From b504a0d95d6e5986f1a536f58594a3442b004042 Mon Sep 17 00:00:00 2001 From: Nitsan Bracha Date: Tue, 3 Mar 2020 09:26:42 +0200 Subject: [PATCH 01/12] Adding new stable alerts API version 2020-01-01. This updated version contains new alert (return value) schema, and a new state: "resolved". --- .../stable/2020-01-01/alerts.json | 997 ++++++++++++++++++ ...GetAlertResourceGroupLocation_example.json | 72 ++ .../GetAlertSubscriptionLocation_example.json | 71 ++ ...etAlertsResourceGroupLocation_example.json | 73 ++ .../GetAlertsResourceGroup_example.json | 72 ++ .../Alerts/GetAlertsSubscription_example.json | 172 +++ ...etAlertsSubscriptionsLocation_example.json | 173 +++ ...ateAlertResourceGroupLocation_example.json | 13 + ...ResourceGroupLocation_resolve_example.json | 13 + ...dateAlertSubscriptionLocation_example.json | 12 + ...tSubscriptionLocation_resolve_example.json | 12 + 11 files changed, 1680 insertions(+) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertResourceGroupLocation_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertResourceGroupLocation_resolve_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertSubscriptionLocation_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertSubscriptionLocation_resolve_example.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json new file mode 100644 index 000000000000..4d743b708963 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json @@ -0,0 +1,997 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) alerts resource provider", + "version": "2020-01-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [{ + "azure_auth": [ + "user_impersonation" + ] + }], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/alerts": { + "get": { + "x-ms-examples": { + "Get security alerts on a subscription": { + "$ref": "./examples/Alerts/GetAlertsSubscription_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "List all the alerts that are associated with the subscription", + "operationId": "Alerts_List", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataSelect" + }, + { + "$ref": "#/parameters/ODataExpand" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/alerts": { + "get": { + "x-ms-examples": { + "Get security alerts on a resource group": { + "$ref": "./examples/Alerts/GetAlertsResourceGroup_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "List all the alerts that are associated with the resource group", + "operationId": "Alerts_ListByResourceGroup", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataSelect" + }, + { + "$ref": "#/parameters/ODataExpand" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts": { + "get": { + "x-ms-examples": { + "Get security alerts on a subscription from a security data location": { + "$ref": "./examples/Alerts/GetAlertsSubscriptionsLocation_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "List all the alerts that are associated with the subscription that are stored in a specific location", + "operationId": "Alerts_ListSubscriptionLevelByRegion", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataSelect" + }, + { + "$ref": "#/parameters/ODataExpand" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts": { + "get": { + "x-ms-examples": { + "Get security alerts on a resource group from a security data location": { + "$ref": "./examples/Alerts/GetAlertsResourceGroupLocation_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "List all the alerts that are associated with the resource group that are stored in a specific location", + "operationId": "Alerts_ListResourceGroupLevelByRegion", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataSelect" + }, + { + "$ref": "#/parameters/ODataExpand" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}": { + "get": { + "x-ms-examples": { + "Get security alert on a subscription from a security data location": { + "$ref": "./examples/Alerts/GetAlertSubscriptionLocation_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "Get an alert that is associated with a subscription", + "operationId": "Alerts_GetSubscriptionLevel", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/AlertName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Alert" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}": { + "get": { + "x-ms-examples": { + "Get security alert on a resource group from a security data location": { + "$ref": "./examples/Alerts/GetAlertResourceGroupLocation_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "Get an alert that is associated a resource group or a resource in a resource group", + "operationId": "Alerts_GetResourceGroupLevel", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/AlertName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Alert" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/dismiss": { + "post": { + "x-ms-examples": { + "Update security alert state on a subscription from a security data location": { + "$ref": "./examples/Alerts/UpdateAlertSubscriptionLocation_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "Update the alert's state", + "operationId": "Alerts_UpdateSubscriptionLevelStateToDismiss", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/AlertName" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/resolve": { + "post": { + "x-ms-examples": { + "Update security alert state on a subscription from a security data location": { + "$ref": "./examples/Alerts/UpdateAlertSubscriptionLocation_resolve_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "Update the alert's state", + "operationId": "Alerts_UpdateSubscriptionLevelStateToResolve", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/AlertName" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate": { + "post": { + "x-ms-examples": { + "Update security alert state on a subscription from a security data location": { + "$ref": "./examples/Alerts/UpdateAlertSubscriptionLocation_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "Update the alert's state", + "operationId": "Alerts_UpdateSubscriptionLevelStateToReactivate", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/AlertName" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/resolve": { + "post": { + "x-ms-examples": { + "Update security alert state on a resource group from a security data location": { + "$ref": "./examples/Alerts/UpdateAlertResourceGroupLocation_resolve_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "Update the alert's state", + "operationId": "Alerts_UpdateResourceGroupLevelStateToResolve", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/AlertName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/dismiss": { + "post": { + "x-ms-examples": { + "Update security alert state on a resource group from a security data location": { + "$ref": "./examples/Alerts/UpdateAlertResourceGroupLocation_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "Update the alert's state", + "operationId": "Alerts_UpdateResourceGroupLevelStateToDismiss", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/AlertName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate": { + "post": { + "x-ms-examples": { + "Update security alert state on a resource group from a security data location": { + "$ref": "./examples/Alerts/UpdateAlertResourceGroupLocation_example.json" + } + }, + "tags": [ + "Alerts" + ], + "description": "Update the alert's state", + "operationId": "Alerts_UpdateResourceGroupLevelStateToReactivate", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/AlertName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "Alert": { + "type": "object", + "description": "Security alert", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "describes security alert properties.", + "$ref": "#/definitions/AlertProperties" + } + }, + "allOf": [{ + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }] + }, + "AlertEntity": { + "type": "object", + "additionalProperties": true, + "description": "Changing set of properties depending on the entity type.", + "properties": { + "type": { + "readOnly": true, + "type": "string", + "description": "Type of entity" + } + } + }, + "AlertExtendedLinks": { + "type": "object", + "additionalProperties": true, + "description": "Links related to the alert" + }, + "AlertExtendedProperties": { + "type": "object", + "additionalProperties": true, + "description": "Custom properties for the alert." + }, + "AlertList": { + "type": "object", + "description": "List of security alerts", + "properties": { + "value": { + "type": "array", + "description": "describes security alert properties.", + "items": { + "$ref": "#/definitions/Alert" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "AlertProperties": { + "type": "object", + "description": "describes security alert properties.", + "properties": { + "alertType": { + "readOnly": true, + "type": "string", + "description": "Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType)." + }, + "systemAlertId": { + "readOnly": true, + "type": "string", + "description": "Unique identifier for the alert." + }, + "productComponentName": { + "readOnly": true, + "type": "string", + "description": "The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing" + }, + "alertDisplayName": { + "readOnly": true, + "type": "string", + "description": "The display name of the alert." + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Description of the suspicious activity that was detected." + }, + "severity": { + "readOnly": true, + "type": "string", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "severity", + "modelAsString": true, + "values": [{ + "value": "Informational", + "description": "Informational" + }, + { + "value": "Low", + "description": "Low" + }, + { + "value": "Medium", + "description": "Medium" + }, + { + "value": "High", + "description": "High" + } + ] + }, + "description": "The risk level of the threat that was detected. Possible Values: Informational, Low, Medium, and High. