diff --git a/schemas/2021-03-01-preview/Microsoft.SecurityInsights.json b/schemas/2021-03-01-preview/Microsoft.SecurityInsights.json index fad32dcacd..72dd0bc44e 100644 --- a/schemas/2021-03-01-preview/Microsoft.SecurityInsights.json +++ b/schemas/2021-03-01-preview/Microsoft.SecurityInsights.json @@ -1497,7 +1497,7 @@ { "type": "array", "items": { - "type": "object" + "$ref": "#/definitions/MetadataDependencies" } }, { diff --git a/schemas/2021-04-01/Microsoft.SecurityInsights.json b/schemas/2021-04-01/Microsoft.SecurityInsights.json new file mode 100644 index 0000000000..ce56290105 --- /dev/null +++ b/schemas/2021-04-01/Microsoft.SecurityInsights.json @@ -0,0 +1,433 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-04-01/Microsoft.SecurityInsights.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.SecurityInsights", + "description": "Microsoft SecurityInsights Resource Types", + "resourceDefinitions": {}, + "extension_resourceDefinitions": { + "incidents": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-04-01" + ] + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + }, + "name": { + "type": "string", + "description": "Incident ID" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/IncidentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes incident properties" + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/incidents_comments_childResource" + }, + { + "$ref": "#/definitions/incidents_relations_childResource" + } + ] + } + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.SecurityInsights/incidents" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.SecurityInsights/incidents" + }, + "incidents_comments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-04-01" + ] + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + }, + "name": { + "type": "string", + "description": "Incident comment ID" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/IncidentCommentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Incident comment property bag." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.SecurityInsights/incidents/comments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.SecurityInsights/incidents/comments" + }, + "incidents_relations": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-04-01" + ] + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + }, + "name": { + "type": "string", + "description": "Relation Name" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RelationProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Relation property bag." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.SecurityInsights/incidents/relations" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.SecurityInsights/incidents/relations" + } + }, + "definitions": { + "IncidentCommentProperties": { + "type": "object", + "properties": { + "message": { + "type": "string", + "description": "The comment message" + } + }, + "required": [ + "message" + ], + "description": "Incident comment property bag." + }, + "IncidentLabel": { + "type": "object", + "properties": { + "labelName": { + "type": "string", + "description": "The name of the label" + } + }, + "required": [ + "labelName" + ], + "description": "Represents an incident label" + }, + "IncidentOwnerInfo": { + "type": "object", + "properties": { + "assignedTo": { + "type": "string", + "description": "The name of the user the incident is assigned to." + }, + "email": { + "type": "string", + "description": "The email of the user the incident is assigned to." + }, + "objectId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The object id of the user the incident is assigned to." + }, + "userPrincipalName": { + "type": "string", + "description": "The user principal name of the user the incident is assigned to." + } + }, + "description": "Information on the user an incident is assigned to" + }, + "IncidentProperties": { + "type": "object", + "properties": { + "classification": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The reason the incident was closed." + }, + "classificationComment": { + "type": "string", + "description": "Describes the reason the incident was closed" + }, + "classificationReason": { + "oneOf": [ + { + "type": "string", + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The classification reason the incident was closed with." + }, + "description": { + "type": "string", + "description": "The description of the incident" + }, + "firstActivityTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time of the first activity in the incident" + }, + "labels": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentLabel" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of labels relevant to this incident" + }, + "lastActivityTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time of the last activity in the incident" + }, + "owner": { + "oneOf": [ + { + "$ref": "#/definitions/IncidentOwnerInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Information on the user an incident is assigned to" + }, + "severity": { + "oneOf": [ + { + "type": "string", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The severity of the incident." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "New", + "Active", + "Closed" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The status of the incident." + }, + "title": { + "type": "string", + "description": "The title of the incident" + } + }, + "required": [ + "severity", + "status", + "title" + ], + "description": "Describes incident properties" + }, + "incidents_comments_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-04-01" + ] + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + }, + "name": { + "type": "string", + "description": "Incident comment ID" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/IncidentCommentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Incident comment property bag." + }, + "type": { + "type": "string", + "enum": [ + "comments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.SecurityInsights/incidents/comments" + }, + "incidents_relations_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-04-01" + ] + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + }, + "name": { + "type": "string", + "description": "Relation Name" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RelationProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Relation property bag." + }, + "type": { + "type": "string", + "enum": [ + "relations" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.SecurityInsights/incidents/relations" + }, + "RelationProperties": { + "type": "object", + "properties": { + "relatedResourceId": { + "type": "string", + "description": "The resource ID of the related resource" + } + }, + "required": [ + "relatedResourceId" + ], + "description": "Relation property bag." + } + } +} \ No newline at end of file