From 9af9e38223220c6b9edcd9f6065d48c7c723ca06 Mon Sep 17 00:00:00 2001 From: nirgafni Date: Mon, 31 Dec 2018 15:00:03 +0200 Subject: [PATCH 01/20] Creating first and basic swagger for new RP of ASI (Azure Security Insight). This RP is an extension RP of "Microsoft.operationalinsights", and it is coupled to a Log analytics workspace. This is a first iteration in order to create a simple RP with single endpoint, after it wil work the API will be changed with the actual and full endpoints based on the learnings from this POC. --- .../preview/2019-01-01/SecurityInsight.json | 359 ++++++++++++++++++ .../2019-01-01/examples/CreateAlertRule.json | 38 ++ .../2019-01-01/examples/GetAlertRuleById.json | 23 ++ 3 files changed, 420 insertions(+) create mode 100644 specification/securityinsight/preview/2019-01-01/SecurityInsight.json create mode 100644 specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json create mode 100644 specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json diff --git a/specification/securityinsight/preview/2019-01-01/SecurityInsight.json b/specification/securityinsight/preview/2019-01-01/SecurityInsight.json new file mode 100644 index 000000000000..a224d7b15538 --- /dev/null +++ b/specification/securityinsight/preview/2019-01-01/SecurityInsight.json @@ -0,0 +1,359 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Succesfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/operationsList" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get an alert rule.": { + "$ref": "./examples/GetAlertRuleById.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets an alert rule.", + "operationId": "AlertRules_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "name": "operationalInsightsResourceProvider", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of workspaces resource provider- Microsoft.operationalinsights." + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "creates or updates an alert rule.": { + "$ref": "./examples/CreateAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "operationId": "AlertRules_Create", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AlertRule" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "operation": { + "description": "Operation provided by provider", + "properties": { + "name": { + "type": "string", + "description": "Name of the operation" + }, + "display": { + "type": "object", + "description": "Properties of the operation", + "properties": { + "provider": { + "type": "string", + "description": "Provider name" + }, + "resource": { + "type": "string", + "description": "Resource name" + }, + "operation": { + "type": "string", + "description": "Operation name" + }, + "description": { + "type": "string", + "description": "Description of the operation" + } + } + } + } + }, + "operationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alerts.", + "type": "string" + }, + "value": { + "description": "Array of operations", + "type": "array", + "items": { + "$ref": "#/definitions/operation" + } + } + }, + "required": [ + "value" + ] + }, + "CloudError": { + "x-ms-external": true, + "type": "object", + "description": "Error response structure.", + "properties": { + "error": { + "x-ms-client-flatten": true, + "description": "Error data", + "$ref": "#/definitions/CloudErrorBody" + } + } + }, + "CloudErrorBody": { + "x-ms-external": true, + "type": "object", + "description": "Error details.", + "properties": { + "code": { + "readOnly": true, + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "readOnly": true, + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + } + }, + "AlertRule": { + "type": "object", + "description": "Alert rule.", + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Alert rule properties", + "$ref": "#/definitions/AlertRuleProperties" + } + } + }, + "AlertRuleProperties": { + "type": "object", + "description": "Alert rule property bag.", + "properties": { + "query": { + "type": "string", + "description": "The query that will create alerts for this rule." + }, + "period": { + "type": "string", + "description": "The period that the alert will look at." + } + } + }, + "Resource": { + "x-ms-azure-resource": true, + "description": "An azure resource object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Azure resource Id" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "Azure resource type" + }, + "name": { + "type": "string", + "readOnly": true, + "description": "Azure resource name" + } + } + } + }, + "parameters": { + "SubscriptionId": { + "name": "subscriptionId", + "in": "path", + "required": true, + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "type": "string", + "description": "Azure subscription ID" + }, + "ResourceGroupName": { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90, + "x-ms-parameter-location": "method" + }, + "ApiVersion": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "enum": [ + "2019-01-01-preview" + ], + "description": "API version for the operation" + }, + "WorkspaceName": { + "name": "workspaceName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the workspace.", + "minLength": 1, + "maxLength": 90, + "x-ms-parameter-location": "method" + }, + "RuleId": { + "name": "ruleId", + "in": "path", + "required": true, + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "type": "string", + "description": "Alert rule ID", + "x-ms-parameter-location": "method" + }, + "AlertRule": { + "name": "alertRule", + "in": "body", + "description": "The alert rule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" + } + } +} \ No newline at end of file diff --git a/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json b/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json new file mode 100644 index 000000000000..58d5fb42aa25 --- /dev/null +++ b/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.operationalinsights", + "ruleId ": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "properties": { + "query": "search *", + "period": "24H" + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/SecurityAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "myAlertRule", + "type": "Microsoft.SecurityInsights/SecurityAlertRules", + "properties": { + "query": "search *", + "period": "24H" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/SecurityAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "myAlertRule", + "type": "Microsoft.SecurityInsights/SecurityAlertRules", + "properties": { + "query": "search *", + "period": "24H" + } + } + } + } +} \ No newline at end of file diff --git a/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json b/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json new file mode 100644 index 000000000000..6f6b21f30d5b --- /dev/null +++ b/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.operationalinsights", + "ruleId ": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/SecurityAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "myAlertRule", + "type": "Microsoft.SecurityInsights/SecurityAlertRules", + "properties": { + "query": "search *", + "period": "24H" + } + } + } + } +} \ No newline at end of file From de2a4c93973801b0fb5b8590f1cdf51985c908d4 Mon Sep 17 00:00:00 2001 From: nirgafni Date: Mon, 31 Dec 2018 15:35:46 +0200 Subject: [PATCH 02/20] updating the operationalInsightsResourceProvider to be a global parameter and reuse it in the PUT same as in the GET --- .../preview/2019-01-01/SecurityInsight.json | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/specification/securityinsight/preview/2019-01-01/SecurityInsight.json b/specification/securityinsight/preview/2019-01-01/SecurityInsight.json index a224d7b15538..ec8918584390 100644 --- a/specification/securityinsight/preview/2019-01-01/SecurityInsight.json +++ b/specification/securityinsight/preview/2019-01-01/SecurityInsight.json @@ -82,11 +82,7 @@ "$ref": "#/parameters/ResourceGroupName" }, { - "name": "operationalInsightsResourceProvider", - "in": "path", - "required": true, - "type": "string", - "description": "The namespace of workspaces resource provider- Microsoft.operationalinsights." + "$ref": "#/parameters/OperationalInsightsResourceProvider" }, { "$ref": "#/parameters/WorkspaceName" @@ -131,6 +127,9 @@ { "$ref": "#/parameters/ResourceGroupName" }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, { "$ref": "#/parameters/WorkspaceName" }, @@ -326,6 +325,14 @@ ], "description": "API version for the operation" }, + "OperationalInsightsResourceProvider": { + "name": "operationalInsightsResourceProvider", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of workspaces resource provider- Microsoft.operationalinsights.", + "x-ms-parameter-location": "method" + }, "WorkspaceName": { "name": "workspaceName", "in": "path", From 8e0cd138c77ac1948d3bbc9f88c8f77057b786f7 Mon Sep 17 00:00:00 2001 From: nirgafni Date: Wed, 2 Jan 2019 07:24:58 +0200 Subject: [PATCH 03/20] Fixing comments from PR --- .../securityinsight/preview/2019-01-01/SecurityInsight.json | 4 ++-- .../preview/2019-01-01/examples/CreateAlertRule.json | 2 +- .../preview/2019-01-01/examples/GetAlertRuleById.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/specification/securityinsight/preview/2019-01-01/SecurityInsight.json b/specification/securityinsight/preview/2019-01-01/SecurityInsight.json index ec8918584390..c8d21727ba51 100644 --- a/specification/securityinsight/preview/2019-01-01/SecurityInsight.json +++ b/specification/securityinsight/preview/2019-01-01/SecurityInsight.json @@ -48,7 +48,7 @@ ], "responses": { "200": { - "description": "OK. Succesfully retrieved operations list.", + "description": "OK. Successfully retrieved operations list.", "schema": { "$ref": "#/definitions/operationsList" } @@ -330,7 +330,7 @@ "in": "path", "required": true, "type": "string", - "description": "The namespace of workspaces resource provider- Microsoft.operationalinsights.", + "description": "The namespace of workspaces resource provider- Microsoft.Operationalinsights.", "x-ms-parameter-location": "method" }, "WorkspaceName": { diff --git a/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json b/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json index 58d5fb42aa25..6570ceb68df2 100644 --- a/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json +++ b/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json @@ -4,7 +4,7 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.operationalinsights", + "operationalInsightsResourceProvider": "Microsoft.Operationalinsights", "ruleId ": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "properties": { "query": "search *", diff --git a/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json b/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json index 6f6b21f30d5b..6af482cd6b68 100644 --- a/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json +++ b/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json @@ -4,7 +4,7 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.operationalinsights", + "operationalInsightsResourceProvider": "Microsoft.Operationalinsights", "ruleId ": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" }, "responses": { From 7d0a4c729b3b01780704a4f162b12453ac98852e Mon Sep 17 00:00:00 2001 From: nirgafni Date: Thu, 3 Jan 2019 08:08:58 +0200 Subject: [PATCH 04/20] Fixing the Microsoft.OperationalInsight to the right form --- .../securityinsight/preview/2019-01-01/SecurityInsight.json | 2 +- .../preview/2019-01-01/examples/CreateAlertRule.json | 2 +- .../preview/2019-01-01/examples/GetAlertRuleById.