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified." + }, + "intent": { + "readOnly": true, + "type": "string", + "enum": [ + "Unknown", + "PreAttack", + "InitialAccess", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "Probing", + "Exploitation" + ], + "x-ms-enum": { + "name": "intent", + "modelAsString": true, + "values": [{ + "value": "Unknown", + "description": "Unknown" + }, + { + "value": "PreAttack", + "description": "PreAttack could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt, originating from outside the network, to scan the target system and find a way in. Further details on the PreAttack stage can be read in [MITRE Pre-Att&ck matrix](https://attack.mitre.org/matrices/pre/)." + }, + { + "value": "InitialAccess", + "description": "InitialAccess is the stage where an attacker manages to get foothold on the attacked resource." + }, + { + "value": "Persistence", + "description": "Persistence is any access, action, or configuration change to a system that gives a threat actor a persistent presence on that system." + }, + { + "value": "PrivilegeEscalation", + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network." + }, + { + "value": "DefenseEvasion", + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses." + }, + { + "value": "CredentialAccess", + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment." + }, + { + "value": "Discovery", + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network." + }, + { + "value": "LateralMovement", + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems." + }, + { + "value": "Execution", + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system." + }, + { + "value": "Collection", + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration." + }, + { + "value": "Exfiltration", + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network." + }, + { + "value": "CommandAndControl", + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network." + }, + { + "value": "Impact", + "description": "Impact events primarily try to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process." + }, + { + "value": "Probing", + "description": "Probing could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation." + }, + { + "value": "Exploitation", + "description": "Exploitation is the stage where an attacker manages to get a foothold on the attacked resource. This stage is relevant for compute hosts and resources such as user accounts, certificates etc." + } + ] + }, + "description": "The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents." + }, + "startTimeUtc": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The UTC time of the first event or activity included in the alert in ISO8601 format." + }, + "endTimeUtc": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The UTC time of the last event or activity included in the alert in ISO8601 format." + }, + "resourceIdentifiers": { + "readOnly": true, + "type": "array", + "description": "The resource identifiers for this alert which can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.", + "items": { + "$ref": "#/definitions/ResourceIdentifier" + } + }, + "remediationSteps": { + "readOnly": true, + "type": "array", + "description": "Manual action items to take to remediate the alert.", + "items": { + "readOnly": true, + "type": "string" + } + }, + "vendorName": { + "readOnly": true, + "type": "string", + "description": "The name of the vendor that raises the alert." + }, + "status": { + "readOnly": true, + "type": "string", + "enum": [ + "Active", + "Resolved", + "Dismissed" + ], + "x-ms-enum": { + "name": "status", + "modelAsString": true, + "values": [ + { + "value": "Active", + "description": "An alert which doesn't specify a value is assigned the status 'Active'" + }, + { + "value": "Resolved", + "description": "Alert closed after handling" + }, + { + "value": "Dismissed", + "description": "Alert dismissed as false positive" + } + ] + }, + "description": "The life cycle status of the alert. Supported statuses are: Active, Resolved, Dismissed." + }, + "extendedLinks": { + "readOnly": true, + "type": "array", + "description": "Links related to the alert", + "items": { + "$ref": "#/definitions/AlertExtendedLinks" + } + }, + "alertUri": { + "readOnly": true, + "type": "string", + "description": "A direct link to the alert page in Azure Portal." + }, + "timeGenerated": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The UTC time the alert was generated in ISO8601 format." + }, + "productName": { + "readOnly": true, + "type": "string", + "description": "The name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on)." + }, + "processingEndTime": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The UTC processing end time of the alert in ISO8601 format." + }, + "entities": { + "readOnly": true, + "type": "array", + "description": "A list of entities related to the alert.", + "items": { + "$ref": "#/definitions/AlertEntity" + } + }, + "isIncident": { + "readOnly": true, + "type": "boolean", + "description": "This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert." + }, + "correlationKey": { + "readOnly": true, + "type": "string", + "description": "Key for corelating related alerts. Alerts with the same correlation key considered to be related." + }, + "extendedProperties": { + "$ref": "#/definitions/AlertExtendedProperties", + "description": "Custom properties for the alert." + }, + "compromisedEntity": { + "readOnly": true, + "type": "string", + "description": "The display name of the resource most related to this alert." + } + } + }, + "AzureResourceIdentifier": { + "type": "object", + "description": "Azure resource identifier.", + "x-ms-discriminator-value": "AzureResource", + "allOf": [{ + "$ref": "#/definitions/ResourceIdentifier" + }], + "properties": { + "azureResourceId": { + "readOnly": true, + "type": "string", + "description": "ARM resource identifier for the cloud resource being alerted on" + } + } + }, + "LogAnalyticsIdentifier": { + "type": "object", + "description": "Represents a Log Analytics workspace scope identifier.", + "x-ms-discriminator-value": "LogAnalytics", + "allOf": [{ + "$ref": "#/definitions/ResourceIdentifier" + }], + "properties": { + "workspaceId": { + "readOnly": true, + "type": "string", + "description": "The LogAnalytics workspace id that stores this alert." + }, + "workspaceSubscriptionId": { + "readOnly": true, + "type": "string", + "description": "The azure subscription id for the LogAnalytics workspace storing this alert.", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$" + }, + "workspaceResourceGroup": { + "readOnly": true, + "type": "string", + "description": "The azure resource group for the LogAnalytics workspace storing this alert" + }, + "agentId": { + "readOnly": true, + "type": "string", + "description": "(optional) The LogAnalytics agent id reporting the event that this alert is based on." + } + } + }, + "ResourceIdentifier": { + "type": "object", + "description": "A resource identifier for an alert which can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.).", + "discriminator": "type", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "description": "There can be multiple identifiers of different type per alert, this field specify the identifier type.", + "enum": [ + "AzureResource", + "LogAnalytics" + ], + "x-ms-enum": { + "name": "ResourceIdentifierType", + "modelAsString": true, + "values": [{ + "value": "AzureResource" + }, + { + "value": "LogAnalytics" + } + ] + } + } + } + } + }, + "parameters": { + "ODataFilter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "OData filter. Optional.", + "x-ms-parameter-location": "method" + }, + "ODataSelect": { + "name": "$select", + "in": "query", + "required": false, + "type": "string", + "description": "OData select. Optional.", + "x-ms-parameter-location": "method" + }, + "ODataExpand": { + "name": "$expand", + "in": "query", + "required": false, + "type": "string", + "description": "OData expand. Optional.", + "x-ms-parameter-location": "method" + }, + "AlertName": { + "name": "alertName", + "in": "path", + "required": true, + "type": "string", + "description": "Name of the alert object", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json new file mode 100644 index 000000000000..88d222bf9a5e --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myRg1", + "ascLocation": "westeurope", + "alertName": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", + "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "type": "Microsoft.Security/Locations/alerts", + "properties": { + "alertType": "VM_EICAR", + "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "productComponentName": "", + "alertDisplayName": "Azure Security Center test alert (not a threat)", + "description": "This is a test alert generated by Azure Security Center. No further action is needed.", + "severity": "High", + "intent": "Execution", + "startTimeUtc": "2020-02-22T00:00:00.0000000Z", + "endTimeUtc": "2020-02-22T00:00:00.0000000Z", + "resourceIdentifiers": [{ + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + }], + "remediationSteps": [ + "No further action is needed." + ], + "vendorName": "Microsoft", + "status": "New", + "extendedLinks": [{ + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + }], + "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", + "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "productName": "Azure Security Center", + "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "entities": [{ + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + }], + "isIncident": true, + "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", + "extendedProperties": { + "Property1": "Property1 information" + }, + "compromisedEntity": "vm1" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json new file mode 100644 index 000000000000..816828044cc9 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json @@ -0,0 +1,71 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "ascLocation": "westeurope", + "alertName": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", + "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "type": "Microsoft.Security/Locations/alerts", + "properties": { + "alertType": "VM_EICAR", + "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "productComponentName": "", + "alertDisplayName": "Azure