" } }, "required": [ @@ -106,6 +86,29 @@ ], "type": "object" }, + "IncidentLabelType": { + "description": "The type of the label", + "enum": [ + "User", + "System" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentLabelType", + "values": [ + { + "description": "Label manually created by a user", + "value": "User" + }, + { + "description": "Label automatically created by the system", + "value": "System" + } + ] + } + }, "IncidentSeverityEnum": { "description": "The severity of the incident", "enum": [ From 39068fa1e055cff2f41d255410c761519c7b4f9f Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Mon, 17 Jan 2022 11:00:36 +0200 Subject: [PATCH 21/29] fix --- .../preview/2021-10-01-preview/AutomationRules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index b964a1185f6b..b4cc0a0126da 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -997,7 +997,7 @@ "type": "string" }, "labelType": { - "$ref": "./common/IncidnetTypes.json#/definitions/IncidentLabelType" + "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabelType" } } }, From 6785fcc385a3e88e3182e9a0f41241d2a92d6d7b Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Mon, 17 Jan 2022 12:50:29 +0200 Subject: [PATCH 22/29] fix --- .../2021-10-01-preview/AutomationRules.json | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index b4cc0a0126da..ea327a91b4dd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -915,26 +915,6 @@ ] } }, - "IncidentLabelType": { - "enum": [ - "User", - "AutoAssigned" - ], - "type": "string", - "example": "User", - "x-ms-enum": { - "name": "IncidentLabelType", - "modelAsString": true, - "values": [ - { - "value": "User" - }, - { - "value": "AutoAssigned" - } - ] - } - }, "IncidentOwnerType": { "enum": [ "Unknown", From 691db32c3825b3f3c4a7a0871ea5ada3a23dc0d6 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Mon, 17 Jan 2022 13:05:52 +0200 Subject: [PATCH 23/29] Last --- .../preview/2021-10-01-preview/AutomationRules.json | 1 + 1 file changed, 1 insertion(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index ea327a91b4dd..d3f720dcd3c1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -964,6 +964,7 @@ "labels": { "description": "List of labels to add to the incident", "type": "array", + "x-ms-identifiers": [], "items": { "$ref": "#/definitions/IncidentPropertiesActionLabelProperties" } From 6d4611db1fd2751b2fae326dbadee0d7fc6a2e43 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Tue, 18 Jan 2022 11:10:11 +0200 Subject: [PATCH 24/29] PR Fixes --- .../preview/2021-10-01-preview/AutomationRules.json | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index d3f720dcd3c1..9c13517ba998 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -225,7 +225,7 @@ "tags": [ "manualTrigger" ], - "description": "Creates or updates the automation rule.", + "description": "Triggers playbook on a specific incident", "operationId": "AutomationRules_ManualTriggerPlaybook", "consumes": [ "application/json" @@ -414,9 +414,11 @@ "readOnly": true }, "lastModifiedBy": { + "readOnly": true, "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" }, "createdBy": { + "readOnly": true, "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" } } @@ -484,7 +486,6 @@ "IncidentTactics", "IncidentLabel", "IncidentProviderName", - "IncidentOwner", "AccountAadTenantId", "AccountAadUserId", "AccountName", @@ -570,10 +571,6 @@ "value": "IncidentProviderName", "description": "The provider name of the incident" }, - { - "value": "IncidentOwner", - "description": "The owner of the incident" - }, { "value": "AccountAadTenantId", "description": "The account Azure Active Directory tenant id" @@ -964,7 +961,7 @@ "labels": { "description": "List of labels to add to the incident", "type": "array", - "x-ms-identifiers": [], + "x-ms-identifiers": ["/properties/labelName"], "items": { "$ref": "#/definitions/IncidentPropertiesActionLabelProperties" } From c6fb22b1d199d74049ee27f59f177e28ebf52bde Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Tue, 18 Jan 2022 11:16:28 +0200 Subject: [PATCH 25/29] Last --- .../preview/2021-10-01-preview/AutomationRules.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index 9c13517ba998..dfb0991dc6fb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -961,7 +961,9 @@ "labels": { "description": "List of labels to add to the incident", "type": "array", - "x-ms-identifiers": ["/properties/labelName"], + "x-ms-identifiers": [ + "labelName" + ], "items": { "$ref": "#/definitions/IncidentPropertiesActionLabelProperties" } From d66e469ee1499c3d078c7eed3cfdfbe1aec42dc8 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Tue, 18 Jan 2022 11:33:24 +0200 Subject: [PATCH 26/29] tryFix --- .../2021-10-01-preview/AutomationRules.json | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index dfb0991dc6fb..d7c99e6a5ebb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -961,26 +961,12 @@ "labels": { "description": "List of labels to add to the incident", "type": "array", - "x-ms-identifiers": [ - "labelName" - ], "items": { - "$ref": "#/definitions/IncidentPropertiesActionLabelProperties" + "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" } } } }, - "IncidentPropertiesActionLabelProperties": { - "type": "object", - "properties": { - "labelName": { - "type": "string" - }, - "labelType": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabelType" - } - } - }, "IncidentPropertiesActionOwnerInfo": { "type": "object", "properties": { From ce7461c94fbda3c4f3596aaf36b1b3bf228300da Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Tue, 18 Jan 2022 11:39:25 +0200 Subject: [PATCH 27/29] tryFix --- .../preview/2021-10-01-preview/AutomationRules.