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/securityinsight/preview/2019-01-01/SecurityInsight.json b/specification/securityinsight/preview/2019-01-01/SecurityInsight.json index c8d21727ba51..60c4730bc5d0 100644 --- a/specification/securityinsight/preview/2019-01-01/SecurityInsight.json +++ b/specification/securityinsight/preview/2019-01-01/SecurityInsight.json @@ -330,7 +330,7 @@ "in": "path", "required": true, "type": "string", - "description": "The namespace of workspaces resource provider- Microsoft.Operationalinsights.", + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", "x-ms-parameter-location": "method" }, "WorkspaceName": { diff --git a/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json b/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json index 6570ceb68df2..8388993ab883 100644 --- a/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json +++ b/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json @@ -4,7 +4,7 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.Operationalinsights", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "ruleId ": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "properties": { "query": "search *", diff --git a/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json b/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json index 6af482cd6b68..3f2fd3011924 100644 --- a/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json +++ b/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json @@ -4,7 +4,7 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.Operationalinsights", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", "ruleId ": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" }, "responses": { From fd243ea7d0beaeda1ce556b4b162db382151a4c7 Mon Sep 17 00:00:00 2001 From: nirgafni Date: Mon, 7 Jan 2019 12:18:20 +0200 Subject: [PATCH 05/20] Updating the location to be under- "resource-manager" --- .../preview/2019-01-01/SecurityInsight.json | 0 .../preview/2019-01-01/examples/CreateAlertRule.json | 0 .../preview/2019-01-01/examples/GetAlertRuleById.json | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename specification/securityinsight/{ => resource-manager}/preview/2019-01-01/SecurityInsight.json (100%) rename specification/securityinsight/{ => resource-manager}/preview/2019-01-01/examples/CreateAlertRule.json (100%) rename specification/securityinsight/{ => resource-manager}/preview/2019-01-01/examples/GetAlertRuleById.json (100%) diff --git a/specification/securityinsight/preview/2019-01-01/SecurityInsight.json b/specification/securityinsight/resource-manager/preview/2019-01-01/SecurityInsight.json similarity index 100% rename from specification/securityinsight/preview/2019-01-01/SecurityInsight.json rename to specification/securityinsight/resource-manager/preview/2019-01-01/SecurityInsight.json diff --git a/specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json b/specification/securityinsight/resource-manager/preview/2019-01-01/examples/CreateAlertRule.json similarity index 100% rename from specification/securityinsight/preview/2019-01-01/examples/CreateAlertRule.json rename to specification/securityinsight/resource-manager/preview/2019-01-01/examples/CreateAlertRule.json diff --git a/specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json b/specification/securityinsight/resource-manager/preview/2019-01-01/examples/GetAlertRuleById.json similarity index 100% rename from specification/securityinsight/preview/2019-01-01/examples/GetAlertRuleById.json rename to specification/securityinsight/resource-manager/preview/2019-01-01/examples/GetAlertRuleById.json From f16db7fe1dae77e851062e38e6ed1765fba46e12 Mon Sep 17 00:00:00 2001 From: nirgafni Date: Tue, 8 Jan 2019 14:29:19 +0200 Subject: [PATCH 06/20] adding readme files for the swagger --- specification/securityinsight/readme.go.md | 26 ++++++ specification/securityinsight/readme.md | 87 +++++++++++++++++++ .../securityinsight/readme.nodejs.md | 14 +++ .../securityinsight/readme.python.md | 27 ++++++ .../securityinsight/readme.typescript.md | 12 +++ 5 files changed, 166 insertions(+) create mode 100644 specification/securityinsight/readme.go.md create mode 100644 specification/securityinsight/readme.md create mode 100644 specification/securityinsight/readme.nodejs.md create mode 100644 specification/securityinsight/readme.python.md create mode 100644 specification/securityinsight/readme.typescript.md diff --git a/specification/securityinsight/readme.go.md b/specification/securityinsight/readme.go.md new file mode 100644 index 000000000000..639ffd574a13 --- /dev/null +++ b/specification/securityinsight/readme.go.md @@ -0,0 +1,26 @@ +## Go + +These settings apply only when `--go` is specified on the command line. + +```yaml $(go) +go: + license-header: MICROSOFT_APACHE_NO_VERSION + namespace: securityinsight + clear-output-folder: true +``` + +### Go multi-api + +```yaml $(go) && $(multiapi) +batch: + - tag: package-composite-v1 +``` + +### Tag: package-composite-v1 and go + +These settings apply only when `--tag=package-composite-v1 --go` is specified on the command line. +Please also specify `--go-sdk-folder=`. + +```yaml $(tag) == 'package-composite-v1' && $(go) +output-folder: $(go-sdk-folder)/services/preview/$(namespace)/mgmt/2017-08-01-preview/$(namespace) +``` diff --git a/specification/securityinsight/readme.md b/specification/securityinsight/readme.md new file mode 100644 index 000000000000..ef81a22c0cbd --- /dev/null +++ b/specification/securityinsight/readme.md @@ -0,0 +1,87 @@ +# Security Insight + +> see https://aka.ms/autorest + +This is the AutoRest configuration file for SecurityInsight. + +--- + +## Getting Started + +To build the SDK for SecurityInsight, simply [Install AutoRest](https://aka.ms/autorest/install) and in this folder, run: + +> `autorest` + +To see additional help and options, run: + +> `autorest --help` + +--- + +## Configuration + +### Basic Information + +These are the global settings for the SecurityInsight API. + +```yaml +openapi-type: arm +tag: package-composite-v1 +``` + +### Tag: package-composite-v1 + +These settings apply only when `--tag=package-composite-v1` is specified on the command line. + +```yaml $(tag) == 'package-composite-v1' +input-file: +- Microsoft.SecurityInsight/preview/2019-01-01-preview/SecurityInsight.json +``` + +--- + +# Code Generation + +## Swagger to SDK + +This section describes what SDK should be generated by the automatic system. +This is not used by Autorest itself. + +```yaml $(swagger-to-sdk) +swagger-to-sdk: + - repo: azure-sdk-for-go + - repo: azure-sdk-for-python + - repo: azure-sdk-for-js + - repo: azure-sdk-for-node +``` + +## C# + +These settings apply only when `--csharp` is specified on the command line. +Please also specify `--csharp-sdks-folder=`. + +```yaml $(csharp) +csharp: + azure-arm: true + license-header: MICROSOFT_MIT_NO_VERSION + namespace: Microsoft.Azure.Management.SecurityInsight + payload-flattening-threshold: 2 + output-folder: $(csharp-sdks-folder)/SecurityInsight/Management.SecurityInsight/Generated + clear-output-folder: true +``` + +## Go + +See configuration in [readme.go.md](./readme.go.md) + +## Python + +See configuration in [readme.python.md](./readme.python.md) + +## Node.js + +See configuration in [readme.nodejs.md](./readme.nodejs.md) + +## TypeScript + +See configuration in [readme.typescript.md](./readme.typescript.md) \ No newline at end of file diff --git a/specification/securityinsight/readme.nodejs.md b/specification/securityinsight/readme.nodejs.md new file mode 100644 index 000000000000..f4181bc3d488 --- /dev/null +++ b/specification/securityinsight/readme.nodejs.md @@ -0,0 +1,14 @@ +## Node.js + +These settings apply only when `--nodejs` is specified on the command line. +Please also specify `--node-sdks-folder=`. + +``` yaml $(nodejs) +nodejs: + azure-arm: true + package-name: azure-arm-securityinsight + output-folder: $(node-sdks-folder)/lib/services/securityInsightManagement + generate-license-txt: true + generate-package-json: true + generate-readme-md: true +``` diff --git a/specification/securityinsight/readme.python.md b/specification/securityinsight/readme.python.md new file mode 100644 index 000000000000..1818849662fd --- /dev/null +++ b/specification/securityinsight/readme.python.md @@ -0,0 +1,27 @@ +## Python + +These settings apply only when `--python` is specified on the command line. +Please also specify `--python-sdks-folder=`. +Use `--python-mode=update` if you already have a setup.py and just want to update the code itself. + +``` yaml $(python) +python-mode: create +python: + azure-arm: true + license-header: MICROSOFT_MIT_NO_VERSION + payload-flattening-threshold: 2 + namespace: azure.mgmt.securityinsight + package-name: azure-mgmt-securityinsight + package-version: 0.1.0 + clear-output-folder: true +``` +``` yaml $(python) && $(python-mode) == 'update' +python: + no-namespace-folders: true + output-folder: $(python-sdks-folder)/azure-mgmt-securityinsight/azure/mgmt/securityinsight +``` +``` yaml $(python) && $(python-mode) == 'create' +python: + basic-setup-py: true + output-folder: $(python-sdks-folder)/azure-mgmt-securityinsight +``` diff --git a/specification/securityinsight/readme.typescript.md b/specification/securityinsight/readme.typescript.md new file mode 100644 index 000000000000..f361a92f380d --- /dev/null +++ b/specification/securityinsight/readme.typescript.md @@ -0,0 +1,12 @@ +## TypeScript + +These settings apply only when `--typescript` is specified on the command line. +Please also specify `--typescript-sdks-folder=`. + +``` yaml $(typescript) +typescript: + azure-arm: true + package-name: "@azure/arm-securityinsight" + output-folder: "$(typescript-sdks-folder)/packages/@azure/arm-securityinsight" + generate-metadata: true +``` From 1703e6f8f19d3afcb3d1d92c3b6612e80b89496e Mon Sep 17 00:00:00 2001 From: nirgafni Date: Wed, 9 Jan 2019 09:53:12 +0200 Subject: [PATCH 07/20] Changing the path of the files to the correct path --- .../preview/2019-01-01-preview}/SecurityInsight.json | 0 .../preview/2019-01-01-preview}/examples/CreateAlertRule.json | 0 .../preview/2019-01-01-preview}/examples/GetAlertRuleById.json | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename specification/securityinsight/resource-manager/{preview/2019-01-01 => Microsoft.SecurityInsight/preview/2019-01-01-preview}/SecurityInsight.json (100%) rename specification/securityinsight/resource-manager/{preview/2019-01-01 => Microsoft.SecurityInsight/preview/2019-01-01-preview}/examples/CreateAlertRule.json (100%) rename specification/securityinsight/resource-manager/{preview/2019-01-01 => Microsoft.SecurityInsight/preview/2019-01-01-preview}/examples/GetAlertRuleById.json (100%) diff --git a/specification/securityinsight/resource-manager/preview/2019-01-01/SecurityInsight.json b/specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/SecurityInsight.json similarity index 100% rename from specification/securityinsight/resource-manager/preview/2019-01-01/SecurityInsight.json rename to specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/SecurityInsight.json diff --git a/specification/securityinsight/resource-manager/preview/2019-01-01/examples/CreateAlertRule.json b/specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/examples/CreateAlertRule.json similarity index 100% rename from specification/securityinsight/resource-manager/preview/2019-01-01/examples/CreateAlertRule.json rename to specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/examples/CreateAlertRule.json diff --git a/specification/securityinsight/resource-manager/preview/2019-01-01/examples/GetAlertRuleById.json b/specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/examples/GetAlertRuleById.json similarity index 100% rename from specification/securityinsight/resource-manager/preview/2019-01-01/examples/GetAlertRuleById.json rename to specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/examples/GetAlertRuleById.json From 36aca1e97fc2907ffb6ddb2be9d32781c6d1cea0 Mon Sep 17 00:00:00 2001 From: nirgafni Date: Wed, 9 Jan 2019 12:56:33 +0200 Subject: [PATCH 08/20] Change the location of the readme files --- specification/securityinsight/{ => resource-manager}/readme.go.md | 0 specification/securityinsight/{ => resource-manager}/readme.md | 0 .../securityinsight/{ => resource-manager}/readme.nodejs.md | 0 .../securityinsight/{ => resource-manager}/readme.python.md | 0 .../securityinsight/{ => resource-manager}/readme.typescript.md | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename specification/securityinsight/{ => resource-manager}/readme.go.md (100%) rename specification/securityinsight/{ => resource-manager}/readme.md (100%) rename specification/securityinsight/{ => resource-manager}/readme.nodejs.md (100%) rename specification/securityinsight/{ => resource-manager}/readme.python.md (100%) rename specification/securityinsight/{ => resource-manager}/readme.typescript.md (100%) diff --git a/specification/securityinsight/readme.go.md b/specification/securityinsight/resource-manager/readme.go.md similarity index 100% rename from specification/securityinsight/readme.go.md rename to specification/securityinsight/resource-manager/readme.go.md diff --git a/specification/securityinsight/readme.md b/specification/securityinsight/resource-manager/readme.md similarity index 100% rename from specification/securityinsight/readme.md rename to specification/securityinsight/resource-manager/readme.md diff --git a/specification/securityinsight/readme.nodejs.md b/specification/securityinsight/resource-manager/readme.nodejs.md similarity index 100% rename from specification/securityinsight/readme.nodejs.md rename to specification/securityinsight/resource-manager/readme.nodejs.md diff --git a/specification/securityinsight/readme.python.md b/specification/securityinsight/resource-manager/readme.python.md similarity index 100% rename from specification/securityinsight/readme.python.md rename to specification/securityinsight/resource-manager/readme.python.md diff --git a/specification/securityinsight/readme.typescript.md b/specification/securityinsight/resource-manager/readme.typescript.md similarity index 100% rename from specification/securityinsight/readme.typescript.md rename to specification/securityinsight/resource-manager/readme.typescript.md From 5326e67ad71be48bb4cd1d5ae8ab4b7b224c530e Mon Sep 17 00:00:00 2001 From: nirgafni Date: Wed, 9 Jan 2019 13:12:42 +0200 Subject: [PATCH 09/20] Fixing inconsistency in the naming- changing everything to SecurityInsights --- .../preview/2019-01-01-preview/SecurityInsight.json | 0 .../2019-01-01-preview/examples/CreateAlertRule.json | 0 .../examples/GetAlertRuleById.json | 0 .../resource-manager/readme.go.md | 0 .../resource-manager/readme.md | 12 ++++++------ .../resource-manager/readme.nodejs.md | 0 .../resource-manager/readme.python.md | 0 .../resource-manager/readme.typescript.md | 0 8 files changed, 6 insertions(+), 6 deletions(-) rename specification/{securityinsight/resource-manager/Microsoft.SecurityInsight => securityinsights/resource-manager/Microsoft.SecurityInsights}/preview/2019-01-01-preview/SecurityInsight.json (100%) rename specification/{securityinsight/resource-manager/Microsoft.SecurityInsight => securityinsights/resource-manager/Microsoft.SecurityInsights}/preview/2019-01-01-preview/examples/CreateAlertRule.json (100%) rename specification/{securityinsight/resource-manager/Microsoft.SecurityInsight => securityinsights/resource-manager/Microsoft.SecurityInsights}/preview/2019-01-01-preview/examples/GetAlertRuleById.json (100%) rename specification/{securityinsight => securityinsights}/resource-manager/readme.go.md (100%) rename specification/{securityinsight => securityinsights}/resource-manager/readme.md (74%) rename specification/{securityinsight => securityinsights}/resource-manager/readme.nodejs.md (100%) rename specification/{securityinsight => securityinsights}/resource-manager/readme.python.md (100%) rename specification/{securityinsight => securityinsights}/resource-manager/readme.typescript.md (100%) diff --git a/specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/SecurityInsight.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsight.json similarity index 100% rename from specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/SecurityInsight.json rename to specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsight.json diff --git a/specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/examples/CreateAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json similarity index 100% rename from specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/examples/CreateAlertRule.json rename to specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json diff --git a/specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/examples/GetAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json similarity index 100% rename from specification/securityinsight/resource-manager/Microsoft.SecurityInsight/preview/2019-01-01-preview/examples/GetAlertRuleById.json rename to specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json diff --git a/specification/securityinsight/resource-manager/readme.go.md b/specification/securityinsights/resource-manager/readme.go.md similarity index 100% rename from specification/securityinsight/resource-manager/readme.go.md rename to specification/securityinsights/resource-manager/readme.go.md diff --git a/specification/securityinsight/resource-manager/readme.md b/specification/securityinsights/resource-manager/readme.md similarity index 74% rename from specification/securityinsight/resource-manager/readme.md rename to specification/securityinsights/resource-manager/readme.md index ef81a22c0cbd..20aa7f9264db 100644 --- a/specification/securityinsight/resource-manager/readme.md +++ b/specification/securityinsights/resource-manager/readme.md @@ -2,13 +2,13 @@ > see https://aka.ms/autorest -This is the AutoRest configuration file for SecurityInsight. +This is the AutoRest configuration file for SecurityInsights. --- ## Getting Started -To build the SDK for SecurityInsight, simply [Install AutoRest](https://aka.ms/autorest/install) and in this folder, run: +To build the SDK for SecurityInsights, simply [Install AutoRest](https://aka.ms/autorest/install) and in this folder, run: > `autorest` @@ -22,7 +22,7 @@ To see additional help and options, run: ### Basic Information -These are the global settings for the SecurityInsight API. +These are the global settings for the SecurityInsights API. ```yaml openapi-type: arm @@ -35,7 +35,7 @@ These settings apply only when `--tag=package-composite-v1` is specified on the ```yaml $(tag) == 'package-composite-v1' input-file: -- Microsoft.SecurityInsight/preview/2019-01-01-preview/SecurityInsight.json +- Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json ``` --- @@ -64,9 +64,9 @@ Please also specify `--csharp-sdks-folder= Date: Wed, 9 Jan 2019 14:09:57 +0200 Subject: [PATCH 10/20] Missed the file when aligned the name to SecurityInsights --- .../{SecurityInsight.json => SecurityInsights.json} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/{SecurityInsight.json => SecurityInsights.json} (100%) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsight.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json similarity index 100% rename from specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsight.json rename to specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json From 93b148d1d22c9750811d7d8f944372003c622a4b Mon Sep 17 00:00:00 2001 From: Nir Gafni Date: Tue, 15 Jan 2019 09:00:40 +0200 Subject: [PATCH 11/20] Fixing a redundant space in the examples --- .../preview/2019-01-01-preview/examples/CreateAlertRule.json | 2 +- .../preview/2019-01-01-preview/examples/GetAlertRuleById.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json index 8388993ab883..640487817613 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json @@ -5,7 +5,7 @@ "resourceGroupName": "myRg", "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId ": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "properties": { "query": "search *", "period": "24H" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json index 3f2fd3011924..bdc6331bc313 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json @@ -5,7 +5,7 @@ "resourceGroupName": "myRg", "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ruleId ": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" }, "responses": { "200": { From 73565ceb2ad995e9dfac4c34b846b8b5de98ff55 Mon Sep 17 00:00:00 2001 From: Nir Gafni Date: Tue, 15 Jan 2019 10:10:40 +0200 Subject: [PATCH 12/20] add alertRule to the CreateAlertRule.json and do some indentation fixes --- .../2019-01-01-preview/SecurityInsights.json | 180 +++++++++--------- .../examples/CreateAlertRule.json | 10 +- 2 files changed, 96 insertions(+), 94 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 60c4730bc5d0..7cf3287d8012 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -34,31 +34,31 @@ } }, "paths": { - "/providers/Microsoft.SecurityInsights/operations": { - "get": { - "operationId": "Operations_List", - "description": "Lists all operations available Azure Security Insights Resource Provider.", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - } - ], - "produces": [ - "application/json" - ], - "responses": { - "200": { - "description": "OK. Successfully retrieved operations list.", - "schema": { - "$ref": "#/definitions/operationsList" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/operationsList" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { "get": { "x-ms-examples": { @@ -82,7 +82,7 @@ "$ref": "#/parameters/ResourceGroupName" }, { - "$ref": "#/parameters/OperationalInsightsResourceProvider" + "$ref": "#/parameters/OperationalInsightsResourceProvider" }, { "$ref": "#/parameters/WorkspaceName" @@ -128,7 +128,7 @@ "$ref": "#/parameters/ResourceGroupName" }, { - "$ref": "#/parameters/OperationalInsightsResourceProvider" + "$ref": "#/parameters/OperationalInsightsResourceProvider" }, { "$ref": "#/parameters/WorkspaceName" @@ -164,56 +164,56 @@ } }, "definitions": { - "operation": { - "description": "Operation provided by provider", - "properties": { - "name": { - "type": "string", - "description": "Name of the operation" - }, - "display": { - "type": "object", - "description": "Properties of the operation", - "properties": { - "provider": { - "type": "string", - "description": "Provider name" - }, - "resource": { - "type": "string", - "description": "Resource name" - }, - "operation": { - "type": "string", - "description": "Operation name" - }, - "description": { - "type": "string", - "description": "Description of the operation" - } - } - } - } - }, - "operationsList": { - "description": "Lists the operations available in the SecurityInsights RP.