From d068bc98166ba6d78cd140e3e8fc1603392b29a3 Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Mon, 1 Mar 2021 20:50:08 +0000 Subject: [PATCH] CodeGen from PR 13212 in Azure/azure-rest-api-specs Merge 1d80048953dd39c4720b31ad854bac3c6b9a7a61 into 855349eac969c25c3e1e8ef3b1c17b5bda2c73cd --- .../Microsoft.SecurityInsights.json | 358 +++++++++++++++++- .../Microsoft.SecurityInsights.json | 10 +- 2 files changed, 362 insertions(+), 6 deletions(-) diff --git a/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json b/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json index d28fef041c..0f97b60246 100644 --- a/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json +++ b/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json @@ -349,6 +349,12 @@ { "$ref": "#/definitions/AATPDataConnector" }, + { + "$ref": "#/definitions/MSTIDataConnector" + }, + { + "$ref": "#/definitions/MTPDataConnector" + }, { "$ref": "#/definitions/ASCDataConnector" }, @@ -551,6 +557,9 @@ "settings": { "type": "object", "oneOf": [ + { + "$ref": "#/definitions/IPSyncer" + }, { "$ref": "#/definitions/EyesOn" }, @@ -852,6 +861,10 @@ "description": "Logic App Callback URL for this specific workflow." } }, + "required": [ + "logicAppResourceId", + "triggerUri" + ], "description": "Action property bag." }, "alertRules_actions_childResource": { @@ -2050,6 +2063,37 @@ ], "description": "Microsoft.SecurityInsights/incidents/relations" }, + "IPSyncer": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "IPSyncer" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/IPSyncerSettingsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "IPSyncer property bag." + } + }, + "required": [ + "kind" + ], + "description": "Settings with single toggle." + }, + "IPSyncerSettingsProperties": { + "type": "object", + "properties": {}, + "description": "IPSyncer property bag." + }, "MCASDataConnector": { "type": "object", "properties": { @@ -2372,6 +2416,216 @@ ], "description": "MLBehaviorAnalytics alert rule base property bag." }, + "MSTIDataConnector": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "MicrosoftThreatIntelligence" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MSTIDataConnectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Microsoft Threat Intelligence data connector properties." + } + }, + "required": [ + "kind" + ], + "description": "Represents Microsoft Threat Intelligence data connector." + }, + "MSTIDataConnectorDataTypes": { + "type": "object", + "properties": { + "bingSafetyPhishingURL": { + "oneOf": [ + { + "$ref": "#/definitions/MSTIDataConnectorDataTypesBingSafetyPhishingURL" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Data type for Microsoft Threat Intelligence Platforms data connector." + }, + "microsoftEmergingThreatFeed": { + "oneOf": [ + { + "$ref": "#/definitions/MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Data type for Microsoft Threat Intelligence Platforms data connector." + } + }, + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector." + }, + "MSTIDataConnectorDataTypesBingSafetyPhishingURL": { + "type": "object", + "properties": { + "lookbackPeriod": { + "type": "string", + "description": "lookback period" + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describe whether this data type connection is enabled or not." + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector." + }, + "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed": { + "type": "object", + "properties": { + "lookbackPeriod": { + "type": "string", + "description": "lookback period" + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describe whether this data type connection is enabled or not." + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector." + }, + "MSTIDataConnectorProperties": { + "type": "object", + "properties": { + "dataTypes": { + "oneOf": [ + { + "$ref": "#/definitions/MSTIDataConnectorDataTypes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector." + }, + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + } + }, + "description": "Microsoft Threat Intelligence data connector properties." + }, + "MTPDataConnector": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "MicrosoftThreatProtection" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MTPDataConnectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "MTP (Microsoft Threat Protection) data connector properties." + } + }, + "required": [ + "kind" + ], + "description": "Represents MTP (Microsoft Threat Protection) data connector." + }, + "MTPDataConnectorDataTypes": { + "type": "object", + "properties": { + "incidents": { + "oneOf": [ + { + "$ref": "#/definitions/MTPDataConnectorDataTypesIncidents" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Data type for Microsoft Threat Protection Platforms data connector." + } + }, + "description": "The