Security Center test alert (not a threat)", + "description": "This is a test alert generated by Azure Security Center. No further action is needed.", + "severity": "High", + "intent": "Execution", + "startTimeUtc": "2020-02-22T00:00:00.0000000Z", + "endTimeUtc": "2020-02-22T00:00:00.0000000Z", + "resourceIdentifiers": [{ + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + }], + "remediationSteps": [ + "No further action is needed." + ], + "vendorName": "Microsoft", + "status": "New", + "extendedLinks": [{ + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + }], + "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", + "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "productName": "Azure Security Center", + "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "entities": [{ + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + }], + "isIncident": true, + "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", + "extendedProperties": { + "Property1": "Property1 information" + }, + "compromisedEntity": "vm1" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json new file mode 100644 index 000000000000..c34bf78a4b2d --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json @@ -0,0 +1,73 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myRg1", + "ascLocation": "westeurope" + }, + "responses": { + "200": { + "body": { + "value": [{ + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", + "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "type": "Microsoft.Security/Locations/alerts", + "properties": { + "alertType": "VM_EICAR", + "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "productComponentName": "", + "alertDisplayName": "Azure Security Center test alert (not a threat)", + "description": "This is a test alert generated by Azure Security Center. No further action is needed.", + "severity": "High", + "intent": "Execution", + "startTimeUtc": "2020-02-22T00:00:00.0000000Z", + "endTimeUtc": "2020-02-22T00:00:00.0000000Z", + "resourceIdentifiers": [{ + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + }], + "remediationSteps": [ + "No further action is needed." + ], + "vendorName": "Microsoft", + "status": "New", + "extendedLinks": [{ + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + }], + "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", + "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "productName": "Azure Security Center", + "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "entities": [{ + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + }], + "isIncident": true, + "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", + "extendedProperties": { + "Property1": "Property1 information" + }, + "compromisedEntity": "vm1" + } + }] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json new file mode 100644 index 000000000000..61c9e4f4f911 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myRg1" + }, + "responses": { + "200": { + "body": { + "value": [{ + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", + "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "type": "Microsoft.Security/Locations/alerts", + "properties": { + "alertType": "VM_EICAR", + "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "productComponentName": "", + "alertDisplayName": "Azure Security Center test alert (not a threat)", + "description": "This is a test alert generated by Azure Security Center. No further action is needed.", + "severity": "High", + "intent": "Execution", + "startTimeUtc": "2020-02-22T00:00:00.0000000Z", + "endTimeUtc": "2020-02-22T00:00:00.0000000Z", + "resourceIdentifiers": [{ + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + }], + "remediationSteps": [ + "No further action is needed." + ], + "vendorName": "Microsoft", + "status": "New", + "extendedLinks": [{ + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + }], + "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", + "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "productName": "Azure Security Center", + "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "entities": [{ + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + }], + "isIncident": true, + "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", + "extendedProperties": { + "Property1": "Property1 information" + }, + "compromisedEntity": "vm1" + } + }] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json new file mode 100644 index 000000000000..dd4acaea586b --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json @@ -0,0 +1,172 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [{ + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", + "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "type": "Microsoft.Security/Locations/alerts", + "properties": { + "alertType": "VM_EICAR", + "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "productComponentName": "", + "alertDisplayName": "Azure Security Center test alert (not a threat)", + "description": "This is a test alert generated by Azure Security Center. No further action is needed.", + "severity": "High", + "intent": "Execution", + "startTimeUtc": "2020-02-22T00:00:00.0000000Z", + "endTimeUtc": "2020-02-22T00:00:00.0000000Z", + "resourceIdentifiers": [{ + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + }], + "remediationSteps": [ + "No further action is needed." + ], + "vendorName": "Microsoft", + "status": "New", + "extendedLinks": [{ + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + }], + "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", + "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "productName": "Azure Security Center", + "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "entities": [{ + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + }], + "isIncident": true, + "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", + "extendedProperties": { + "Property1": "Property1 information" + }, + "compromisedEntity": "vm1" + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg2/providers/Microsoft.Security/locations/westeurope/alerts/2518765996949954086_2325cf9e-42a2-4f72-ae7f-9b863cba2d22", + "name": "2518765996949954086_2325cf9e-42a2-4f72-ae7f-9b863cba2d22", + "type": "Microsoft.Security/Locations/alerts", + "properties": { + "alertType": "VM_SuspiciousScreenSaver", + "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "productComponentName": "", + "alertDisplayName": "Suspicious Screensaver process executed", + "description": "The process ‘c:\\users\\contosoUser\\scrsave.scr’ was observed executing from an uncommon location. Files with the .scr extensions are screen saver files and are normally reside and execute from the Windows system directory.", + "severity": "Medium", + "intent": "Execution", + "startTimeUtc": "2019-05-07T13:51:45.0045913Z", + "endTimeUtc": "2019-05-07T13:51:45.0045913Z", + "resourceIdentifiers": [{ + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + }], + "remediationSteps": [ + "1. Run Process Explorer and try to identify unknown running processes (see https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)", + "2. Make sure the machine is completely updated and has an updated anti-malware application installed", + "3. Run a full anti-malware scan and verify that the threat was removed", + "4. Install and run Microsoft’s Malicious Software Removal Tool (see https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx)", + "5. Run Microsoft’s Autoruns utility and try to identify unknown applications that are configured to run at login (see https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)", + "6. Escalate the alert to the information security team" + ], + "vendorName": "Microsoft", + "status": "New", + "extendedLinks": [{ + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + }], + "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", + "timeGenerated": "2019-05-07T13:51:48.3810457Z", + "productName": "Azure Security Center", + "processingEndTime": "2019-05-07T13:51:48.9810457Z", + "entities": [{ + "dnsDomain": "", + "ntDomain": "", + "hostName": "vm2", + "netBiosName": "vm2", + "azureID": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/myRg2/providers/microsoft.compute/virtualmachines/vm2", + "omsAgentID": "45b44640-3b94-4892-a28c-4a5cae27065a", + "operatingSystem": "Unknown", + "type": "host", + "OsVersion": null + }, + { + "name": "contosoUser", + "ntDomain": "vm2", + "logonId": "0x61450d87", + "sid": "S-1-5-21-2144575486-8928446540-5163864319-500", + "type": "account" + }, + { + "directory": "c:\\windows\\system32", + "name": "cmd.exe", + "type": "file" + }, + { + "processId": "0x3c44", + "type": "process" + }, + { + "directory": "c:\\users\\contosoUser", + "name": "scrsave.scr", + "type": "file" + }, + { + "processId": "0x4aec", + "commandLine": "c:\\users\\contosoUser\\scrsave.scr", + "creationTimeUtc": "2018-05-07T13:51:45.0045913Z", + "type": "process" + } + ], + "isIncident": true, + "correlationKey": "4hno6LF0xzCl5tqrk4nrBW+MY1BX816W6q6+0srk4", + "compromisedEntity": "vm2" + }, + "extendedProperties": { + "domain name": "vm2", + "user name": "vm2\\contosoUser", + "process name": "c:\\users\\contosoUser\\scrsave.scr", + "command line": "c:\\users\\contosoUser\\scrsave.scr", + "parent process": "cmd.exe", + "process id": "0x4aec", + "account logon id": "0x61450d87", + "user SID": "S-1-5-21-2144575486-8928446540-5163864319-500", + "parent process id": "0x3c44", + "resourceType": "Virtual Machine" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json new file mode 100644 index 000000000000..7ce558471702 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json @@ -0,0 +1,173 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "ascLocation": "westeurope" + }, + "responses": { + "200": { + "body": { + "value": [{ + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", + "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "type": "Microsoft.Security/Locations/alerts", + "properties": { + "alertType": "VM_EICAR", + "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "productComponentName": "", + "alertDisplayName": "Azure