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of alerts.", - "type": "string" - }, - "value": { - "description": "Array of operations", - "type": "array", - "items": { - "$ref": "#/definitions/operation" - } - } - }, - "required": [ - "value" - ] - }, + "operation": { + "description": "Operation provided by provider", + "properties": { + "name": { + "type": "string", + "description": "Name of the operation" + }, + "display": { + "type": "object", + "description": "Properties of the operation", + "properties": { + "provider": { + "type": "string", + "description": "Provider name" + }, + "resource": { + "type": "string", + "description": "Resource name" + }, + "operation": { + "type": "string", + "description": "Operation name" + }, + "description": { + "type": "string", + "description": "Description of the operation" + } + } + } + } + }, + "operationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alerts.", + "type": "string" + }, + "value": { + "description": "Array of operations", + "type": "array", + "items": { + "$ref": "#/definitions/operation" + } + } + }, + "required": [ + "value" + ] + }, "CloudError": { "x-ms-external": true, "type": "object", @@ -253,9 +253,9 @@ ], "properties": { "properties": { - "x-ms-client-flatten": true, - "description": "Alert rule properties", - "$ref": "#/definitions/AlertRuleProperties" + "x-ms-client-flatten": true, + "description": "Alert rule properties", + "$ref": "#/definitions/AlertRuleProperties" } } }, @@ -325,14 +325,14 @@ ], "description": "API version for the operation" }, - "OperationalInsightsResourceProvider": { - "name": "operationalInsightsResourceProvider", - "in": "path", - "required": true, - "type": "string", - "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", - "x-ms-parameter-location": "method" - }, + "OperationalInsightsResourceProvider": { + "name": "operationalInsightsResourceProvider", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "x-ms-parameter-location": "method" + }, "WorkspaceName": { "name": "workspaceName", "in": "path", @@ -350,7 +350,7 @@ "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", "type": "string", "description": "Alert rule ID", - "x-ms-parameter-location": "method" + "x-ms-parameter-location": "method" }, "AlertRule": { "name": "alertRule", @@ -360,7 +360,7 @@ "schema": { "$ref": "#/definitions/AlertRule" }, - "x-ms-parameter-location": "method" + "x-ms-parameter-location": "method" } } } \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json index 640487817613..cc2750031d00 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json @@ -6,10 +6,12 @@ "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "properties": { - "query": "search *", - "period": "24H" - } + "alertRule": { + "properties": { + "query": "search *", + "period": "24H" + } + } }, "responses": { "200": { From 8808c18e6cb242717b514fb26afa8edc066b6521 Mon Sep 17 00:00:00 2001 From: nirgfani <46276114+nirgfani@users.noreply.github.com> Date: Thu, 24 Jan 2019 16:42:40 +0200 Subject: [PATCH 13/20] Creates the "real" API for Scheduled Alert Rules --- .../2019-01-01-preview/SecurityInsights.json | 378 +++++++++++++----- .../examples/CreateAlertRule.json | 40 -- .../examples/CreateScheduledAlertRule.json | 74 ++++ .../examples/DeleteScheduledAlertRule.json | 14 + .../examples/GetAlertRuleById.json | 23 -- .../examples/GetScheduledAlertRuleById.json | 34 ++ .../examples/GetScheduledAlertRules.json | 35 ++ 7 files changed, 437 insertions(+), 161 deletions(-) delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json delete mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 7cf3287d8012..6d640194f1f2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -34,43 +34,91 @@ } }, "paths": { - "/providers/Microsoft.SecurityInsights/operations": { - "get": { - "operationId": "Operations_List", - "description": "Lists all operations available Azure Security Insights Resource Provider.", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - } - ], - "produces": [ - "application/json" - ], - "responses": { - "200": { - "description": "OK. Successfully retrieved operations list.", - "schema": { - "$ref": "#/definitions/operationsList" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/operationsList" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/scheduledAlertRules": { + "get": { + "x-ms-examples": { + "Get all scheduled alert rules.": { + "$ref": "./examples/GetScheduledAlertRules.json" + } + }, + "tags": [ + "Scheduled Alert Rules" + ], + "description": "Gets all scheduled alert rules.", + "operationId": "ScheduledAlertRules_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ScheduledAlertRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" } + } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/scheduledAlertRules/{ruleId}": { "get": { "x-ms-examples": { - "Get an alert rule.": { - "$ref": "./examples/GetAlertRuleById.json" + "Get a scheduled alert rule.": { + "$ref": "./examples/GetScheduledAlertRuleById.json" } }, "tags": [ - "Alert Rules" + "Scheduled Alert Rules" ], - "description": "Gets an alert rule.", - "operationId": "AlertRules_Get", + "description": "Gets a scheduled alert rule.", + "operationId": "ScheduledAlertRules_Get", "parameters": [ { "$ref": "#/parameters/ApiVersion" @@ -95,7 +143,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/AlertRule" + "$ref": "#/definitions/ScheduledAlertRule" } }, "default": { @@ -108,15 +156,15 @@ }, "put": { "x-ms-examples": { - "creates or updates an alert rule.": { - "$ref": "./examples/CreateAlertRule.json" + "Creates or updates a scheduled alert rule.": { + "$ref": "./examples/CreateScheduledAlertRule.json" } }, "tags": [ - "Alert Rules" + "Scheduled Alert Rules" ], "description": "Creates or updates the alert rule.", - "operationId": "AlertRules_Create", + "operationId": "ScheduledAlertRules_Create", "parameters": [ { "$ref": "#/parameters/ApiVersion" @@ -137,20 +185,20 @@ "$ref": "#/parameters/RuleId" }, { - "$ref": "#/parameters/AlertRule" + "$ref": "#/parameters/ScheduledAlertRule" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/AlertRule" + "$ref": "#/definitions/ScheduledAlertRule" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/AlertRule" + "$ref": "#/definitions/ScheduledAlertRule" } }, "default": { @@ -160,59 +208,102 @@ } } } + }, + "delete": { + "x-ms-examples": { + "Delete a scheduled alert rule.": { + "$ref": "./examples/DeleteScheduledAlertRule.json" + } + }, + "tags": [ + "Scheduled Alert Rules" + ], + "description": "Delete the alert rule.", + "operationId": "ScheduledAlertRules_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } } } }, "definitions": { - "operation": { - "description": "Operation provided by provider", + "operation": { + "description": "Operation provided by provider", + "properties": { + "name": { + "type": "string", + "description": "Name of the operation" + }, + "display": { + "type": "object", + "description": "Properties of the operation", "properties": { - "name": { - "type": "string", - "description": "Name of the operation" - }, - "display": { - "type": "object", - "description": "Properties of the operation", - "properties": { - "provider": { - "type": "string", - "description": "Provider name" - }, - "resource": { - "type": "string", - "description": "Resource name" - }, - "operation": { - "type": "string", - "description": "Operation name" - }, - "description": { - "type": "string", - "description": "Description of the operation" - } - } - } + "provider": { + "type": "string", + "description": "Provider name" + }, + "resource": { + "type": "string", + "description": "Resource name" + }, + "operation": { + "type": "string", + "description": "Operation name" + }, + "description": { + "type": "string", + "description": "Description of the operation" + } } + } + } }, "operationsList": { - "description": "Lists the operations available in the SecurityInsights RP.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of alerts.", - "type": "string" - }, - "value": { - "description": "Array of operations", - "type": "array", - "items": { - "$ref": "#/definitions/operation" - } - } + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of operations.", + "type": "string" }, - "required": [ - "value" - ] + "value": { + "description": "Array of operations", + "type": "array", + "items": { + "$ref": "#/definitions/operation" + } + } + }, + "required": [ + "value" + ] }, "CloudError": { "x-ms-external": true, @@ -243,7 +334,27 @@ } } }, - "AlertRule": { + "ScheduledAlertRulesList":{ + "description": "List all the scheduled alert rules.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of scheduled alert rules.", + "type": "string" + }, + "value": { + "description": "Array of scheduled alert rules.", + "type": "array", + "items": { + "$ref": "#/definitions/ScheduledAlertRule" + } + } + }, + "required": [ + "value" + ] + }, + "ScheduledAlertRule": { "type": "object", "description": "Alert rule.", "allOf": [ @@ -252,26 +363,97 @@ } ], "properties": { + "etag": { + "type": "string", + "description": "Etag of the alert rule." + }, "properties": { "x-ms-client-flatten": true, "description": "Alert rule properties", - "$ref": "#/definitions/AlertRuleProperties" + "$ref": "#/definitions/ScheduledAlertRuleProperties" } } }, - "AlertRuleProperties": { + "ScheduledAlertRuleProperties": { "type": "object", "description": "Alert rule property bag.", "properties": { + "ruleName": { + "type": "string", + "description": "The name for alerts created by this alert rule." + }, + "description": { + "type": "string", + "description": "The description of the alert rule." + }, + "severity": { + "type": "string", + "enum": ["Low", "Medium", "High", "Informational"], + "x-ms-enum": { + "name": "Severity", + "modelAsString": false + }, + "description": "The severity for alerts created by this alert rule." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, "query": { "type": "string", - "description": "The query that will create alerts for this rule." + "description": "The query that creates alerts for this rule." + }, + "queryFrequency": { + "type": "string", + "pattern": "^(\\d+\\.)?\\d{2}\\:\\d{2}\\:\\d{2}$", + "description": "TimeSpan format represents the frequncy for this alert rule to run." }, - "period": { + "queryPeriod": { "type": "string", - "description": "The period that the alert will look at." + "pattern": "^(\\d+\\.)?\\d{2}\\:\\d{2}\\:\\d{2}$", + "description": "TimeSpan format represents the period that this alert rule looks at." + }, + "alertTriggerOperator": { + "type": "string", + "enum": ["gt", "lt", "ne", "eq"], + "x-ms-enum": { + "name": "AlertTriggerOperator", + "modelAsString": false + }, + "description": "The operation against the threahold that triggers alert rule." + }, + "alertTriggerThreshold": { + "type": "integer", + "description": "The threahold triggers this alert rule." + }, + "suppressionEnabled": { + "type": "boolean", + "description": "Determines whether the suppression for this alert rule is enabled or disabled." + }, + "suppressionDuration": { + "type": "string", + "pattern": "^(\\d+\\.)?\\d{2}\\:\\d{2}\\:\\d{2}$", + "description": "TimeSpan format represents the suppression to wait since last time this alert rule been triggered." + }, + "lastModifiedUtc": { + "type": "string", + "readOnly": true, + "description": "The last time that this alert has been modified." } - } + }, + "required": [ + "ruleName", + "description", + "severity", + "enabled", + "query", + "queryFrequency", + "queryPeriod", + "alertTriggerOperator", + "alertTriggerThreshold", + "suppressionEnabled", + "suppressionDuration" + ] }, "Resource": { "x-ms-azure-resource": true, @@ -325,14 +507,14 @@ ], "description": "API version for the operation" }, - "OperationalInsightsResourceProvider": { - "name": "operationalInsightsResourceProvider", - "in": "path", - "required": true, - "type": "string", - "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", - "x-ms-parameter-location": "method" - }, + "OperationalInsightsResourceProvider": { + "name": "operationalInsightsResourceProvider", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "x-ms-parameter-location": "method" + }, "WorkspaceName": { "name": "workspaceName", "in": "path", @@ -352,13 +534,13 @@ "description": "Alert rule ID", "x-ms-parameter-location": "method" }, - "AlertRule": { - "name": "alertRule", + "ScheduledAlertRule": { + "name": "alertScheduledtRule", "in": "body", "description": "The alert rule", "required": true, "schema": { - "$ref": "#/definitions/AlertRule" + "$ref": "#/definitions/ScheduledAlertRule" }, "x-ms-parameter-location": "method" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json deleted file mode 100644 index cc2750031d00..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "alertRule": { - "properties": { - "query": "search *", - "period": "24H" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/SecurityAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "myAlertRule", - "type": "Microsoft.SecurityInsights/SecurityAlertRules", - "properties": { - "query": "search *", - "period": "24H" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/SecurityAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "myAlertRule", - "type": "Microsoft.SecurityInsights/SecurityAlertRules", - "properties": { - "query": "search *", - "period": "24H" - } - } - } - } -} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json new file mode 100644 index 000000000000..d4e8a2ca734c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json @@ -0,0 +1,74 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "ruleName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "01:00:00", + "queryPeriod": "3.12:00:00", + "alertTriggerOperator": "gt", + "alertTriggerThreshold": 0, + "suppressionDuration": "01:00:00", + "suppressionEnabled": false + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "ruleName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "01:00:00", + "queryPeriod": "3.12:00:00", + "alertTriggerOperator": "gt", + "alertTriggerThreshold": 0, + "suppressionDuration": "01:00:00", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "ruleName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "01:00:00", + "queryPeriod": "3.12:00:00", + "alertTriggerOperator": "gt", + "alertTriggerThreshold": 0, + "suppressionDuration": "01:00:00", + "suppressionEnabled": false + } + } + } + } +} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json new file mode 100644 index 000000000000..a7a67097c14c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "204":{ + } + } +} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json deleted file mode 100644 index bdc6331bc313..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/SecurityAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "myAlertRule", - "type": "Microsoft.SecurityInsights/SecurityAlertRules", - "properties": { - "query": "search *", - "period": "24H" - } - } - } - } -} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json new file mode 100644 index 000000000000..73f71b9295f9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "ruleName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "01:00:00", + "queryPeriod": "3.12:00:00", + "alertTriggerOperator": "gt", + "alertTriggerThreshold": 0, + "suppressionDuration": "01:00:00", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json new file mode 100644 index 000000000000..905e130d8e6e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights" + }, + "responses": { + "200": { + "body": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "ruleName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "01:00:00", + "queryPeriod": "3.12:00:00", + "alertTriggerOperator": "gt", + "alertTriggerThreshold": 0, + "suppressionDuration": "01:00:00", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z" + } + } + ] + } + } +} \ No newline at end of file From 12beca7e66715be64ccc2b885bf895824179c34c Mon Sep 17 00:00:00 2001 From: nirgfani <46276114+nirgfani@users.noreply.github.com> Date: Thu, 24 Jan 2019 17:07:22 +0200 Subject: [PATCH 14/20] Update the name alertRule to alertScheduledtRule in the creation example --- .../2019-01-01-preview/examples/CreateScheduledAlertRule.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json index d4e8a2ca734c..65da7b4fbe1c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json @@ -6,7 +6,7 @@ "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "alertRule": { + "alertScheduledtRule": { "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "type": "Microsoft.SecurityInsights/alertRules", From 1d1029b373596e1dfe05b66fce115d5fd4b5ea57 Mon Sep 17 00:00:00 2001 From: nirgafni Date: Fri, 25 Jan 2019 18:31:11 +0200 Subject: [PATCH 15/20] Fixing comments from PR- * Changing durations to fit standards * Changing operators to fit other RPs * Align naming to scheduledAlertRules * Adding 200 response to DeleteScheduledAlertRule --- .../2019-01-01-preview/SecurityInsights.json | 28 +++++++++----- .../examples/CreateScheduledAlertRule.json | 38 +++++++++---------- .../examples/DeleteScheduledAlertRule.json | 2 + .../examples/GetScheduledAlertRuleById.json | 12 +++--- .../examples/GetScheduledAlertRules.json | 12 +++--- 5 files changed, 51 insertions(+), 41 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 6d640194f1f2..e82200822ab4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -241,6 +241,9 @@ } ], "responses": { + "200": { + "description": "OK" + }, "204": { "description": "No Content" }, @@ -405,26 +408,31 @@ }, "queryFrequency": { "type": "string", - "pattern": "^(\\d+\\.)?\\d{2}\\:\\d{2}\\:\\d{2}$", - "description": "TimeSpan format represents the frequncy for this alert rule to run." + "format": "duration", + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." }, "queryPeriod": { "type": "string", - "pattern": "^(\\d+\\.)?\\d{2}\\:\\d{2}\\:\\d{2}$", - "description": "TimeSpan format represents the period that this alert rule looks at." + "format": "duration", + "description": "The period (in ISO 8601 duration format) that this alert rule looks at." }, "alertTriggerOperator": { "type": "string", - "enum": ["gt", "lt", "ne", "eq"], + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], "x-ms-enum": { "name": "AlertTriggerOperator", "modelAsString": false }, - "description": "The operation against the threahold that triggers alert rule." + "description": "The operation against the threshold that triggers alert rule." }, "alertTriggerThreshold": { "type": "integer", - "description": "The threahold triggers this alert rule." + "description": "The threshold triggers this alert rule." }, "suppressionEnabled": { "type": "boolean", @@ -432,8 +440,8 @@ }, "suppressionDuration": { "type": "string", - "pattern": "^(\\d+\\.)?\\d{2}\\:\\d{2}\\:\\d{2}$", - "description": "TimeSpan format represents the suppression to wait since last time this alert rule been triggered." + "format": "duration", + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered." }, "lastModifiedUtc": { "type": "string", @@ -535,7 +543,7 @@ "x-ms-parameter-location": "method" }, "ScheduledAlertRule": { - "name": "alertScheduledtRule", + "name": "scheduledAlertRule", "in": "body", "description": "The alert rule", "required": true, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json index 65da7b4fbe1c..5beb52c75de2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json @@ -6,10 +6,10 @@ "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "alertScheduledtRule": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "scheduledAlertRule": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/scheduledAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", + "type": "Microsoft.SecurityInsights/scheduledAlertRules", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "ruleName": "Rule2", @@ -17,11 +17,11 @@ "severity": "High", "enabled": true, "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "01:00:00", - "queryPeriod": "3.12:00:00", - "alertTriggerOperator": "gt", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "alertTriggerOperator": "GreaterThan", "alertTriggerThreshold": 0, - "suppressionDuration": "01:00:00", + "suppressionDuration": "PT1H", "suppressionEnabled": false } } @@ -29,9 +29,9 @@ "responses": { "200": { "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/scheduledAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", + "type": "Microsoft.SecurityInsights/scheduledAlertRules", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "ruleName": "Rule2", @@ -39,11 +39,11 @@ "severity": "High", "enabled": true, "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "01:00:00", - "queryPeriod": "3.12:00:00", - "alertTriggerOperator": "gt", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "alertTriggerOperator": "GreaterThan", "alertTriggerThreshold": 0, - "suppressionDuration": "01:00:00", + "suppressionDuration": "PT1H", "suppressionEnabled": false, "lastModifiedUtc": "2019-01-01T13:15:30Z" } @@ -51,9 +51,9 @@ }, "201": { "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/scheduledAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", + "type": "Microsoft.SecurityInsights/scheduledAlertRules", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "ruleName": "Rule2", @@ -61,11 +61,11 @@ "severity": "High", "enabled": true, "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "01:00:00", - "queryPeriod": "3.12:00:00", - "alertTriggerOperator": "gt", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "alertTriggerOperator": "GreaterThan", "alertTriggerThreshold": 0, - "suppressionDuration": "01:00:00", + "suppressionDuration": "PT1H", "suppressionEnabled": false } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json index a7a67097c14c..17f6dfb42ea8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json @@ -8,6 +8,8 @@ "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" }, "responses": { + "200": { + }, "204":{ } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json index 73f71b9295f9..738c5063ad43 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json @@ -10,9 +10,9 @@ "responses": { "200": { "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/scheduledAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", + "type": "Microsoft.SecurityInsights/scheduledAlertRules", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "ruleName": "Rule2", @@ -20,11 +20,11 @@ "severity": "High", "enabled": true, "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "01:00:00", - "queryPeriod": "3.12:00:00", - "alertTriggerOperator": "gt", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "alertTriggerOperator": "GreaterThan", "alertTriggerThreshold": 0, - "suppressionDuration": "01:00:00", + "suppressionDuration": "PT1H", "suppressionEnabled": false, "lastModifiedUtc": "2019-01-01T13:15:30Z" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json index 905e130d8e6e..7e8e9f7148db 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json @@ -10,9 +10,9 @@ "200": { "body": [ { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/scheduledAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", + "type": "Microsoft.SecurityInsights/scheduledAlertRules", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "ruleName": "Rule2", @@ -20,11 +20,11 @@ "severity": "High", "enabled": true, "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "01:00:00", - "queryPeriod": "3.12:00:00", - "alertTriggerOperator": "gt", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "alertTriggerOperator": "GreaterThan", "alertTriggerThreshold": 0, - "suppressionDuration": "01:00:00", + "suppressionDuration": "PT1H", "suppressionEnabled": false, "lastModifiedUtc": "2019-01-01T13:15:30Z" } From 863597a2d95c742d9d7925fc391cb4f11105e95b Mon Sep 17 00:00:00 2001 From: nirgfani <46276114+nirgfani@users.noreply.github.com> Date: Mon, 28 Jan 2019 07:59:40 +0200 Subject: [PATCH 16/20] Changing naming- alertTriggerOperator => triggerOperator alertTriggerThreshold => triggerThreshold --- .../preview/2019-01-01-preview/SecurityInsights.json | 10 +++++----- .../examples/CreateScheduledAlertRule.json | 12 ++++++------ .../examples/GetScheduledAlertRuleById.json | 4 ++-- .../examples/GetScheduledAlertRules.json | 4 ++-- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index e82200822ab4..bb72f0240370 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -416,7 +416,7 @@ "format": "duration", "description": "The period (in ISO 8601 duration format) that this alert rule looks at." }, - "alertTriggerOperator": { + "triggerOperator": { "type": "string", "enum": [ "GreaterThan", @@ -425,12 +425,12 @@ "NotEqual" ], "x-ms-enum": { - "name": "AlertTriggerOperator", + "name": "triggerOperator", "modelAsString": false }, "description": "The operation against the threshold that triggers alert rule." }, - "alertTriggerThreshold": { + "triggerThreshold": { "type": "integer", "description": "The threshold triggers this alert rule." }, @@ -457,8 +457,8 @@ "query", "queryFrequency", "queryPeriod", - "alertTriggerOperator", - "alertTriggerThreshold", + "triggerOperator", + "triggerThreshold", "suppressionEnabled", "suppressionDuration" ] diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json index 5beb52c75de2..90ee418b5349 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json @@ -19,8 +19,8 @@ "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", "queryFrequency": "PT1H", "queryPeriod": "P2DT1H30M", - "alertTriggerOperator": "GreaterThan", - "alertTriggerThreshold": 0, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, "suppressionDuration": "PT1H", "suppressionEnabled": false } @@ -41,8 +41,8 @@ "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", "queryFrequency": "PT1H", "queryPeriod": "P2DT1H30M", - "alertTriggerOperator": "GreaterThan", - "alertTriggerThreshold": 0, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, "suppressionDuration": "PT1H", "suppressionEnabled": false, "lastModifiedUtc": "2019-01-01T13:15:30Z" @@ -63,8 +63,8 @@ "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", "queryFrequency": "PT1H", "queryPeriod": "P2DT1H30M", - "alertTriggerOperator": "GreaterThan", - "alertTriggerThreshold": 0, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, "suppressionDuration": "PT1H", "suppressionEnabled": false } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json index 738c5063ad43..c860fafe69d1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json @@ -22,8 +22,8 @@ "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", "queryFrequency": "PT1H", "queryPeriod": "P2DT1H30M", - "alertTriggerOperator": "GreaterThan", - "alertTriggerThreshold": 0, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, "suppressionDuration": "PT1H", "suppressionEnabled": false, "lastModifiedUtc": "2019-01-01T13:15:30Z" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json index 7e8e9f7148db..9cf73834e507 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json @@ -22,8 +22,8 @@ "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", "queryFrequency": "PT1H", "queryPeriod": "P2DT1H30M", - "alertTriggerOperator": "GreaterThan", - "alertTriggerThreshold": 0, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, "suppressionDuration": "PT1H", "suppressionEnabled": false, "lastModifiedUtc": "2019-01-01T13:15:30Z" From 573869de582350c81ae8c39877c2a170ac85cbfd Mon Sep 17 00:00:00 2001 From: nirgfani <46276114+nirgfani@users.noreply.github.com> Date: Mon, 28 Jan 2019 09:18:15 +0200 Subject: [PATCH 17/20] Adding kind to AlertRule and making Scheduled as a specific kind --- .../2019-01-01-preview/SecurityInsights.json | 99 +++++++++++++------ .../examples/CreateScheduledAlertRule.json | 17 ++-- .../examples/GetScheduledAlertRuleById.json | 5 +- .../examples/GetScheduledAlertRules.json | 5 +- 4 files changed, 84 insertions(+), 42 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index bb72f0240370..1e5ba4aa49bc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -59,7 +59,7 @@ } } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/scheduledAlertRules": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { "get": { "x-ms-examples": { "Get all scheduled alert rules.": { @@ -67,10 +67,10 @@ } }, "tags": [ - "Scheduled Alert Rules" + "Alert Rules" ], - "description": "Gets all scheduled alert rules.", - "operationId": "ScheduledAlertRules_List", + "description": "Gets all alert rules.", + "operationId": "AlertRules_List", "parameters": [ { "$ref": "#/parameters/ApiVersion" @@ -92,7 +92,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/ScheduledAlertRulesList" + "$ref": "#/definitions/AlertRulesList" } }, "default": { @@ -107,7 +107,7 @@ } } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/scheduledAlertRules/{ruleId}": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { "get": { "x-ms-examples": { "Get a scheduled alert rule.": { @@ -115,10 +115,10 @@ } }, "tags": [ - "Scheduled Alert Rules" + "Alert Rules" ], - "description": "Gets a scheduled alert rule.", - "operationId": "ScheduledAlertRules_Get", + "description": "Gets a alert rule.", + "operationId": "AlertRules_Get", "parameters": [ { "$ref": "#/parameters/ApiVersion" @@ -143,7 +143,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/ScheduledAlertRule" + "$ref": "#/definitions/AlertRule" } }, "default": { @@ -161,10 +161,10 @@ } }, "tags": [ - "Scheduled Alert Rules" + "Alert Rules" ], "description": "Creates or updates the alert rule.", - "operationId": "ScheduledAlertRules_Create", + "operationId": "AlertRules_Create", "parameters": [ { "$ref": "#/parameters/ApiVersion" @@ -185,20 +185,20 @@ "$ref": "#/parameters/RuleId" }, { - "$ref": "#/parameters/ScheduledAlertRule" + "$ref": "#/parameters/AlertRule" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/ScheduledAlertRule" + "$ref": "#/definitions/AlertRule" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/ScheduledAlertRule" + "$ref": "#/definitions/AlertRule" } }, "default": { @@ -216,10 +216,10 @@ } }, "tags": [ - "Scheduled Alert Rules" + "Alert Rules" ], "description": "Delete the alert rule.", - "operationId": "ScheduledAlertRules_Delete", + "operationId": "AlertRules_Delete", "parameters": [ { "$ref": "#/parameters/ApiVersion" @@ -337,19 +337,19 @@ } } }, - "ScheduledAlertRulesList":{ - "description": "List all the scheduled alert rules.", + "AlertRulesList":{ + "description": "List all the alert rules.", "properties": { "nextLink": { "readOnly": true, - "description": "URL to fetch the next set of scheduled alert rules.", + "description": "URL to fetch the next set of alert rules.", "type": "string" }, "value": { - "description": "Array of scheduled alert rules.", + "description": "Array of alert rules.", "type": "array", "items": { - "$ref": "#/definitions/ScheduledAlertRule" + "$ref": "#/definitions/AlertRule" } } }, @@ -357,26 +357,63 @@ "value" ] }, - "ScheduledAlertRule": { + "AlertRule": { "type": "object", "description": "Alert rule.", "allOf": [ { "$ref": "#/definitions/Resource" + }, + { + "$ref": "#/definitions/AlertRuleKind" } ], "properties": { "etag": { "type": "string", "description": "Etag of the alert rule." - }, - "properties": { - "x-ms-client-flatten": true, - "description": "Alert rule properties", - "$ref": "#/definitions/ScheduledAlertRuleProperties" } } }, + "AlertRuleKind": { + "type": "object", + "description": "Describes an Azure resource with kind.", + "properties": { + "kind": { + "type": "string", + "description": "The kind of the alert rule", + "enum": [ + "Scheduled" + ], + "x-ms-enum": { + "name": "AlertRuleKind", + "modelAsString": true, + "values": [ + { + "value": "Scheduled" + } + ] + } + } + } + }, + "ScheduledAlertRule": { + "x-ms-discriminator-value": "Scheduled", + "type": "object", + "description": "Represents scheduled alert rule.", + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Scheduled alert rule properties", + "$ref": "#/definitions/ScheduledAlertRuleProperties" + } + } + }, "ScheduledAlertRuleProperties": { "type": "object", "description": "Alert rule property bag.", @@ -542,13 +579,13 @@ "description": "Alert rule ID", "x-ms-parameter-location": "method" }, - "ScheduledAlertRule": { - "name": "scheduledAlertRule", + "AlertRule": { + "name": "AlertRule", "in": "body", "description": "The alert rule", "required": true, "schema": { - "$ref": "#/definitions/ScheduledAlertRule" + "$ref": "#/definitions/AlertRule" }, "x-ms-parameter-location": "method" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json index 90ee418b5349..c607352ac94a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json @@ -6,10 +6,11 @@ "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "scheduledAlertRule": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/scheduledAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/scheduledAlertRules", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "ruleName": "Rule2", @@ -29,9 +30,10 @@ "responses": { "200": { "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/scheduledAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/scheduledAlertRules", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "ruleName": "Rule2", @@ -51,9 +53,10 @@ }, "201": { "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/scheduledAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/scheduledAlertRules", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "ruleName": "Rule2", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json index c860fafe69d1..78e1755dd733 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json @@ -10,9 +10,10 @@ "responses": { "200": { "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/scheduledAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/scheduledAlertRules", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "ruleName": "Rule2", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json index 9cf73834e507..57767b28358e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json @@ -10,9 +10,10 @@ "200": { "body": [ { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/scheduledAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/scheduledAlertRules", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "ruleName": "Rule2", From 27d8376898b34d8f7a3c1a0f31ba53ca217afa57 Mon Sep 17 00:00:00 2001 From: nirgfani <46276114+nirgfani@users.noreply.github.com> Date: Mon, 28 Jan 2019 11:50:13 +0200 Subject: [PATCH 18/20] Fix some errors --- .../preview/2019-01-01-preview/SecurityInsights.json | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 1e5ba4aa49bc..a362342f53ee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -362,7 +362,7 @@ "description": "Alert rule.", "allOf": [ { - "$ref": "#/definitions/Resource" + "$ref": "#/definitions/Resource" }, { "$ref": "#/definitions/AlertRuleKind" @@ -408,7 +408,6 @@ ], "properties": { "properties": { - "x-ms-client-flatten": true, "description": "Scheduled alert rule properties", "$ref": "#/definitions/ScheduledAlertRuleProperties" } @@ -580,7 +579,7 @@ "x-ms-parameter-location": "method" }, "AlertRule": { - "name": "AlertRule", + "name": "alertRule", "in": "body", "description": "The alert rule", "required": true, From 0f74576d2fa0ae3526c5f42c39de849ddce62396 Mon Sep 17 00:00:00 2001 From: nirgfani <46276114+nirgfani@users.noreply.github.com> Date: Tue, 29 Jan 2019 07:51:57 +0200 Subject: [PATCH 19/20] Trying to solve the model validator issues --- .../preview/2019-01-01-preview/SecurityInsights.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index a362342f53ee..5f8821bf31f4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -360,6 +360,7 @@ "AlertRule": { "type": "object", "description": "Alert rule.", + "discriminator": "kind", "allOf": [ { "$ref": "#/definitions/Resource" @@ -408,6 +409,7 @@ ], "properties": { "properties": { + "x-ms-client-flatten": true, "description": "Scheduled alert rule properties", "$ref": "#/definitions/ScheduledAlertRuleProperties" } From 831ec101fa72c361773b8380c3ef488383cc66e8 Mon Sep 17 00:00:00 2001 From: nirgfani <46276114+nirgfani@users.noreply.github.com> Date: Tue, 29 Jan 2019 09:34:06 +0200 Subject: [PATCH 20/20] Fixing indentation --- .../2019-01-01-preview/SecurityInsights.json | 1123 +++++++++-------- 1 file changed, 564 insertions(+), 559 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 5f8821bf31f4..61c26d7174b5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -1,594 +1,599 @@ { - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2019-01-01-preview" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/providers/Microsoft.SecurityInsights/operations": { - "get": { - "operationId": "Operations_List", - "description": "Lists all operations available Azure Security Insights Resource Provider.", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - } - ], - "produces": [ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ "application/json" - ], - "responses": { - "200": { - "description": "OK. Successfully retrieved operations list.", - "schema": { - "$ref": "#/definitions/operationsList" - } + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { - "get": { - "x-ms-examples": { - "Get all scheduled alert rules.": { - "$ref": "./examples/GetScheduledAlertRules.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Gets all alert rules.", - "operationId": "AlertRules_List", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/OperationalInsightsResourceProvider" - }, - { - "$ref": "#/parameters/WorkspaceName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/AlertRulesList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" } - } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { - "get": { - "x-ms-examples": { - "Get a scheduled alert rule.": { - "$ref": "./examples/GetScheduledAlertRuleById.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Gets a alert rule.", - "operationId": "AlertRules_Get", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/OperationalInsightsResourceProvider" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/AlertRule" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" - } - } - } - }, - "put": { - "x-ms-examples": { - "Creates or updates a scheduled alert rule.": { - "$ref": "./examples/CreateScheduledAlertRule.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Creates or updates the alert rule.", - "operationId": "AlertRules_Create", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/OperationalInsightsResourceProvider" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - }, - { - "$ref": "#/parameters/AlertRule" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/AlertRule" - } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/AlertRule" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/operationsList" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } } - } - } - }, - "delete": { - "x-ms-examples": { - "Delete a scheduled alert rule.": { - "$ref": "./examples/DeleteScheduledAlertRule.json" - } }, - "tags": [ - "Alert Rules" - ], - "description": "Delete the alert rule.", - "operationId": "AlertRules_Delete", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/OperationalInsightsResourceProvider" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - } - ], - "responses": { - "200": { - "description": "OK" - }, - "204": { - "description": "No Content" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "x-ms-examples": { + "Get all scheduled alert rules.": { + "$ref": "./examples/GetScheduledAlertRules.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "operationId": "AlertRules_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } } - } - } - } - } - }, - "definitions": { - "operation": { - "description": "Operation provided by provider", - "properties": { - "name": { - "type": "string", - "description": "Name of the operation" - }, - "display": { - "type": "object", - "description": "Properties of the operation", - "properties": { - "provider": { - "type": "string", - "description": "Provider name" - }, - "resource": { - "type": "string", - "description": "Resource name" - }, - "operation": { - "type": "string", - "description": "Operation name" - }, - "description": { - "type": "string", - "description": "Description of the operation" - } - } - } - } - }, - "operationsList": { - "description": "Lists the operations available in the SecurityInsights RP.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of operations.", - "type": "string" }, - "value": { - "description": "Array of operations", - "type": "array", - "items": { - "$ref": "#/definitions/operation" - } - } - }, - "required": [ - "value" - ] - }, - "CloudError": { - "x-ms-external": true, - "type": "object", - "description": "Error response structure.", - "properties": { - "error": { - "x-ms-client-flatten": true, - "description": "Error data", - "$ref": "#/definitions/CloudErrorBody" - } - } - }, - "CloudErrorBody": { - "x-ms-external": true, - "type": "object", - "description": "Error details.", - "properties": { - "code": { - "readOnly": true, - "type": "string", - "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." - }, - "message": { - "readOnly": true, - "type": "string", - "description": "A message describing the error, intended to be suitable for display in a user interface." - } - } - }, - "AlertRulesList":{ - "description": "List all the alert rules.", - "properties": { - "nextLink": { - "readOnly": true, - "description": "URL to fetch the next set of alert rules.", - "type": "string" - }, - "value": { - "description": "Array of alert rules.", - "type": "array", - "items": { - "$ref": "#/definitions/AlertRule" - } - } - }, - "required": [ - "value" - ] - }, - "AlertRule": { - "type": "object", - "description": "Alert rule.", - "discriminator": "kind", - "allOf": [ - { - "$ref": "#/definitions/Resource" - }, - { - "$ref": "#/definitions/AlertRuleKind" - } - ], - "properties": { - "etag": { - "type": "string", - "description": "Etag of the alert rule." - } - } - }, - "AlertRuleKind": { - "type": "object", - "description": "Describes an Azure resource with kind.", - "properties": { - "kind": { - "type": "string", - "description": "The kind of the alert rule", - "enum": [ - "Scheduled" + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get a scheduled alert rule.": { + "$ref": "./examples/GetScheduledAlertRuleById.json" + } + }, + "tags": [ + "Alert Rules" ], - "x-ms-enum": { - "name": "AlertRuleKind", - "modelAsString": true, - "values": [ - { - "value": "Scheduled" + "description": "Gets a alert rule.", + "operationId": "AlertRules_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a scheduled alert