From 915b74e0067eac31af7af90a3cd139f5ebd14311 Mon Sep 17 00:00:00 2001 From: Dor Segal Date: Tue, 10 Dec 2019 20:15:47 +0200 Subject: [PATCH 1/2] added new entity type + updated examples --- .../2019-01-01-preview/SecurityInsights.json | 85 +++++++++++++++++++ .../entities/GetAzureResourceEntityById.json | 2 +- .../entities/GetIoTDeviceEntityById.json | 25 ++++++ .../entities/GetSecurityGroupEntityById.json | 2 +- 4 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index e7d8ee703546..18bc3b02d126 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -1914,6 +1914,9 @@ }, "Get a url entity.": { "$ref": "./examples/entities/GetUrlEntityById.json" + }, + "Get an IoT device entity.": { + "$ref": "./examples/entities/GetIoTDeviceEntityById.json" } }, "tags": [ @@ -4073,6 +4076,7 @@ "RegistryValue", "SecurityGroup", "Url", + "IoTDevice", "SecurityAlert", "Bookmark" ], @@ -4137,6 +4141,10 @@ "description": "Entity represents url in the system.", "value": "Url" }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, { "description": "Entity represents security alert in the system.", "value": "SecurityAlert" @@ -4165,6 +4173,7 @@ "RegistryValue", "SecurityGroup", "URL", + "IoTDevice", "SecurityAlert", "HuntingBookmark" ], @@ -4229,6 +4238,10 @@ "description": "Entity represents url in the system.", "value": "URL" }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, { "description": "Entity represents security alert in the system.", "value": "SecurityAlert" @@ -6297,6 +6310,78 @@ }, "type": "object" }, + "IoTDeviceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an IoT device entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDeviceEntityProperties", + "description": "IoTDevice entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IoTDevice" + }, + "IoTDeviceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "IoTDevice entity property bag.", + "properties": { + "deviceId": { + "description": "The ID of the IoT Device in the IoT Hub", + "readOnly": true, + "type": "string" + }, + "iotSecurityAgentId": { + "description": "The ID of the security agent running on the device", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "deviceType": { + "description": "The type of the device", + "readOnly": true, + "type": "string" + }, + "vendor": { + "description": "The vendor of the device", + "readOnly": true, + "type": "string" + }, + "edgeId": { + "description": "The ID of the edge device", + "readOnly": true, + "type": "string" + }, + "iotHubEntityId": { + "description": "The AzureResource entity id of the IoT Hub", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id of this device", + "readOnly": true, + "type": "string" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the IoTDevice entity.", + "items": { + "$ref": "#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, "UserInfo": { "description": "User information that made some action", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json index 97929b3d5a02..d630c9f4f3ec 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json @@ -15,7 +15,7 @@ "type": "Microsoft.SecurityInsights/entities", "kind": "AzureResource", "properties": { - "friendlyName": "Resource", + "friendlyName": "vm1", "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1" } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json new file mode 100644 index 000000000000..037fdaa249f1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "IoTDevice", + "properties": { + "friendlyName": "device1", + "deviceId": "device1", + "iotHubEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json index 856ea6f4465d..181fb12aeb9b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json @@ -15,7 +15,7 @@ "type": "Microsoft.SecurityInsights/entities", "kind": "SecurityGroup", "properties": { - "friendlyName": "Group", + "friendlyName": "Name", "distinguishedName": "Name", "sid": "Sid", "objectGuid": "fb1b8e04-d944-4986-b39a-1ce9adedcd98" From ed3a086407475e6dce08ff9e6ab66c40313181f5 Mon Sep 17 00:00:00 2001 From: Dor Segal Date: Tue, 10 Dec 2019 22:01:41 +0200 Subject: [PATCH 2/2] fixed test error --- .../2019-01-01-preview/SecurityInsights.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 18bc3b02d126..28375f14fcf9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -2677,6 +2677,9 @@ } } }, + "required": [ + "kind" + ], "type": "object" }, "AlertRule": { @@ -2720,6 +2723,9 @@ } } }, + "required": [ + "kind" + ], "type": "object" }, "AlertRuleTemplate": { @@ -3866,6 +3872,9 @@ } } }, + "required": [ + "kind" + ], "type": "object" }, "DataConnectorList": { @@ -4261,6 +4270,9 @@ "description": "The kind of the entity." } }, + "required": [ + "kind" + ], "type": "object" }, "EntityList": { @@ -6111,6 +6123,9 @@ } } }, + "required": [ + "kind" + ], "type": "object" }, "TIDataConnector": {