Security Center test alert (not a threat)", + "description": "This is a test alert generated by Azure Security Center. No further action is needed.", + "severity": "High", + "intent": "Execution", + "startTimeUtc": "2020-02-22T00:00:00.0000000Z", + "endTimeUtc": "2020-02-22T00:00:00.0000000Z", + "resourceIdentifiers": [{ + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + }], + "remediationSteps": [ + "No further action is needed." + ], + "vendorName": "Microsoft", + "status": "New", + "extendedLinks": [{ + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + }], + "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", + "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "productName": "Azure Security Center", + "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "entities": [{ + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + }], + "isIncident": true, + "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", + "extendedProperties": { + "Property1": "Property1 information" + }, + "compromisedEntity": "vm1" + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg2/providers/Microsoft.Security/locations/westeurope/alerts/2518765996949954086_2325cf9e-42a2-4f72-ae7f-9b863cba2d22", + "name": "2518765996949954086_2325cf9e-42a2-4f72-ae7f-9b863cba2d22", + "type": "Microsoft.Security/Locations/alerts", + "properties": { + "alertType": "VM_SuspiciousScreenSaver", + "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "productComponentName": "", + "alertDisplayName": "Suspicious Screensaver process executed", + "description": "The process ‘c:\\users\\contosoUser\\scrsave.scr’ was observed executing from an uncommon location. Files with the .scr extensions are screen saver files and are normally reside and execute from the Windows system directory.", + "severity": "Medium", + "intent": "Execution", + "startTimeUtc": "2019-05-07T13:51:45.0045913Z", + "endTimeUtc": "2019-05-07T13:51:45.0045913Z", + "resourceIdentifiers": [{ + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + }], + "remediationSteps": [ + "1. Run Process Explorer and try to identify unknown running processes (see https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)", + "2. Make sure the machine is completely updated and has an updated anti-malware application installed", + "3. Run a full anti-malware scan and verify that the threat was removed", + "4. Install and run Microsoft’s Malicious Software Removal Tool (see https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx)", + "5. Run Microsoft’s Autoruns utility and try to identify unknown applications that are configured to run at login (see https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)", + "6. Escalate the alert to the information security team" + ], + "vendorName": "Microsoft", + "status": "New", + "extendedLinks": [{ + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + }], + "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", + "timeGenerated": "2019-05-07T13:51:48.3810457Z", + "productName": "Azure Security Center", + "processingEndTime": "2019-05-07T13:51:48.9810457Z", + "entities": [{ + "dnsDomain": "", + "ntDomain": "", + "hostName": "vm2", + "netBiosName": "vm2", + "azureID": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/myRg2/providers/microsoft.compute/virtualmachines/vm2", + "omsAgentID": "45b44640-3b94-4892-a28c-4a5cae27065a", + "operatingSystem": "Unknown", + "type": "host", + "OsVersion": null + }, + { + "name": "contosoUser", + "ntDomain": "vm2", + "logonId": "0x61450d87", + "sid": "S-1-5-21-2144575486-8928446540-5163864319-500", + "type": "account" + }, + { + "directory": "c:\\windows\\system32", + "name": "cmd.exe", + "type": "file" + }, + { + "processId": "0x3c44", + "type": "process" + }, + { + "directory": "c:\\users\\contosoUser", + "name": "scrsave.scr", + "type": "file" + }, + { + "processId": "0x4aec", + "commandLine": "c:\\users\\contosoUser\\scrsave.scr", + "creationTimeUtc": "2018-05-07T13:51:45.0045913Z", + "type": "process" + } + ], + "isIncident": true, + "correlationKey": "4hno6LF0xzCl5tqrk4nrBW+MY1BX816W6q6+0srk4", + "compromisedEntity": "vm2" + }, + "extendedProperties": { + "domain name": "vm2", + "user name": "vm2\\contosoUser", + "process name": "c:\\users\\contosoUser\\scrsave.scr", + "command line": "c:\\users\\contosoUser\\scrsave.scr", + "parent process": "cmd.exe", + "process id": "0x4aec", + "account logon id": "0x61450d87", + "user SID": "S-1-5-21-2144575486-8928446540-5163864319-500", + "parent process id": "0x3c44", + "resourceType": "Virtual Machine" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertResourceGroupLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertResourceGroupLocation_example.json new file mode 100644 index 000000000000..b7be3ef5f435 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertResourceGroupLocation_example.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myRg2", + "ascLocation": "westeurope", + "alertName": "2518765996949954086_2325cf9e-42a2-4f72-ae7f-9b863cba2d22", + "alertUpdateActionType": "Dismiss" + }, + "responses": { + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertResourceGroupLocation_resolve_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertResourceGroupLocation_resolve_example.json new file mode 100644 index 000000000000..bdcbe43029d3 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertResourceGroupLocation_resolve_example.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myRg2", + "ascLocation": "westeurope", + "alertName": "2518765996949954086_2325cf9e-42a2-4f72-ae7f-9b863cba2d22", + "alertUpdateActionType": "Resolve" + }, + "responses": { + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertSubscriptionLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertSubscriptionLocation_example.json new file mode 100644 index 000000000000..52b671bde85c --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertSubscriptionLocation_example.json @@ -0,0 +1,12 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "ascLocation": "westeurope", + "alertName": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "alertUpdateActionType": "Dismiss" + }, + "responses": { + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertSubscriptionLocation_resolve_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertSubscriptionLocation_resolve_example.json new file mode 100644 index 000000000000..4fe76e01925d --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/UpdateAlertSubscriptionLocation_resolve_example.json @@ -0,0 +1,12 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "ascLocation": "westeurope", + "alertName": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "alertUpdateActionType": "Resolve" + }, + "responses": { + "204": {} + } +} From 278b583ab66cef49d0d45ac271daf1ba3de61996 Mon Sep 17 00:00:00 2001 From: Nitsan Bracha Date: Mon, 23 Mar 2020 11:02:37 +0200 Subject: [PATCH 02/12] Fixing: https://github.com/Azure/oav/blob/master/documentation/oav-errors-reference.md#OBJECT_ADDITIONAL_PROPERTIES on "ResourceIdentifier" and "extendedProperties" definition --- .../Microsoft.Security/stable/2020-01-01/alerts.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json index 4d743b708963..689c096144f6 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json @@ -558,6 +558,7 @@ "definitions": { "Alert": { "type": "object", + "additionalProperties": true, "description": "Security alert", "properties": { "properties": { @@ -932,6 +933,7 @@ }, "ResourceIdentifier": { "type": "object", + "additionalProperties": true, "description": "A resource identifier for an alert which can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.).", "discriminator": "type", "required": [ From 1f1c4b7f2d822ed74dcf5d6211b730b5274496b4 Mon Sep 17 00:00:00 2001 From: Nitsan Bracha Date: Wed, 1 Apr 2020 12:18:00 +0300 Subject: [PATCH 03/12] Ran prettier-fix --- .../stable/2020-01-01/alerts.json | 81 +++++++----- ...GetAlertResourceGroupLocation_example.json | 63 +++++---- .../GetAlertSubscriptionLocation_example.json | 63 +++++---- ...etAlertsResourceGroupLocation_example.json | 123 ++++++++++-------- .../GetAlertsResourceGroup_example.json | 123 ++++++++++-------- .../Alerts/GetAlertsSubscription_example.json | 106 ++++++++------- ...etAlertsSubscriptionsLocation_example.json | 106 ++++++++------- 7 files changed, 374 insertions(+), 291 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json index 689c096144f6..13a9c75b2ce1 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json @@ -15,11 +15,13 @@ "produces": [ "application/json" ], - "security": [{ - "azure_auth": [ - "user_impersonation" - ] - }], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], "securityDefinitions": { "azure_auth": { "type": "oauth2", @@ -44,7 +46,8 @@ ], "description": "List all the alerts that are associated with the subscription", "operationId": "Alerts_List", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -91,7 +94,8 @@ ], "description": "List all the alerts that are associated with the resource group", "operationId": "Alerts_ListByResourceGroup", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -141,7 +145,8 @@ ], "description": "List all the alerts that are associated with the subscription that are stored in a specific location", "operationId": "Alerts_ListSubscriptionLevelByRegion", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -191,7 +196,8 @@ ], "description": "List all the alerts that are associated with the resource group that are stored in a specific location", "operationId": "Alerts_ListResourceGroupLevelByRegion", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -244,7 +250,8 @@ ], "description": "Get an alert that is associated with a subscription", "operationId": "Alerts_GetSubscriptionLevel", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -285,7 +292,8 @@ ], "description": "Get an alert that is associated a resource group or a resource in a resource group", "operationId": "Alerts_GetResourceGroupLevel", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -329,7 +337,8 @@ ], "description": "Update the alert's state", "operationId": "Alerts_UpdateSubscriptionLevelStateToDismiss", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -367,7 +376,8 @@ ], "description": "Update the alert's state", "operationId": "Alerts_UpdateSubscriptionLevelStateToResolve", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -405,7 +415,8 @@ ], "description": "Update the alert's state", "operationId": "Alerts_UpdateSubscriptionLevelStateToReactivate", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -443,7 +454,8 @@ ], "description": "Update the alert's state", "operationId": "Alerts_UpdateResourceGroupLevelStateToResolve", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -484,7 +496,8 @@ ], "description": "Update the alert's state", "operationId": "Alerts_UpdateResourceGroupLevelStateToDismiss", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -525,7 +538,8 @@ ], "description": "Update the alert's state", "operationId": "Alerts_UpdateResourceGroupLevelStateToReactivate", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -567,9 +581,11 @@ "$ref": "#/definitions/AlertProperties" } }, - "allOf": [{ - "$ref": "../../../common/v1/types.json#/definitions/Resource" - }] + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] }, "AlertEntity": { "type": "object", @@ -652,7 +668,8 @@ "x-ms-enum": { "name": "severity", "modelAsString": true, - "values": [{ + "values": [ + { "value": "Informational", "description": "Informational" }, @@ -696,7 +713,8 @@ "x-ms-enum": { "name": "intent", "modelAsString": true, - "values": [{ + "values": [ + { "value": "Unknown", "description": "Unknown" }, @@ -889,9 +907,11 @@ "type": "object", "description": "Azure resource identifier.", "x-ms-discriminator-value": "AzureResource", - "allOf": [{ - "$ref": "#/definitions/ResourceIdentifier" - }], + "allOf": [ + { + "$ref": "#/definitions/ResourceIdentifier" + } + ], "properties": { "azureResourceId": { "readOnly": true, @@ -904,9 +924,11 @@ "type": "object", "description": "Represents a Log Analytics workspace scope identifier.", "x-ms-discriminator-value": "LogAnalytics", - "allOf": [{ - "$ref": "#/definitions/ResourceIdentifier" - }], + "allOf": [ + { + "$ref": "#/definitions/ResourceIdentifier" + } + ], "properties": { "workspaceId": { "readOnly": true, @@ -950,7 +972,8 @@ "x-ms-enum": { "name": "ResourceIdentifierType", "modelAsString": true, - "values": [{ + "values": [ + { "value": "AzureResource" }, { diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json index 88d222bf9a5e..0cf539166270 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json @@ -22,43 +22,50 @@ "intent": "Execution", "startTimeUtc": "2020-02-22T00:00:00.0000000Z", "endTimeUtc": "2020-02-22T00:00:00.0000000Z", - "resourceIdentifiers": [{ - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" - }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" - }], + "resourceIdentifiers": [ + { + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, + { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + } + ], "remediationSteps": [ "No further action is needed." ], "vendorName": "Microsoft", "status": "New", - "extendedLinks": [{ - "Category": "threat_reports", - "Label": "Report: RDP Brute Forcing", - "Href": "https://contoso.com/reports/DisplayReport", - "Type": "webLink" - }], + "extendedLinks": [ + { + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + } + ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", "timeGenerated": "2020-02-23T13:47:58.0000000Z", "productName": "Azure Security Center", "processingEndTime": "2020-02-23T13:47:58.9205584Z", - "entities": [{ - "address": "192.0.2.1", - "location": { - "countryCode": "gb", - "state": "wokingham", - "city": "sonning", - "longitude": -0.909, - "latitude": 51.468, - "asn": 6584 - }, - "type": "ip" - }], + "entities": [ + { + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + } + ], "isIncident": true, "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", "extendedProperties": { diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json index 816828044cc9..83867585f8ac 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json @@ -21,43 +21,50 @@ "intent": "Execution", "startTimeUtc": "2020-02-22T00:00:00.0000000Z", "endTimeUtc": "2020-02-22T00:00:00.0000000Z", - "resourceIdentifiers": [{ - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" - }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" - }], + "resourceIdentifiers": [ + { + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, + { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + } + ], "remediationSteps": [ "No further action is needed." ], "vendorName": "Microsoft", "status": "New", - "extendedLinks": [{ - "Category": "threat_reports", - "Label": "Report: RDP Brute Forcing", - "Href": "https://contoso.com/reports/DisplayReport", - "Type": "webLink" - }], + "extendedLinks": [ + { + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + } + ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", "timeGenerated": "2020-02-23T13:47:58.0000000Z", "productName": "Azure Security Center", "processingEndTime": "2020-02-23T13:47:58.9205584Z", - "entities": [{ - "address": "192.0.2.1", - "location": { - "countryCode": "gb", - "state": "wokingham", - "city": "sonning", - "longitude": -0.909, - "latitude": 51.468, - "asn": 6584 - }, - "type": "ip" - }], + "entities": [ + { + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + } + ], "isIncident": true, "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", "extendedProperties": { diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json index c34bf78a4b2d..ab72ad5eaaee 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json @@ -8,65 +8,74 @@ "responses": { "200": { "body": { - "value": [{ - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", - "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", - "type": "Microsoft.Security/Locations/alerts", - "properties": { - "alertType": "VM_EICAR", - "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", - "productComponentName": "", - "alertDisplayName": "Azure Security Center test alert (not a threat)", - "description": "This is a test alert generated by Azure Security Center. No further action is needed.", - "severity": "High", - "intent": "Execution", - "startTimeUtc": "2020-02-22T00:00:00.0000000Z", - "endTimeUtc": "2020-02-22T00:00:00.0000000Z", - "resourceIdentifiers": [{ - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" - }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" - }], - "remediationSteps": [ - "No further action is needed." - ], - "vendorName": "Microsoft", - "status": "New", - "extendedLinks": [{ - "Category": "threat_reports", - "Label": "Report: RDP Brute Forcing", - "Href": "https://contoso.com/reports/DisplayReport", - "Type": "webLink" - }], - "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", - "timeGenerated": "2020-02-23T13:47:58.0000000Z", - "productName": "Azure Security Center", - "processingEndTime": "2020-02-23T13:47:58.9205584Z", - "entities": [{ - "address": "192.0.2.1", - "location": { - "countryCode": "gb", - "state": "wokingham", - "city": "sonning", - "longitude": -0.909, - "latitude": 51.468, - "asn": 6584 + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", + "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "type": "Microsoft.Security/Locations/alerts", + "properties": { + "alertType": "VM_EICAR", + "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "productComponentName": "", + "alertDisplayName": "Azure Security Center test alert (not a threat)", + "description": "This is a test alert generated by Azure Security Center. No further action is needed.", + "severity": "High", + "intent": "Execution", + "startTimeUtc": "2020-02-22T00:00:00.0000000Z", + "endTimeUtc": "2020-02-22T00:00:00.0000000Z", + "resourceIdentifiers": [ + { + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, + { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + } + ], + "remediationSteps": [ + "No further action is needed." + ], + "vendorName": "Microsoft", + "status": "New", + "extendedLinks": [ + { + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + } + ], + "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", + "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "productName": "Azure Security Center", + "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "entities": [ + { + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + } + ], + "isIncident": true, + "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", + "extendedProperties": { + "Property1": "Property1 information" }, - "type": "ip" - }], - "isIncident": true, - "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", - "extendedProperties": { - "Property1": "Property1 information" - }, - "compromisedEntity": "vm1" + "compromisedEntity": "vm1" + } } - }] + ] } } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json index 61c9e4f4f911..33d740db19b9 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json @@ -7,65 +7,74 @@ "responses": { "200": { "body": { - "value": [{ - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", - "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", - "type": "Microsoft.Security/Locations/alerts", - "properties": { - "alertType": "VM_EICAR", - "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", - "productComponentName": "", - "alertDisplayName": "Azure Security Center test alert (not a threat)", - "description": "This is a test alert generated by Azure Security Center. No further action is needed.", - "severity": "High", - "intent": "Execution", - "startTimeUtc": "2020-02-22T00:00:00.0000000Z", - "endTimeUtc": "2020-02-22T00:00:00.0000000Z", - "resourceIdentifiers": [{ - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" - }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" - }], - "remediationSteps": [ - "No further action is needed." - ], - "vendorName": "Microsoft", - "status": "New", - "extendedLinks": [{ - "Category": "threat_reports", - "Label": "Report: RDP Brute