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index d7c99e6a5ebb..877a3e96d247 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -961,6 +961,9 @@ "labels": { "description": "List of labels to add to the incident", "type": "array", + "x-ms-identifiers": [ + "/labelName" + ], "items": { "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" } From b7c949316409096bd725d9b5d7dffc7a7a5ee624 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Tue, 18 Jan 2022 13:18:43 +0200 Subject: [PATCH 28/29] incidentTypes --- .../2021-10-01-preview/AutomationRules.json | 149 +----------------- 1 file changed, 6 insertions(+), 143 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index 877a3e96d247..f0628027b9ae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -857,84 +857,10 @@ } }, "IncidentClassification": { - "enum": [ - "Undetermined", - "TruePositive", - "BenignPositive", - "FalsePositive" - ], - "type": "string", - "example": "Undetermined", - "x-ms-enum": { - "name": "IncidentClassification", - "modelAsString": true, - "values": [ - { - "value": "Undetermined" - }, - { - "value": "TruePositive" - }, - { - "value": "BenignPositive" - }, - { - "value": "FalsePositive" - } - ] - } + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum" }, "IncidentClassificationReason": { - "enum": [ - "SuspiciousActivity", - "SuspiciousButExpected", - "IncorrectAlertLogic", - "InaccurateData" - ], - "type": "string", - "example": "SuspiciousActivity", - "x-ms-enum": { - "name": "IncidentClassificationReason", - "modelAsString": true, - "values": [ - { - "value": "SuspiciousActivity" - }, - { - "value": "SuspiciousButExpected" - }, - { - "value": "IncorrectAlertLogic" - }, - { - "value": "InaccurateData" - } - ] - } - }, - "IncidentOwnerType": { - "enum": [ - "Unknown", - "User", - "Group" - ], - "type": "string", - "example": "Unknown", - "x-ms-enum": { - "name": "IncidentOwnerType", - "modelAsString": true, - "values": [ - { - "value": "Unknown" - }, - { - "value": "User" - }, - { - "value": "Group" - } - ] - } + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" }, "IncidentPropertiesAction": { "type": "object", @@ -962,7 +888,7 @@ "description": "List of labels to add to the incident", "type": "array", "x-ms-identifiers": [ - "/labelName" + "labelName" ], "items": { "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" @@ -971,76 +897,13 @@ } }, "IncidentPropertiesActionOwnerInfo": { - "type": "object", - "properties": { - "objectId": { - "type": "string" - }, - "email": { - "type": "string" - }, - "assignedTo": { - "type": "string" - }, - "userPrincipalName": { - "type": "string" - }, - "ownerType": { - "$ref": "#/definitions/IncidentOwnerType" - } - } + "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo" }, "IncidentSeverity": { - "enum": [ - "Informational", - "Low", - "Medium", - "High" - ], - "type": "string", - "example": "Informational", - "x-ms-enum": { - "name": "IncidentSeverity", - "modelAsString": true, - "values": [ - { - "value": "Informational" - }, - { - "value": "Low" - }, - { - "value": "Medium" - }, - { - "value": "High" - } - ] - } + "ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" }, "IncidentStatus": { - "enum": [ - "New", - "Active", - "Closed" - ], - "type": "string", - "example": "New", - "x-ms-enum": { - "name": "IncidentStatus", - "modelAsString": true, - "values": [ - { - "value": "New" - }, - { - "value": "Active" - }, - { - "value": "Closed" - } - ] - } + "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum" }, "ManualTriggerRequestBody": { "type": "object", From b9e9274a8976401067780a4bf1b9b064e56875d7 Mon Sep 17 00:00:00 2001 From: Roy Reinhorn Date: Tue, 18 Jan 2022 13:27:44 +0200 Subject: [PATCH 29/29] fix --- .../2021-10-01-preview/AutomationRules.json | 20 ++++--------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json index f0628027b9ae..eb5d403d4635 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AutomationRules.json @@ -856,26 +856,20 @@ ] } }, - "IncidentClassification": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum" - }, - "IncidentClassificationReason": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" - }, "IncidentPropertiesAction": { "type": "object", "properties": { "severity": { - "$ref": "#/definitions/IncidentSeverity" + "$ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" }, "status": { - "$ref": "#/definitions/IncidentStatus" + "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum" }, "classification": { - "$ref": "#/definitions/IncidentClassification" + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum" }, "classificationReason": { - "$ref": "#/definitions/IncidentClassificationReason" + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" }, "classificationComment": { "description": "Describes the reason the incident was closed", @@ -899,12 +893,6 @@ "IncidentPropertiesActionOwnerInfo": { "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo" }, - "IncidentSeverity": { - "ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" - }, - "IncidentStatus": { - "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum" - }, "ManualTriggerRequestBody": { "type": "object", "properties": {