available data types for Microsoft Threat Protection Platforms data connector." + }, + "MTPDataConnectorDataTypesIncidents": { + "type": "object", + "properties": { + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describe whether this data type connection is enabled or not." + } + }, + "description": "Data type for Microsoft Threat Protection Platforms data connector." + }, + "MTPDataConnectorProperties": { + "type": "object", + "properties": { + "dataTypes": { + "oneOf": [ + { + "$ref": "#/definitions/MTPDataConnectorDataTypes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The available data types for Microsoft Threat Protection Platforms data connector." + }, + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + } + }, + "description": "MTP (Microsoft Threat Protection) data connector properties." + }, "OfficeATPDataConnector": { "type": "object", "properties": { @@ -2880,6 +3134,43 @@ ], "description": "Threat Intelligence alert rule base property bag." }, + "ThreatIntelligenceExternalReference": { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "External reference description" + }, + "externalId": { + "type": "string", + "description": "External reference ID" + }, + "hashes": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "External reference hashes" + }, + "sourceName": { + "type": "string", + "description": "External reference source name" + }, + "url": { + "type": "string", + "description": "External reference URL" + } + }, + "description": "Describes external reference" + }, "ThreatIntelligenceGranularMarkingModel": { "type": "object", "properties": { @@ -2937,6 +3228,17 @@ "type": "string", "description": "Created by reference of threat intelligence entity" }, + "defanged": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is threat intelligence entity defanged" + }, "description": { "type": "string", "description": "Description of a threat intelligence entity" @@ -2965,12 +3267,16 @@ "type": "string", "description": "External ID of threat intelligence entity" }, + "externalLastUpdatedTimeUtc": { + "type": "string", + "description": "External last updated time in UTC" + }, "externalReferences": { "oneOf": [ { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/ThreatIntelligenceExternalReference" } }, { @@ -3047,6 +3353,20 @@ "type": "string", "description": "Modified by" }, + "objectMarkingRefs": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Threat intelligence entity object marking references" + }, "parsedPattern": { "oneOf": [ { @@ -3069,6 +3389,10 @@ "type": "string", "description": "Pattern type of a threat intelligence entity" }, + "patternVersion": { + "type": "string", + "description": "Pattern version of a threat intelligence entity" + }, "revoked": { "oneOf": [ { @@ -3193,7 +3517,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Threat Intelligence Platforms data connector properties." + "description": "TI (Threat Intelligence) data connector properties." } }, "required": [ @@ -3256,9 +3580,14 @@ "tenantId": { "type": "string", "description": "The tenant id to connect to, and get the data from." + }, + "tipLookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the feed to be imported." } }, - "description": "Threat Intelligence Platforms data connector properties." + "description": "TI (Threat Intelligence) data connector properties." }, "TiTaxiiDataConnector": { "type": "object", @@ -3350,6 +3679,27 @@ "type": "string", "description": "The password for the TAXII server." }, + "pollingFrequency": { + "oneOf": [ + { + "type": "string", + "enum": [ + "OnceAMinute", + "OnceAnHour", + "OnceADay" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The polling frequency for the TAXII server." + }, + "taxiiLookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the TAXII server." + }, "taxiiServer": { "type": "string", "description": "The API root for the TAXII server." @@ -3707,4 +4057,4 @@ "description": "Microsoft.SecurityInsights/watchlists/watchlistItems" } } -} \ No newline at end of file +} diff --git a/schemas/2020-01-01/Microsoft.SecurityInsights.json b/schemas/2020-01-01/Microsoft.SecurityInsights.json index c992ffa8f0..c50de812ca 100644 --- a/schemas/2020-01-01/Microsoft.SecurityInsights.json +++ b/schemas/2020-01-01/Microsoft.SecurityInsights.json @@ -401,7 +401,8 @@ } }, "required": [ - "logicAppResourceId" + "logicAppResourceId", + "triggerUri" ], "description": "Action property bag." }, @@ -1665,6 +1666,11 @@ "tenantId": { "type": "string", "description": "The tenant id to connect to, and get the data from." + }, + "tipLookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the feed to be imported." } }, "description": "TI (Threat Intelligence) data connector properties." @@ -1691,4 +1697,4 @@ "description": "User information that made some action" } } -} \ No newline at end of file +}