Forcing", - "Href": "https://contoso.com/reports/DisplayReport", - "Type": "webLink" - }], - "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", - "timeGenerated": "2020-02-23T13:47:58.0000000Z", - "productName": "Azure Security Center", - "processingEndTime": "2020-02-23T13:47:58.9205584Z", - "entities": [{ - "address": "192.0.2.1", - "location": { - "countryCode": "gb", - "state": "wokingham", - "city": "sonning", - "longitude": -0.909, - "latitude": 51.468, - "asn": 6584 + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", + "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "type": "Microsoft.Security/Locations/alerts", + "properties": { + "alertType": "VM_EICAR", + "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", + "productComponentName": "", + "alertDisplayName": "Azure Security Center test alert (not a threat)", + "description": "This is a test alert generated by Azure Security Center. No further action is needed.", + "severity": "High", + "intent": "Execution", + "startTimeUtc": "2020-02-22T00:00:00.0000000Z", + "endTimeUtc": "2020-02-22T00:00:00.0000000Z", + "resourceIdentifiers": [ + { + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, + { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + } + ], + "remediationSteps": [ + "No further action is needed." + ], + "vendorName": "Microsoft", + "status": "New", + "extendedLinks": [ + { + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + } + ], + "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", + "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "productName": "Azure Security Center", + "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "entities": [ + { + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + } + ], + "isIncident": true, + "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", + "extendedProperties": { + "Property1": "Property1 information" }, - "type": "ip" - }], - "isIncident": true, - "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", - "extendedProperties": { - "Property1": "Property1 information" - }, - "compromisedEntity": "vm1" + "compromisedEntity": "vm1" + } } - }] + ] } } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json index dd4acaea586b..da49b57bd0b4 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json @@ -6,7 +6,8 @@ "responses": { "200": { "body": { - "value": [{ + "value": [ + { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", "type": "Microsoft.Security/Locations/alerts", @@ -20,43 +21,50 @@ "intent": "Execution", "startTimeUtc": "2020-02-22T00:00:00.0000000Z", "endTimeUtc": "2020-02-22T00:00:00.0000000Z", - "resourceIdentifiers": [{ - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" - }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" - }], + "resourceIdentifiers": [ + { + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, + { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + } + ], "remediationSteps": [ "No further action is needed." ], "vendorName": "Microsoft", "status": "New", - "extendedLinks": [{ - "Category": "threat_reports", - "Label": "Report: RDP Brute Forcing", - "Href": "https://contoso.com/reports/DisplayReport", - "Type": "webLink" - }], + "extendedLinks": [ + { + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + } + ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", "timeGenerated": "2020-02-23T13:47:58.0000000Z", "productName": "Azure Security Center", "processingEndTime": "2020-02-23T13:47:58.9205584Z", - "entities": [{ - "address": "192.0.2.1", - "location": { - "countryCode": "gb", - "state": "wokingham", - "city": "sonning", - "longitude": -0.909, - "latitude": 51.468, - "asn": 6584 - }, - "type": "ip" - }], + "entities": [ + { + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + } + ], "isIncident": true, "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", "extendedProperties": { @@ -79,16 +87,19 @@ "intent": "Execution", "startTimeUtc": "2019-05-07T13:51:45.0045913Z", "endTimeUtc": "2019-05-07T13:51:45.0045913Z", - "resourceIdentifiers": [{ - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" - }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" - }], + "resourceIdentifiers": [ + { + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, + { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + } + ], "remediationSteps": [ "1. Run Process Explorer and try to identify unknown running processes (see https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)", "2. Make sure the machine is completely updated and has an updated anti-malware application installed", @@ -99,17 +110,20 @@ ], "vendorName": "Microsoft", "status": "New", - "extendedLinks": [{ - "Category": "threat_reports", - "Label": "Report: RDP Brute Forcing", - "Href": "https://contoso.com/reports/DisplayReport", - "Type": "webLink" - }], + "extendedLinks": [ + { + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + } + ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", "timeGenerated": "2019-05-07T13:51:48.3810457Z", "productName": "Azure Security Center", "processingEndTime": "2019-05-07T13:51:48.9810457Z", - "entities": [{ + "entities": [ + { "dnsDomain": "", "ntDomain": "", "hostName": "vm2", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json index 7ce558471702..2edf53d980e1 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json @@ -7,7 +7,8 @@ "responses": { "200": { "body": { - "value": [{ + "value": [ + { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a", "type": "Microsoft.Security/Locations/alerts", @@ -21,43 +22,50 @@ "intent": "Execution", "startTimeUtc": "2020-02-22T00:00:00.0000000Z", "endTimeUtc": "2020-02-22T00:00:00.0000000Z", - "resourceIdentifiers": [{ - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" - }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" - }], + "resourceIdentifiers": [ + { + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, + { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + } + ], "remediationSteps": [ "No further action is needed." ], "vendorName": "Microsoft", "status": "New", - "extendedLinks": [{ - "Category": "threat_reports", - "Label": "Report: RDP Brute Forcing", - "Href": "https://contoso.com/reports/DisplayReport", - "Type": "webLink" - }], + "extendedLinks": [ + { + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + } + ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", "timeGenerated": "2020-02-23T13:47:58.0000000Z", "productName": "Azure Security Center", "processingEndTime": "2020-02-23T13:47:58.9205584Z", - "entities": [{ - "address": "192.0.2.1", - "location": { - "countryCode": "gb", - "state": "wokingham", - "city": "sonning", - "longitude": -0.909, - "latitude": 51.468, - "asn": 6584 - }, - "type": "ip" - }], + "entities": [ + { + "address": "192.0.2.1", + "location": { + "countryCode": "gb", + "state": "wokingham", + "city": "sonning", + "longitude": -0.909, + "latitude": 51.468, + "asn": 6584 + }, + "type": "ip" + } + ], "isIncident": true, "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=", "extendedProperties": { @@ -80,16 +88,19 @@ "intent": "Execution", "startTimeUtc": "2019-05-07T13:51:45.0045913Z", "endTimeUtc": "2019-05-07T13:51:45.0045913Z", - "resourceIdentifiers": [{ - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" - }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" - }], + "resourceIdentifiers": [ + { + "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "Type": "AzureResource" + }, + { + "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "WorkspaceResourceGroup": "myRg1", + "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "Type": "LogAnalytics" + } + ], "remediationSteps": [ "1. Run Process Explorer and try to identify unknown running processes (see https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)", "2. Make sure the machine is completely updated and has an updated anti-malware application installed", @@ -100,17 +111,20 @@ ], "vendorName": "Microsoft", "status": "New", - "extendedLinks": [{ - "Category": "threat_reports", - "Label": "Report: RDP Brute Forcing", - "Href": "https://contoso.com/reports/DisplayReport", - "Type": "webLink" - }], + "extendedLinks": [ + { + "Category": "threat_reports", + "Label": "Report: RDP Brute Forcing", + "Href": "https://contoso.com/reports/DisplayReport", + "Type": "webLink" + } + ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", "timeGenerated": "2019-05-07T13:51:48.3810457Z", "productName": "Azure Security Center", "processingEndTime": "2019-05-07T13:51:48.9810457Z", - "entities": [{ + "entities": [ + { "dnsDomain": "", "ntDomain": "", "hostName": "vm2", From 4800910f61496cc20e6b7e59940ec5164bbf799b Mon Sep 17 00:00:00 2001 From: Nitsan Bracha Date: Wed, 1 Apr 2020 15:47:18 +0300 Subject: [PATCH 04/12] Changing "severity" enum name so it won't conflict with assessmentMetadata enum --- .../Microsoft.Security/stable/2020-01-01/alerts.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json index 13a9c75b2ce1..b23ec5e788b1 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json @@ -666,7 +666,7 @@ "High" ], "x-ms-enum": { - "name": "severity", + "name": "alertSeverity", "modelAsString": true, "values": [ { From 723d4ecd6b4f8e1e448fd8d24251cbfb06ba9e1d Mon Sep 17 00:00:00 2001 From: Nitsan Bracha Date: Thu, 2 Apr 2020 10:17:23 +0300 Subject: [PATCH 05/12] Changing "status" enum name to "alertStatus" so it won't conflict with other enums --- .../Microsoft.Security/stable/2020-01-01/alerts.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json index b23ec5e788b1..5639a8091e70 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json @@ -825,7 +825,7 @@ "Dismissed" ], "x-ms-enum": { - "name": "status", + "name": "alertStatus", "modelAsString": true, "values": [ { From d89144de2f82c98e903409c2dad4c326bb3f41c9 Mon Sep 17 00:00:00 2001 From: Nitsan Bracha Date: Sun, 5 Apr 2020 10:32:02 +0300 Subject: [PATCH 06/12] Microsoft Security 2020-01-01/alerts.json Change reactivate to activate --- .../Microsoft.Security/stable/2020-01-01/alerts.