rule.": { + "$ref": "./examples/CreateScheduledAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "operationId": "AlertRules_Create", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AlertRule" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" } - ] + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a scheduled alert rule.": { + "$ref": "./examples/DeleteScheduledAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "operationId": "AlertRules_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } } } } }, - "ScheduledAlertRule": { - "x-ms-discriminator-value": "Scheduled", - "type": "object", - "description": "Represents scheduled alert rule.", - "allOf": [ - { - "$ref": "#/definitions/AlertRule" + "definitions": { + "operation": { + "description": "Operation provided by provider", + "properties": { + "name": { + "type": "string", + "description": "Name of the operation" + }, + "display": { + "type": "object", + "description": "Properties of the operation", + "properties": { + "provider": { + "type": "string", + "description": "Provider name" + }, + "resource": { + "type": "string", + "description": "Resource name" + }, + "operation": { + "type": "string", + "description": "Operation name" + }, + "description": { + "type": "string", + "description": "Description of the operation" + } + } + } } - ], - "properties": { + }, + "operationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of operations.", + "type": "string" + }, + "value": { + "description": "Array of operations", + "type": "array", + "items": { + "$ref": "#/definitions/operation" + } + } + }, + "required": [ + "value" + ] + }, + "CloudError": { + "x-ms-external": true, + "type": "object", + "description": "Error response structure.", "properties": { - "x-ms-client-flatten": true, - "description": "Scheduled alert rule properties", - "$ref": "#/definitions/ScheduledAlertRuleProperties" + "error": { + "x-ms-client-flatten": true, + "description": "Error data", + "$ref": "#/definitions/CloudErrorBody" + } } - } - }, - "ScheduledAlertRuleProperties": { - "type": "object", - "description": "Alert rule property bag.", - "properties": { - "ruleName": { - "type": "string", - "description": "The name for alerts created by this alert rule." }, - "description": { - "type": "string", - "description": "The description of the alert rule." + "CloudErrorBody": { + "x-ms-external": true, + "type": "object", + "description": "Error details.", + "properties": { + "code": { + "readOnly": true, + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "readOnly": true, + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + } }, - "severity": { - "type": "string", - "enum": ["Low", "Medium", "High", "Informational"], - "x-ms-enum": { - "name": "Severity", - "modelAsString": false - }, - "description": "The severity for alerts created by this alert rule." + "AlertRulesList": { + "description": "List all the alert rules.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of alert rules.", + "type": "string" + }, + "value": { + "description": "Array of alert rules.", + "type": "array", + "items": { + "$ref": "#/definitions/AlertRule" + } + } + }, + "required": [ + "value" + ] }, - "enabled": { - "type": "boolean", - "description": "Determines whether this alert rule is enabled or disabled." + "AlertRule": { + "type": "object", + "description": "Alert rule.", + "discriminator": "kind", + "allOf": [ + { + "$ref": "#/definitions/Resource" + }, + { + "$ref": "#/definitions/AlertRuleKind" + } + ], + "properties": { + "etag": { + "type": "string", + "description": "Etag of the alert rule." + } + } }, - "query": { - "type": "string", - "description": "The query that creates alerts for this rule." + "AlertRuleKind": { + "type": "object", + "description": "Describes an Azure resource with kind.", + "properties": { + "kind": { + "type": "string", + "description": "The kind of the alert rule", + "enum": [ + "Scheduled" + ], + "x-ms-enum": { + "name": "AlertRuleKind", + "modelAsString": true, + "values": [ + { + "value": "Scheduled" + } + ] + } + } + } }, - "queryFrequency": { - "type": "string", - "format": "duration", - "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." + "ScheduledAlertRule": { + "x-ms-discriminator-value": "Scheduled", + "type": "object", + "description": "Represents scheduled alert rule.", + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Scheduled alert rule properties", + "$ref": "#/definitions/ScheduledAlertRuleProperties" + } + } }, - "queryPeriod": { - "type": "string", - "format": "duration", - "description": "The period (in ISO 8601 duration format) that this alert rule looks at." + "ScheduledAlertRuleProperties": { + "type": "object", + "description": "Alert rule property bag.", + "properties": { + "ruleName": { + "type": "string", + "description": "The name for alerts created by this alert rule." + }, + "description": { + "type": "string", + "description": "The description of the alert rule." + }, + "severity": { + "type": "string", + "enum": [ + "Low", + "Medium", + "High", + "Informational" + ], + "x-ms-enum": { + "name": "Severity", + "modelAsString": false + }, + "description": "The severity for alerts created by this alert rule." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "queryFrequency": { + "type": "string", + "format": "duration", + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." + }, + "queryPeriod": { + "type": "string", + "format": "duration", + "description": "The period (in ISO 8601 duration format) that this alert rule looks at." + }, + "triggerOperator": { + "type": "string", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "x-ms-enum": { + "name": "triggerOperator", + "modelAsString": false + }, + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "type": "integer", + "description": "The threshold triggers this alert rule." + }, + "suppressionEnabled": { + "type": "boolean", + "description": "Determines whether the suppression for this alert rule is enabled or disabled." + }, + "suppressionDuration": { + "type": "string", + "format": "duration", + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered." + }, + "lastModifiedUtc": { + "type": "string", + "readOnly": true, + "description": "The last time that this alert has been modified." + } + }, + "required": [ + "ruleName", + "description", + "severity", + "enabled", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "suppressionEnabled", + "suppressionDuration" + ] }, - "triggerOperator": { - "type": "string", - "enum": [ - "GreaterThan", - "LessThan", - "Equal", - "NotEqual" - ], - "x-ms-enum": { - "name": "triggerOperator", - "modelAsString": false - }, - "description": "The operation against the threshold that triggers alert rule." + "Resource": { + "x-ms-azure-resource": true, + "description": "An azure resource object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Azure resource Id" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "Azure resource type" + }, + "name": { + "type": "string", + "readOnly": true, + "description": "Azure resource name" + } + } + } + }, + "parameters": { + "SubscriptionId": { + "name": "subscriptionId", + "in": "path", + "required": true, + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "type": "string", + "description": "Azure subscription ID" }, - "triggerThreshold": { - "type": "integer", - "description": "The threshold triggers this alert rule." + "ResourceGroupName": { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90, + "x-ms-parameter-location": "method" }, - "suppressionEnabled": { - "type": "boolean", - "description": "Determines whether the suppression for this alert rule is enabled or disabled." + "ApiVersion": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "enum": [ + "2019-01-01-preview" + ], + "description": "API version for the operation" }, - "suppressionDuration": { - "type": "string", - "format": "duration", - "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered." + "OperationalInsightsResourceProvider": { + "name": "operationalInsightsResourceProvider", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "x-ms-parameter-location": "method" }, - "lastModifiedUtc": { - "type": "string", - "readOnly": true, - "description": "The last time that this alert has been modified." - } - }, - "required": [ - "ruleName", - "description", - "severity", - "enabled", - "query", - "queryFrequency", - "queryPeriod", - "triggerOperator", - "triggerThreshold", - "suppressionEnabled", - "suppressionDuration" - ] - }, - "Resource": { - "x-ms-azure-resource": true, - "description": "An azure resource object", - "properties": { - "id": { - "type": "string", - "readOnly": true, - "description": "Azure resource Id" + "WorkspaceName": { + "name": "workspaceName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the workspace.", + "minLength": 1, + "maxLength": 90, + "x-ms-parameter-location": "method" }, - "type": { - "type": "string", - "readOnly": true, - "description": "Azure resource type" + "RuleId": { + "name": "ruleId", + "in": "path", + "required": true, + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "type": "string", + "description": "Alert rule ID", + "x-ms-parameter-location": "method" }, - "name": { - "type": "string", - "readOnly": true, - "description": "Azure resource name" + "AlertRule": { + "name": "alertRule", + "in": "body", + "description": "The alert rule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" } - } - } - }, - "parameters": { - "SubscriptionId": { - "name": "subscriptionId", - "in": "path", - "required": true, - "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", - "type": "string", - "description": "Azure subscription ID" - }, - "ResourceGroupName": { - "name": "resourceGroupName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the resource group within the user's subscription. The name is case insensitive.", - "pattern": "^[-\\w\\._\\(\\)]+$", - "minLength": 1, - "maxLength": 90, - "x-ms-parameter-location": "method" - }, - "ApiVersion": { - "name": "api-version", - "in": "query", - "required": true, - "type": "string", - "enum": [ - "2019-01-01-preview" - ], - "description": "API version for the operation" - }, - "OperationalInsightsResourceProvider": { - "name": "operationalInsightsResourceProvider", - "in": "path", - "required": true, - "type": "string", - "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", - "x-ms-parameter-location": "method" - }, - "WorkspaceName": { - "name": "workspaceName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the workspace.", - "minLength": 1, - "maxLength": 90, - "x-ms-parameter-location": "method" - }, - "RuleId": { - "name": "ruleId", - "in": "path", - "required": true, - "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", - "type": "string", - "description": "Alert rule ID", - "x-ms-parameter-location": "method" - }, - "AlertRule": { - "name": "alertRule", - "in": "body", - "description": "The alert rule", - "required": true, - "schema": { - "$ref": "#/definitions/AlertRule" - }, - "x-ms-parameter-location": "method" } - } } \ No newline at end of file