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json index 5639a8091e70..c9f6cd8b278e 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json @@ -403,7 +403,7 @@ } } }, - "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/activate": { "post": { "x-ms-examples": { "Update security alert state on a subscription from a security data location": { @@ -414,7 +414,7 @@ "Alerts" ], "description": "Update the alert's state", - "operationId": "Alerts_UpdateSubscriptionLevelStateToReactivate", + "operationId": "Alerts_UpdateSubscriptionLevelStateToActivate", "parameters": [ { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" @@ -526,7 +526,7 @@ } } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/activate": { "post": { "x-ms-examples": { "Update security alert state on a resource group from a security data location": { @@ -537,7 +537,7 @@ "Alerts" ], "description": "Update the alert's state", - "operationId": "Alerts_UpdateResourceGroupLevelStateToReactivate", + "operationId": "Alerts_UpdateResourceGroupLevelStateToActivate", "parameters": [ { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" From 6bbca5252abd7fb2999b2fef6553248452ac5064 Mon Sep 17 00:00:00 2001 From: Yifat Birnbaum Date: Thu, 21 May 2020 10:25:47 +0300 Subject: [PATCH 07/12] Update readme.md --- specification/security/resource-manager/readme.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index b324ff734759..0da83dbf73d3 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -137,7 +137,6 @@ These settings apply only when `--tag=package-composite-v3` is specified on the input-file: - Microsoft.Security/stable/2017-08-01/complianceResults.json - Microsoft.Security/stable/2018-06-01/pricings.json -- Microsoft.Security/stable/2019-01-01/alerts.json - Microsoft.Security/stable/2019-01-01/settings.json - Microsoft.Security/stable/2019-01-01/advancedThreatProtectionSettings.json - Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json @@ -162,6 +161,7 @@ input-file: - Microsoft.Security/stable/2020-01-01/adaptiveNetworkHardenings.json - Microsoft.Security/stable/2020-01-01/allowedConnections.json - Microsoft.Security/stable/2020-01-01/topologies.json +- Microsoft.Security/stable/2020-01-01/alerts.json - Microsoft.Security/stable/2020-01-01/jitNetworkAccessPolicies.json - Microsoft.Security/stable/2020-01-01/discoveredSecuritySolutions.json - Microsoft.Security/stable/2020-01-01/externalSecuritySolutions.json @@ -398,6 +398,7 @@ input-file: - $(this-folder)/Microsoft.Security/stable/2020-01-01/adaptiveNetworkHardenings.json - $(this-folder)/Microsoft.Security/stable/2020-01-01/allowedConnections.json - $(this-folder)/Microsoft.Security/stable/2020-01-01/topologies.json + - $(this-folder)/Microsoft.Security/stable/2020-01-01/alerts.json - $(this-folder)/Microsoft.Security/stable/2020-01-01/jitNetworkAccessPolicies.json - $(this-folder)/Microsoft.Security/stable/2020-01-01/discoveredSecuritySolutions.json - $(this-folder)/Microsoft.Security/stable/2020-01-01/externalSecuritySolutions.json From afbd468f1643ecac0a89985f349dc4cbec33a9c0 Mon Sep 17 00:00:00 2001 From: Yifat Birnbaum Date: Thu, 21 May 2020 14:06:38 +0300 Subject: [PATCH 08/12] remove additional properties --- .../stable/2020-01-01/alerts.json | 18 ++++--- ...GetAlertResourceGroupLocation_example.json | 14 ++--- .../GetAlertSubscriptionLocation_example.json | 14 ++--- ...etAlertsResourceGroupLocation_example.json | 14 ++--- .../GetAlertsResourceGroup_example.json | 14 ++--- .../Alerts/GetAlertsSubscription_example.json | 54 +++++++++---------- ...etAlertsSubscriptionsLocation_example.json | 54 +++++++++---------- 7 files changed, 93 insertions(+), 89 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json index c9f6cd8b278e..b96bbd6029af 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json @@ -572,7 +572,6 @@ "definitions": { "Alert": { "type": "object", - "additionalProperties": true, "description": "Security alert", "properties": { "properties": { @@ -589,7 +588,9 @@ }, "AlertEntity": { "type": "object", - "additionalProperties": true, + "additionalProperties": { + "type": "object" + }, "description": "Changing set of properties depending on the entity type.", "properties": { "type": { @@ -601,12 +602,16 @@ }, "AlertExtendedLinks": { "type": "object", - "additionalProperties": true, + "additionalProperties": { + "type": "string" + }, "description": "Links related to the alert" }, "AlertExtendedProperties": { "type": "object", - "additionalProperties": true, + "additionalProperties": { + "type": "string" + }, "description": "Custom properties for the alert." }, "AlertList": { @@ -687,7 +692,7 @@ } ] }, - "description": "The risk level of the threat that was detected. Possible Values: Informational, Low, Medium, and High. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified." + "description": "The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified." }, "intent": { "readOnly": true, @@ -842,7 +847,7 @@ } ] }, - "description": "The life cycle status of the alert. Supported statuses are: Active, Resolved, Dismissed." + "description": "The life cycle status of the alert." }, "extendedLinks": { "readOnly": true, @@ -955,7 +960,6 @@ }, "ResourceIdentifier": { "type": "object", - "additionalProperties": true, "description": "A resource identifier for an alert which can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.).", "discriminator": "type", "required": [ diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json index 0cf539166270..da25d60d5e02 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json @@ -24,15 +24,15 @@ "endTimeUtc": "2020-02-22T00:00:00.0000000Z", "resourceIdentifiers": [ { - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "type": "AzureResource" }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" + "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "workspaceResourceGroup": "myRg1", + "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "type": "LogAnalytics" } ], "remediationSteps": [ diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json index 83867585f8ac..6c3e5b7059f4 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json @@ -23,15 +23,15 @@ "endTimeUtc": "2020-02-22T00:00:00.0000000Z", "resourceIdentifiers": [ { - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "type": "AzureResource" }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" + "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "workspaceResourceGroup": "myRg1", + "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "type": "LogAnalytics" } ], "remediationSteps": [ diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json index ab72ad5eaaee..49b326349591 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json @@ -25,15 +25,15 @@ "endTimeUtc": "2020-02-22T00:00:00.0000000Z", "resourceIdentifiers": [ { - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "type": "AzureResource" }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" + "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "workspaceResourceGroup": "myRg1", + "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "type": "LogAnalytics" } ], "remediationSteps": [ diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json index 33d740db19b9..b3c753a38417 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json @@ -24,15 +24,15 @@ "endTimeUtc": "2020-02-22T00:00:00.0000000Z", "resourceIdentifiers": [ { - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "type": "AzureResource" }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" + "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "workspaceResourceGroup": "myRg1", + "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "type": "LogAnalytics" } ], "remediationSteps": [ diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json index da49b57bd0b4..4f1e0555aed1 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json @@ -23,15 +23,15 @@ "endTimeUtc": "2020-02-22T00:00:00.0000000Z", "resourceIdentifiers": [ { - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "type": "AzureResource" }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" + "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "workspaceResourceGroup": "myRg1", + "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "type": "LogAnalytics" } ], "remediationSteps": [ @@ -89,15 +89,15 @@ "endTimeUtc": "2019-05-07T13:51:45.0045913Z", "resourceIdentifiers": [ { - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "type": "AzureResource" }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" + "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "workspaceResourceGroup": "myRg1", + "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "type": "LogAnalytics" } ], "remediationSteps": [ @@ -164,19 +164,19 @@ ], "isIncident": true, "correlationKey": "4hno6LF0xzCl5tqrk4nrBW+MY1BX816W6q6+0srk4", - "compromisedEntity": "vm2" - }, - "extendedProperties": { - "domain name": "vm2", - "user name": "vm2\\contosoUser", - "process name": "c:\\users\\contosoUser\\scrsave.scr", - "command line": "c:\\users\\contosoUser\\scrsave.scr", - "parent process": "cmd.exe", - "process id": "0x4aec", - "account logon id": "0x61450d87", - "user SID": "S-1-5-21-2144575486-8928446540-5163864319-500", - "parent process id": "0x3c44", - "resourceType": "Virtual Machine" + "compromisedEntity": "vm2", + "extendedProperties": { + "domain name": "vm2", + "user name": "vm2\\contosoUser", + "process name": "c:\\users\\contosoUser\\scrsave.scr", + "command line": "c:\\users\\contosoUser\\scrsave.scr", + "parent process": "cmd.exe", + "process id": "0x4aec", + "account logon id": "0x61450d87", + "user SID": "S-1-5-21-2144575486-8928446540-5163864319-500", + "parent process id": "0x3c44", + "resourceType": "Virtual Machine" + } } } ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json index 2edf53d980e1..8a76f2a794e8 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json @@ -24,15 +24,15 @@ "endTimeUtc": "2020-02-22T00:00:00.0000000Z", "resourceIdentifiers": [ { - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "type": "AzureResource" }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" + "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "workspaceResourceGroup": "myRg1", + "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "type": "LogAnalytics" } ], "remediationSteps": [ @@ -90,15 +90,15 @@ "endTimeUtc": "2019-05-07T13:51:45.0045913Z", "resourceIdentifiers": [ { - "AzureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", - "Type": "AzureResource" + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", + "type": "AzureResource" }, { - "WorkspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", - "WorkspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "WorkspaceResourceGroup": "myRg1", - "AgentId": "75724a01-f021-4aa8-9ec2-329792373e6e", - "Type": "LogAnalytics" + "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019", + "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "workspaceResourceGroup": "myRg1", + "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e", + "type": "LogAnalytics" } ], "remediationSteps": [ @@ -165,19 +165,19 @@ ], "isIncident": true, "correlationKey": "4hno6LF0xzCl5tqrk4nrBW+MY1BX816W6q6+0srk4", - "compromisedEntity": "vm2" - }, - "extendedProperties": { - "domain name": "vm2", - "user name": "vm2\\contosoUser", - "process name": "c:\\users\\contosoUser\\scrsave.scr", - "command line": "c:\\users\\contosoUser\\scrsave.scr", - "parent process": "cmd.exe", - "process id": "0x4aec", - "account logon id": "0x61450d87", - "user SID": "S-1-5-21-2144575486-8928446540-5163864319-500", - "parent process id": "0x3c44", - "resourceType": "Virtual Machine" + "compromisedEntity": "vm2", + "extendedProperties": { + "domainName": "vm2", + "userName": "vm2\\contosoUser", + "processName": "c:\\users\\contosoUser\\scrsave.scr", + "command line": "c:\\users\\contosoUser\\scrsave.scr", + "parent process": "cmd.exe", + "process id": "0x4aec", + "account logon id": "0x61450d87", + "user SID": "S-1-5-21-2144575486-8928446540-5163864319-500", + "parent process id": "0x3c44", + "resourceType": "Virtual Machine" + } } } ] From 97e020b87492d53fa015f9ba18275decd83920c6 Mon Sep 17 00:00:00 2001 From: Yifat Birnbaum Date: Thu, 21 May 2020 14:29:22 +0300 Subject: [PATCH 09/12] update readme --- specification/security/resource-manager/readme.md | 1 - 1 file changed, 1 deletion(-) diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index 0da83dbf73d3..d6898fed3886 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -384,7 +384,6 @@ input-file: - $(this-folder)/Microsoft.Security/stable/2018-06-01/pricings.json - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutionAnalytics.json - - $(this-folder)/Microsoft.Security/stable/2019-01-01/alerts.json - $(this-folder)/Microsoft.Security/stable/2017-08-01/complianceResults.json - $(this-folder)/Microsoft.Security/stable/2019-01-01/settings.json - $(this-folder)/Microsoft.Security/stable/2019-01-01/advancedThreatProtectionSettings.json From 0fd3252faa0470a936b39594aaf4264320a71d53 Mon Sep 17 00:00:00 2001 From: Yifat Birnbaum Date: Tue, 9 Jun 2020 09:39:09 +0300 Subject: [PATCH 10/12] CR fixes --- .../Microsoft.Security/stable/2020-01-01/alerts.json | 4 ++-- .../Alerts/GetAlertResourceGroupLocation_example.json | 4 ++-- .../Alerts/GetAlertSubscriptionLocation_example.json | 4 ++-- .../Alerts/GetAlertsResourceGroupLocation_example.json | 4 ++-- .../examples/Alerts/GetAlertsResourceGroup_example.json | 4 ++-- .../examples/Alerts/GetAlertsSubscription_example.json | 8 ++++---- .../Alerts/GetAlertsSubscriptionsLocation_example.json | 8 ++++---- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json index b96bbd6029af..945c7a89dca4 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json @@ -862,7 +862,7 @@ "type": "string", "description": "A direct link to the alert page in Azure Portal." }, - "timeGenerated": { + "timeGeneratedUtc": { "readOnly": true, "type": "string", "format": "date-time", @@ -873,7 +873,7 @@ "type": "string", "description": "The name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on)." }, - "processingEndTime": { + "processingEndTimeUtc": { "readOnly": true, "type": "string", "format": "date-time", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json index da25d60d5e02..49446f9f4617 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json @@ -49,9 +49,9 @@ } ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", - "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z", "productName": "Azure Security Center", - "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z", "entities": [ { "address": "192.0.2.1", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json index 6c3e5b7059f4..50fb76fb502e 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json @@ -48,9 +48,9 @@ } ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", - "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z", "productName": "Azure Security Center", - "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z", "entities": [ { "address": "192.0.2.1", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json index 49b326349591..cf33060d8dbd 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json @@ -50,9 +50,9 @@ } ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", - "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z", "productName": "Azure Security Center", - "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z", "entities": [ { "address": "192.0.2.1", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json index b3c753a38417..8cada3557ed0 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsResourceGroup_example.json @@ -49,9 +49,9 @@ } ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", - "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z", "productName": "Azure Security Center", - "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z", "entities": [ { "address": "192.0.2.1", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json index 4f1e0555aed1..3d2769779efc 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscription_example.json @@ -48,9 +48,9 @@ } ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", - "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z", "productName": "Azure Security Center", - "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z", "entities": [ { "address": "192.0.2.1", @@ -119,9 +119,9 @@ } ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", - "timeGenerated": "2019-05-07T13:51:48.3810457Z", + "timeGeneratedUtc": "2019-05-07T13:51:48.3810457Z", "productName": "Azure Security Center", - "processingEndTime": "2019-05-07T13:51:48.9810457Z", + "processingEndTimeUtc": "2019-05-07T13:51:48.9810457Z", "entities": [ { "dnsDomain": "", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json index 8a76f2a794e8..de7348db0c15 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/Alerts/GetAlertsSubscriptionsLocation_example.json @@ -49,9 +49,9 @@ } ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", - "timeGenerated": "2020-02-23T13:47:58.0000000Z", + "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z", "productName": "Azure Security Center", - "processingEndTime": "2020-02-23T13:47:58.9205584Z", + "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z", "entities": [ { "address": "192.0.2.1", @@ -120,9 +120,9 @@ } ], "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope", - "timeGenerated": "2019-05-07T13:51:48.3810457Z", + "timeGeneratedUtc": "2019-05-07T13:51:48.3810457Z", "productName": "Azure Security Center", - "processingEndTime": "2019-05-07T13:51:48.9810457Z", + "processingEndTimeUtc": "2019-05-07T13:51:48.9810457Z", "entities": [ { "dnsDomain": "", From ce0fc92b6670e0496a0117594612c235ca1c92f6 Mon Sep 17 00:00:00 2001 From: Yifat Birnbaum Date: Mon, 15 Jun 2020 16:47:17 +0300 Subject: [PATCH 11/12] Change description of ResourceIdentifiers property --- .../Microsoft.Security/stable/2020-01-01/alerts.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json index 945c7a89dca4..4eed76f2a38e 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json @@ -802,7 +802,7 @@ "resourceIdentifiers": { "readOnly": true, "type": "array", - "description": "The resource identifiers for this alert which can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.", + "description": "The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.", "items": { "$ref": "#/definitions/ResourceIdentifier" } From eae295a179f2ccce071f27e5efb280ffb76cf08d Mon Sep 17 00:00:00 2001 From: Yifat Birnbaum Date: Wed, 1 Jul 2020 16:54:39 +0300 Subject: [PATCH 12/12] remove OData support --- .../stable/2020-01-01/alerts.json | 60 ------------------- 1 file changed, 60 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json index 4eed76f2a38e..1761bd6f335a 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/alerts.json @@ -52,15 +52,6 @@ }, { "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ODataFilter" - }, - { - "$ref": "#/parameters/ODataSelect" - }, - { - "$ref": "#/parameters/ODataExpand" } ], "responses": { @@ -103,15 +94,6 @@ }, { "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/ODataFilter" - }, - { - "$ref": "#/parameters/ODataSelect" - }, - { - "$ref": "#/parameters/ODataExpand" } ], "responses": { @@ -154,15 +136,6 @@ }, { "$ref": "../../../common/v1/types.json#/parameters/AscLocation" - }, - { - "$ref": "#/parameters/ODataFilter" - }, - { - "$ref": "#/parameters/ODataSelect" - }, - { - "$ref": "#/parameters/ODataExpand" } ], "responses": { @@ -208,15 +181,6 @@ }, { "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/ODataFilter" - }, - { - "$ref": "#/parameters/ODataSelect" - }, - { - "$ref": "#/parameters/ODataExpand" } ], "responses": { @@ -990,30 +954,6 @@ } }, "parameters": { - "ODataFilter": { - "name": "$filter", - "in": "query", - "required": false, - "type": "string", - "description": "OData filter. Optional.", - "x-ms-parameter-location": "method" - }, - "ODataSelect": { - "name": "$select", - "in": "query", - "required": false, - "type": "string", - "description": "OData select. Optional.", - "x-ms-parameter-location": "method" - }, - "ODataExpand": { - "name": "$expand", - "in": "query", - "required": false, - "type": "string", - "description": "OData expand. Optional.", - "x-ms-parameter-location": "method" - }, "AlertName": { "name": "alertName", "in": "path",